RDP Access Is Not Restricted

  • Query id: 50cb6c3b-c878-4b88-b50e-d1421bada9e8
  • Query name: RDP Access Is Not Restricted
  • Platform: GoogleDeploymentManager
  • Severity: Medium
  • Category: Networking and Firewall
  • URL: Github

Description

Check if the Google compute firewall allows unrestricted RDP access. Allowed ports should not contain RDP port 3389
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: firewall
    type: compute.v1.firewall
    properties:
      name: my-firewall
      sourceRanges:
        - "0.0.0.0/0"
      allowed:
        - IPProtocol: icmp
          ports:
            - "80"
            - "8080"
            - "1000-2000"
        - IPProtocol: tcp
          ports:
            - "80"
            - "8080"
            - "1000-2000"
            - "3389"
Positive test num. 2 - yaml file
resources:
  - name: firewall
    type: compute.v1.firewall
    properties:
      name: my-firewall
      sourceRanges:
        - "::/0"
      allowed:
        - IPProtocol: icmp
          ports:
            - "80"
            - "8080"
            - "1000-2000"
        - IPProtocol: udp
          ports:
            - "80"
            - "8080"
            - "1000-2000"
            - "21-3389"
Positive test num. 3 - yaml file
resources:
  - name: firewall
    type: compute.v1.firewall
    properties:
      name: my-firewall
      sourceRanges:
        - "::/0"
      allowed:
        - IPProtocol: all

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: firewall
    type: compute.v1.firewall
    properties:
      name: my-firewall
      allowed:
        - IPProtocol: icmp
          ports:
            - "80"
            - "8080"
            - "1000-2000"