Ensure no NACL allow inbound from 0.0.0.0:0 to port 3389
Description
This policy checks for Network Access Control List (NACL) inbound rules that allow traffic on port 3389, which is commonly used for Remote Desktop Protocol (RDP) connections. Allowing unrestricted access to this port can expose the system to brute-force attacks and other security risks. It is essential to restrict access to only trusted sources to prevent unauthorized access. By checking for open inbound rules on this port, this policy helps prevent potential security breaches.
Code Example
terraform
resource "aws_network_acl" "example" {
ingress {
protocol = "tcp"
rule_no = 100
action = "allow"
cidr_block = "10.0.0.0/16"
from_port = 3389
to_port = 3389
}
}Remediation
Restrict inbound traffic on port 3389 to trusted sources by configuring the NACL to only allow traffic from specific IP addresses or security groups.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1214 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | ncloud_network_acl_rule |
| Checkov ID | CKV_NCP_11 |