Ensure no access control groups allow inbound from 0.0.0.0:0 to port 3389
Description
This policy checks for an insecure inbound rule in a cloud security group, specifically allowing access to port 3389, which is commonly used for Remote Desktop Protocol (RDP) connections. Allowing unrestricted access to this port can expose the system to brute-force attacks and other malicious activities. It is essential to restrict access to only trusted sources to prevent unauthorized access. By limiting access, the risk of the system being compromised is significantly reduced.
Code Example
terraform
resource "ncloud_security_group_rule" "example" {
security_group_no = ncloud_security_group.example.id
priority = 100
protocol = "TCP"
target_type = "CIDR"
target = "192.168.1.0/24"
start_port = 3389
end_port = 3389
}Remediation
Restrict inbound traffic on port 3389 to trusted sources by specifying allowed IP addresses or security groups.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1208 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | ncloud_access_control_group_rule |
| Checkov ID | CKV_NCP_5 |