Network firewall rules should not permit ingress from 0.0.0.0/0 to port 3389 (RDP)¶
If RDP is open to the internet, attackers can attempt to gain access to VM instances. Removing unfettered connectivity to remote console services, such as RDP, reduces a server’s exposure to risk.
Google Cloud Console¶
Navigate to VPC networks.
In the left navigation, select Firewall.
Click the firewall rule that has Protocols/ports set to “tcp:3389” and Filters set to “IP ranges: 0.0.0.0/0.”
Modify Source IP ranges to a specific IP.
To update a firewall with a new source IP range:
gcloud compute firewall-rules update FIREWALL_NAME --allow=[PROTOCOL[:PORT[-PORT]],...] --source-ranges=[CIDR_RANGE,...]