Ensure no Alibaba Cloud security groups allow ingress from 0.0.0.0:0 to port 3389

Error: Alibaba Cloud Security group allows internet traffic to RDP port (3389)

Bridgecrew Policy ID: BC_ALI_NETWORKING_1
Checkov Check ID: CKV_ALI_3
Severity: HIGH

Alibaba Cloud Security group allows internet traffic to RDP port (3389)

Description

This policy identifies Security groups that allow inbound traffic on RDP port (3389) from the public internet. As a best practice, restrict security groups to only allow permitted traffic and limit brute force attacks on your network.

Fix - Runtime

Alibaba Cloud Portal

  1. Log in to Alibaba Cloud Portal
  2. Go to Elastic Compute Service
  3. In the left-side navigation pane, choose Network & Security > Security Groups
  4. Select the reported security group and then click Add Rules in the Actions column
  5. In Inbound tab, Select the rule having 'Action' as Allow, 'Authorization Object' as 0.0.0.0/0 and 'Port Range' value as 3389, Click Modify in the Actions column
  6. Replace the value 0.0.0.0/0 with specific IP address range.
  7. Click on 'OK'

Fix - Buildtime

Terraform

resource "alicloud_security_group_rule" "allow_all_vncserver" {
  type              = "ingress"
  ip_protocol       = "tcp"
  nic_type          = "internet"
  policy            = "accept"
  port_range        = "5900/5900"
  security_group_id = alicloud_security_group.default.id
  cidr_ip           = "0.0.0.0/0"
}
Footer
© 2022 GitHub, Inc.
Footer navigation