Ensure OCI security list does not allow ingress from 0.0.0.0/0 to port 3389

Error: OCI security lists allows unrestricted ingress access to port 33899
Bridgecrew Policy ID: BC_OCI_NETWORKING_3
Checkov Check ID: CKV_OCI_20
Severity: LOW

OCI security lists allows unrestricted ingress access to port 3389

Description

This policy identifies Security list that allow inbound traffic on RDP port (3389) from the public internet. As a best practice, restrict security groups to only allow permitted traffic and limit brute force attacks on your network.

Fix - Runtime

Fix - Buildtime

Terraform

resource "oci_core_security_list" "pass0" {
    compartment_id = "var.compartment_id"
    vcn_id = "oci_core_vcn.test_vcn.id"

    ingress_security_rules {
        protocol = "var.security_list_ingress_security_rules_protocol"
        source = "0.0.0.0/0"

        tcp_options {
            max = 4000
            min = 3390
            source_port_range {
                max = "var.security_list_ingress_security_rules_tcp_options_source_port_range_max"
                min = "var.security_list_ingress_security_rules_tcp_options_source_port_range_min"
            }
        }
        udp_options {
            max = 21
            min = 20
            source_port_range {
                max = "var.security_list_ingress_security_rules_udp_options_source_port_range_max"
                min = "var.security_list_ingress_security_rules_udp_options_source_port_range_min"
            }
        }
    }
}