Ensure OCI security list does not allow ingress from 0.0.0.0/0 to port 3389
Error: OCI security lists allows unrestricted ingress access to port 33899
Bridgecrew Policy ID: BC_OCI_NETWORKING_3
Checkov Check ID: CKV_OCI_20
Severity: LOW
OCI security lists allows unrestricted ingress access to port 3389
Description
This policy identifies Security list that allow inbound traffic on RDP port (3389) from the public internet. As a best practice, restrict security groups to only allow permitted traffic and limit brute force attacks on your network.
Fix - Runtime
Fix - Buildtime
Terraform
resource "oci_core_security_list" "pass0" {
compartment_id = "var.compartment_id"
vcn_id = "oci_core_vcn.test_vcn.id"
ingress_security_rules {
protocol = "var.security_list_ingress_security_rules_protocol"
source = "0.0.0.0/0"
tcp_options {
max = 4000
min = 3390
source_port_range {
max = "var.security_list_ingress_security_rules_tcp_options_source_port_range_max"
min = "var.security_list_ingress_security_rules_tcp_options_source_port_range_min"
}
}
udp_options {
max = 21
min = 20
source_port_range {
max = "var.security_list_ingress_security_rules_udp_options_source_port_range_max"
min = "var.security_list_ingress_security_rules_udp_options_source_port_range_min"
}
}
}
}
Updated 3 months ago