Firewall Rules Should Be Minimum

More Info:

Ensure that firewall rules are kept at a minimum

Risk Level

Low

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the firewall rules misconfiguration in GCP using GCP CLI, follow these steps:

Open the Cloud Shell in the GCP console.
Run the following command to list all the firewall rules in your project:

gcloud compute firewall-rules list

Identify the firewall rules that are not necessary or are overly permissive.
Delete the unnecessary firewall rules using the following command:

gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]

Replace [FIREWALL_RULE_NAME] with the name of the firewall rule you want to delete. 5. Modify the overly permissive firewall rules to allow only necessary traffic. You can use the following command to update a firewall rule:

gcloud compute firewall-rules update [FIREWALL_RULE_NAME] --source-ranges=[IP_ADDRESS_RANGE] --allow=[PROTOCOL]:[PORT_NUMBER]/[PORT_PROTOCOL]

Replace [FIREWALL_RULE_NAME] with the name of the firewall rule you want to update, [IP_ADDRESS_RANGE] with the IP address range that should be allowed, [PROTOCOL] with the protocol that should be allowed (e.g. tcp), [PORT_NUMBER] with the port number that should be allowed, and [PORT_PROTOCOL] with the protocol of the port (e.g. tcp).By following these steps, you can remediate the firewall rules misconfiguration in GCP using GCP CLI.

Using Python

To remediate the firewall rules misconfiguration in GCP using Python, follow the steps below:

Import the required modules:

from google.cloud import firewall
from google.cloud import exceptions

Set up the GCP project and firewall client:

project_id = 'your-project-id'
client = firewall.FirewallClient()
firewalls = client.list(project=project_id)

Iterate through the firewall rules and delete any unnecessary rules:

for fw in firewalls:
    if fw.name == 'default-allow-http' or fw.name == 'default-allow-https':
        continue
    try:
        client.delete_firewall(fw.name, project=project_id)
        print(fw.name + ' deleted successfully')
    except exceptions.NotFound:
        print(fw.name + ' not found')

Save the Python script and run it to remediate the misconfiguration.

This Python script will delete all the firewall rules except for the default-allow-http and default-allow-https rules which are required for web traffic. By doing this, we are ensuring that the firewall rules are set to a minimum.

Additional Reading:

https://cloud.google.com/vpc/docs/using-firewalls

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Firewall Rules Should Be Minimum

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: