1. Log in to the GCP console.
2. Navigate to the Compute Engine section.
3. Select the VM instance that has the CIFS port open.
4. Click on the Edit button at the top of the page.
5. Scroll down to the Firewall section.
6. Find the rule that allows traffic on port 445 (CIFS).
7. Click on the trash can icon to delete the rule.
8. Click on the Save button at the bottom of the page.

​

1. Open the Cloud Shell by clicking on the terminal icon in the top right corner of the GCP Console.
2. Run the following command to list all the firewall rules in your project:
   Copy

   Ask AI

   gcloud compute firewall-rules list
   

3. Identify the firewall rule that allows traffic on port 445, which is the CIFS port. The rule name may vary depending on your configuration.
4. Run the following command to delete the firewall rule:
   Copy

   Ask AI

   gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]
   

   Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that you identified in step 3.
5. Confirm the deletion by typing “Y” when prompted.
6. Verify that the firewall rule has been deleted by running the following command:
   Copy

   Ask AI

   gcloud compute firewall-rules list
   

   You should not see the deleted firewall rule in the list.

1. Identify the VM instances that have CIFS port open: You can use the Google Cloud SDK command gcloud to list the VM instances and their firewall rules. Run the following command to list all the VM instances in your project:
   Copy

   Ask AI

   gcloud compute instances list
   

   You can then inspect each VM instance and check if it has any firewall rules that allow CIFS port (TCP port 445). You can use the following command to list the firewall rules for a VM instance:
   Copy

   Ask AI

   gcloud compute firewall-rules list --filter="targetTags=<instance-tag>"
   

   Replace <instance-tag> with the tag of the VM instance you want to inspect.
2. Remove the firewall rule that allows CIFS port: Once you have identified the firewall rule that allows CIFS port, you can remove it using the Google Cloud SDK command gcloud. Run the following command to delete a firewall rule:
   Copy

   Ask AI

   gcloud compute firewall-rules delete <firewall-rule-name>
   

   Replace <firewall-rule-name> with the name of the firewall rule you want to delete.
3. Automate the remediation process: You can use the Google Cloud SDK and Python to automate the remediation process for all the VM instances in your project. Here’s an example Python script that lists all the firewall rules for all the VM instances in your project and deletes the ones that allow CIFS port:
   Copy

   Ask AI

   import subprocess
   
   # Get the list of VM instances
   instances = subprocess.check_output(['gcloud', 'compute', 'instances', 'list', '--format', 'json'])
   
   # Loop through each instance and its firewall rules
   for instance in instances:
       instance_name = instance['name']
       firewall_rules = subprocess.check_output(['gcloud', 'compute', 'firewall-rules', 'list', '--filter', f'targetTags={instance_name}', '--format', 'json'])
       for rule in firewall_rules:
           if rule['allowed'] and 'tcp' in rule['allowed'] and '445' in rule['allowed']['tcp']:
               # Delete the firewall rule that allows CIFS port
               subprocess.check_output(['gcloud', 'compute', 'firewall-rules', 'delete', rule['name']])
   

   You can customize this script to suit your specific needs, such as filtering VM instances by region or project.