CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAttackers could use brute force techniques to gain access to virtual machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the virtual network or even attack networked devices outside of Azure.
Remove 3389
, *
, or any port range that covers 3389
from properties.securityRules[].properties.destinationPortRange(s)
when 'properties.securityRules[].properties.access' is set to allow
.
Remove 3389
, *
, or any port range that covers 3389
from security_rule.destination_port_range
when security_rule.access
is set to Allow
.
resource "azurerm_network_security_group" "allowed" {
name = "test1"
location = var.azure_rdp_sec_group
resource_group_name = var.azure_rdp_sec_group
security_rule {
name = "valid"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefix = "10.10.10.101"
destination_address_prefix = "*"
}
}