RDP Access Is Not Restricted
Firewall rules should restrict RDP (TCP/3389) access to specific IP ranges. Open RDP access can be a security risk.
Impact
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Restrict RDP (TCP port 3389) ingress in firewall rules. Only allow trusted IP ranges or use Identity-Aware Proxy for RDP access.
1
2
3
4
5
6
7
8
9
10
|
resource "google_compute_firewall" "good_example_restricted_source" {
name = "allow-specific-ip"
network = google_compute_network.my_vpc.name
direction = "INGRESS"
source_ranges = ["1.2.3.4/32"]
allow {
protocol = "tcp"
ports = ["3380-3390"]
}
}
|
1
2
3
4
5
6
7
8
9
10
|
resource "google_compute_firewall" "good_example_different_port" {
name = "allow-vms-to-some-machine"
network = google_compute_network.my_vpc.name
direction = "INGRESS"
source_ranges = ["0.0.0.0/0"]
allow {
protocol = "tcp"
ports = ["8080-8090"]
}
}
|
1
2
3
4
5
6
7
8
9
10
11
12
|
resource "google_compute_firewall" "good_example_with_tags" {
name = "allow-tagged-vms"
network = google_compute_network.my_vpc.name
direction = "INGRESS"
source_ranges = ["0.0.0.0/0"]
source_tags = ["vms"]
target_tags = ["some-machine"]
allow {
protocol = "tcp"
ports = ["3380-3390"]
}
}
|
1
2
3
4
5
6
7
8
9
10
|
resource "google_compute_firewall" "good_example_different_protocol" {
name = "allow-udp-3389"
network = google_compute_network.my_vpc.name
direction = "INGRESS"
source_ranges = ["0.0.0.0/0"]
allow {
protocol = "udp"
ports = ["3380-3390"]
}
}
|
Links