RDP Access Is Not Restricted

• Query id: 678fd659-96f2-454a-a2a0-c2571f83a4a3
• Query name: RDP Access Is Not Restricted
• Platform: Terraform
• Severity: High
• Category: Networking and Firewall
• URL: Github

Description

Check if the Google compute firewall allows unrestricted RDP access. Allowed ports should not contain RDP port 3389
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "google_compute_firewall" "positive1" {
  name    = "test-firewall"
  network = google_compute_network.default.name
  direction = "INGRESS"

  allow {
    protocol = "icmp"
  }

  allow {
    protocol = "tcp"
    ports    = ["80", "8080", "1000-2000","3389"]
  }

  source_tags = ["web"]
  source_ranges = ["0.0.0.0/0"]
}

resource "google_compute_firewall" "positive2" {
  name    = "test-firewall"
  network = google_compute_network.default.name

  allow {
    protocol = "udp"
    ports    = ["80", "8080", "1000-2000","21-3390"]
  }

  source_tags = ["web"]
  source_ranges = ["::/0"]
}

resource "google_compute_firewall" "positive3" {
  name    = "test-firewall"
  network = google_compute_network.default.name

  allow {
    protocol = "all"
  }

  source_tags = ["web"]
  source_ranges = ["::/0"]
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "google_compute_firewall" "negative1" {
  name    = "test-firewall"
  network = google_compute_network.default.name

  allow {
    protocol = "icmp"
  }

  allow {
    protocol = "tcp"
    ports    = ["80", "8080", "1000-2000"]
  }

  source_tags = ["web"]
}