Description
This policy identifies Oracle IAAS Network Security Groups that allow unrestricted ingress from the internet to the Remote Desktop Protocol (RDP) port, TCP/3389.
Rationaleβ
RDP is commonly used to administer Windows workloads and other systems requiring remote desktop access. Allowing RDP access from 0.0.0.0/0 or ::/0 exposes administrative interfaces to internet-wide scanning, brute-force attempts, credential theft, and exploitation of vulnerable remote access services. Network security group rules should allow RDP only from trusted administrative networks, bastion hosts, VPN ranges, or other controlled access paths.
Impactβ
Restricting public RDP ingress can block administrative connections that currently depend on open internet access. Confirm that administrators have an approved access path before removing or narrowing existing rules.
Auditβ
This policy flags an Oracle IAAS Network Security Group as INCOMPLIANT when it has at least one related rule that meets all of the following conditions:
Directionis INGRESS.Sourceis 0.0.0.0/0 or ::/0.Protocolis ALL, orProtocolis TCP and either the destination port range includes 3389 or no destination port range is set.
Network security groups without matching ingress rules are COMPLIANT.