Virtual Network security groups should not permit ingress from ‘0.0.0.0/0’ to TCP port 3389 (RDP)

Description

The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.

Console Remediation Steps

  • Navigate to Virtual Machines and select the VM that has the problem.

  • In the left navigation, select Networking.

  • Select the Inbound port rules tab and delete any inbound rules that permit ingress from ‘0.0.0.0/0’ to TCP port 3389 (RDP).

CLI Remediation Steps

  • Remove the rule that permit ingress from ‘0.0.0.0/0’ to TCP port 3389 (RDP): .. code-block:: guess

    {
    az network nsg rule delete [–ids]

    [–name] [–nsg-name] [–resource-group] [–subscription]

    }