Virtual Network security groups should not permit ingress from ‘0.0.0.0/0’ to TCP port 3389 (RDP)

Description

The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.

Remediation Steps

Azure Portal

  • Navigate to Virtual Machines and select the VM that has the problem.

  • In the left navigation, select Networking.

  • Select the Inbound port rules tab and delete any inbound rules that permit ingress from ‘0.0.0.0/0’ to TCP port 3389 (RDP).

Azure CLI

  • Remove the rule(s) that permit ingress from ‘0.0.0.0/0’ to TCP port 3389 (RDP):

    • az network nsg rule delete -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule

Azure Resource Manager

Example Configuration

{
  "type": "Microsoft.Network/networkSecurityGroups/securityRules",
  "apiVersion": "2021-03-01",
  "properties": {
    "destinationPortRanges": "22-1024",
    "direction": "inbound",
    "sourceAddressPrefixes": "10.0.0.0/16"
    }
  #other required fields
}

Terraform

Example Configuration

resource "azurerm_network_security_rule" "example" {
  source_address_prefix   = "10.0.0.0/16"
  destination_port_range  = "22-1024"
  # other required fields here
}