CIFS Port Should Not Be Open

More Info:

Determines if UDP port 445 for CIFS is open to the public

Risk Level

Medium

Address

Security

Compliance Standards

HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

The CIFS (Common Internet File System) port should not be open in order to prevent unauthorized access to your GCP resources. To remediate this misconfiguration for GCP using GCP CLI, you can follow the below steps:

Open the Cloud Shell by clicking on the terminal icon in the top right corner of the GCP Console.
Run the following command to list all the firewall rules in your project:
```
gcloud compute firewall-rules list
```
Identify the firewall rule that allows traffic on port 445, which is the CIFS port. The rule name may vary depending on your configuration.
Run the following command to delete the firewall rule:
```
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]
```
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that you identified in step 3.
Confirm the deletion by typing “Y” when prompted.
Verify that the firewall rule has been deleted by running the following command:
```
gcloud compute firewall-rules list
```
You should not see the deleted firewall rule in the list.

By following these steps, you have successfully remediated the misconfiguration of having the CIFS port open in your GCP project.

Using Python

To remediate the misconfiguration “CIFS Port Should Not Be Open” in GCP using Python, you can follow these steps:

Identify the VM instances that have CIFS port open: You can use the Google Cloud SDK command gcloud to list the VM instances and their firewall rules. Run the following command to list all the VM instances in your project:
```
gcloud compute instances list
```
You can then inspect each VM instance and check if it has any firewall rules that allow CIFS port (TCP port 445). You can use the following command to list the firewall rules for a VM instance:
```
gcloud compute firewall-rules list --filter="targetTags=<instance-tag>"
```
Replace <instance-tag> with the tag of the VM instance you want to inspect.
Remove the firewall rule that allows CIFS port: Once you have identified the firewall rule that allows CIFS port, you can remove it using the Google Cloud SDK command gcloud. Run the following command to delete a firewall rule:
```
gcloud compute firewall-rules delete <firewall-rule-name>
```
Replace <firewall-rule-name> with the name of the firewall rule you want to delete.

Automate the remediation process: You can use the Google Cloud SDK and Python to automate the remediation process for all the VM instances in your project. Here’s an example Python script that lists all the firewall rules for all the VM instances in your project and deletes the ones that allow CIFS port:

import subprocess

# Get the list of VM instances
instances = subprocess.check_output(['gcloud', 'compute', 'instances', 'list', '--format', 'json'])

# Loop through each instance and its firewall rules
for instance in instances:
    instance_name = instance['name']
    firewall_rules = subprocess.check_output(['gcloud', 'compute', 'firewall-rules', 'list', '--filter', f'targetTags={instance_name}', '--format', 'json'])
    for rule in firewall_rules:
        if rule['allowed'] and 'tcp' in rule['allowed'] and '445' in rule['allowed']['tcp']:
            # Delete the firewall rule that allows CIFS port
            subprocess.check_output(['gcloud', 'compute', 'firewall-rules', 'delete', rule['name']])

You can customize this script to suit your specific needs, such as filtering VM instances by region or project.

Additional Reading:

https://cloud.google.com/vpc/docs/using-firewalls

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

CIFS Port Should Not Be Open

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: