GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Firewall Rules Should Be Minimum
More Info:
Ensure that firewall rules are kept at a minimum
Risk Level
Low
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate firewall rules being too permissive in GCP using GCP console, follow these steps:
- Log in to the GCP console at https://console.cloud.google.com/
- Navigate to the VPC network for which you want to remediate the firewall rules.
- Click on the “Firewall rules” tab.
- Review the existing firewall rules and identify the ones that are too permissive.
- Click on the checkbox next to the firewall rule that you want to modify.
- Click on the “Edit” button at the top of the page.
- Modify the firewall rule to be more restrictive by updating the source or destination IP addresses, protocols, or ports.
- Click on the “Save” button to save the changes.
- Repeat steps 5-8 for all the firewall rules that need to be remediated.
By following these steps, you can remediate the firewall rules being too permissive in GCP and ensure that your network is secure.
To remediate the firewall rules misconfiguration in GCP using GCP CLI, follow these steps:
- Open the Cloud Shell in the GCP console.
- Run the following command to list all the firewall rules in your project:
gcloud compute firewall-rules list
- Identify the firewall rules that are not necessary or are overly permissive.
- Delete the unnecessary firewall rules using the following command:
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule you want to delete.
5. Modify the overly permissive firewall rules to allow only necessary traffic. You can use the following command to update a firewall rule:
gcloud compute firewall-rules update [FIREWALL_RULE_NAME] --source-ranges=[IP_ADDRESS_RANGE] --allow=[PROTOCOL]:[PORT_NUMBER]/[PORT_PROTOCOL]
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule you want to update, [IP_ADDRESS_RANGE] with the IP address range that should be allowed, [PROTOCOL] with the protocol that should be allowed (e.g. tcp), [PORT_NUMBER] with the port number that should be allowed, and [PORT_PROTOCOL] with the protocol of the port (e.g. tcp).
By following these steps, you can remediate the firewall rules misconfiguration in GCP using GCP CLI.
To remediate the firewall rules misconfiguration in GCP using Python, follow the steps below:
- Import the required modules:
from google.cloud import firewall
from google.cloud import exceptions
- Set up the GCP project and firewall client:
project_id = 'your-project-id'
client = firewall.FirewallClient()
firewalls = client.list(project=project_id)
- Iterate through the firewall rules and delete any unnecessary rules:
for fw in firewalls:
if fw.name == 'default-allow-http' or fw.name == 'default-allow-https':
continue
try:
client.delete_firewall(fw.name, project=project_id)
print(fw.name + ' deleted successfully')
except exceptions.NotFound:
print(fw.name + ' not found')
- Save the Python script and run it to remediate the misconfiguration.
This Python script will delete all the firewall rules except for the default-allow-http and default-allow-https rules which are required for web traffic. By doing this, we are ensuring that the firewall rules are set to a minimum.