Severity

0.0
high
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    Network / Ports

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CIS-Controls CIS-Google CSA-CCM ISO-27001 NIST-800-53 PCI-DSS SOC-2
  • Snyk ID SNYK-CC-00376
  • credit Snyk Research Team

Description

If RDP is open to the internet, attackers can attempt to gain access to VM instances. Removing unfettered connectivity to remote console services, such as RDP, reduces a server's exposure to risk.

How to fix?

Set source_ranges attribute to specific IP address range, for example 192.168.0.0/24.

Example Configuration

resource "google_compute_firewall" "allowed" {
  name    = "test-firewall"
  network = google_compute_network.default.name

  allow {
    protocol = "tcp"
    ports    = ["3389"]
  }

  source_ranges = ["192.168.0.0/24"]
}