Skip to main content

Description

This policy identifies Oracle IAAS Security Lists that allow unrestricted ingress from the internet to the Remote Desktop Protocol (RDP) port, TCP/3389.

Rationaleโ€‹

RDP is commonly used to administer Windows workloads. Allowing RDP access from 0.0.0.0/0 or ::/0 exposes administrative interfaces to internet-wide scanning, brute-force attempts, credential stuffing, and exploitation of vulnerable remote access services. Security list rules should allow RDP only from trusted administrative networks, bastion hosts, VPN ranges, or other controlled access paths.

Impactโ€‹

Restricting public RDP ingress can block administrative connections that currently depend on open internet access. Confirm that administrators have an approved access path before removing or narrowing existing rules.

Auditโ€‹

This policy flags an Oracle IAAS Security List as INCOMPLIANT when it has at least one related rule that meets all of the following conditions:

  • Direction is Ingress.
  • Source is 0.0.0.0/0 or ::/0.
  • Protocol is ALL, or Protocol is TCP and either the destination port range includes 3389 or no destination port range is set.

Security lists without matching ingress rules are COMPLIANT.

Referencesโ€‹

  1. https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm
  2. https://docs.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/network/security-list.html