GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
FTP Port Should Not Be Open
More Info:
Determines if TCP port 20 or 21 for FTP is open to the public.
Risk Level
Medium
Address
Security
Compliance Standards
HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
To remediate the FTP Port Should Not Be Open misconfiguration for GCP using the GCP console, follow these steps:
- Open the Google Cloud Console and select the project where the misconfiguration is present.
- Go to the Compute Engine section from the left-hand menu.
- Select the VM instance where the FTP port is open.
- Click on the Edit button at the top of the page.
- Scroll down to the Firewall section and click on the “default-allow-ftp” rule.
- Click on the “Edit” button next to the rule.
- In the “Protocols and ports” section, uncheck the “tcp:21” option.
- Click on the “Save” button to apply the changes.
- Repeat steps 5-8 for any other FTP rules that are present.
By performing these steps, you have successfully remediated the misconfiguration by closing the FTP port on the GCP VM instance.
To remediate the FTP Port Should Not Be Open misconfiguration for GCP using GCP CLI, you can follow these steps:
-
Open the Google Cloud Console and navigate to the GCP project where the misconfiguration exists.
-
Open the Cloud Shell by clicking on the Cloud Shell icon in the top right corner of the console.
-
In the Cloud Shell, run the following command to list all the firewall rules in the project:
gcloud compute firewall-rules list -
Identify the firewall rule that allows FTP traffic to the instance. Note down the name of the firewall rule.
-
Run the following command to delete the firewall rule:
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that you identified in step 4.
-
Confirm the deletion by entering
Ywhen prompted. -
Verify that the firewall rule has been deleted by running the following command:
gcloud compute firewall-rules listThe output should not include the firewall rule that you just deleted.
By following these steps, you have successfully remediated the FTP Port Should Not Be Open misconfiguration for GCP using GCP CLI.
To remediate the FTP Port Should Not Be Open misconfiguration in GCP using Python, you can follow these steps:
- First, you need to identify the project and the instance that has the open FTP port. You can use the
google-cloud-sdkcommand-line tool to do this. Run the following command:
gcloud compute instances list
This will list all the instances in your project along with their metadata.
- Once you have identified the instance, you need to connect to it using SSH. You can use the
gcloud compute sshcommand to do this. Run the following command:
gcloud compute ssh [INSTANCE_NAME]
Replace [INSTANCE_NAME] with the name of the instance you want to connect to.
- Once you are connected to the instance, you need to check if the FTP port is open. You can use the
netstatcommand to do this. Run the following command:
sudo netstat -tuln | grep :21
This will show you if the FTP port (port 21) is open or not.
- If the FTP port is open, you need to close it. You can do this by modifying the instance’s firewall rules. You can use the
google-cloud-sdkcommand-line tool to do this. Run the following command:
gcloud compute firewall-rules update [FIREWALL_RULE_NAME] --source-ranges=[IP_RANGE] --direction=INGRESS --action=DENY --rules=tcp:21
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that allows traffic to port 21. Replace [IP_RANGE] with the IP range that is allowed to access the FTP port.
- Finally, you need to verify that the FTP port is closed. You can do this by running the
netstatcommand again:
sudo netstat -tuln | grep :21
This should not show any output, which means that the FTP port is closed.
By following these steps, you can remediate the FTP Port Should Not Be Open misconfiguration in GCP using Python.