Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.
Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.
To determine if your VPC firewall rules allow unrestricted access on TCP port 3389 (RDP), perform the following actions:
Remediation / Resolution
To update your VPC network firewall rule configuration in order to restrict Remote Desktop Protocol (RDP) access to trusted, authorized IP addresses or IP ranges only, perform the following actions:
- Google Cloud Platform (GCP) Documentation
- VPC network overview
- Using VPC networks
- VPC firewall rules overview
- Using firewall rules
- CIS Security Documentation
- Securing Google Cloud Computing Platform
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unrestricted RDP Access
Risk level: Very High