FTP Port Should Not Be Open
More Info:
Determines if TCP port 20 or 21 for FTP is open to the public.Risk Level
MediumAddress
SecurityCompliance Standards
HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the FTP Port Should Not Be Open misconfiguration for GCP using the GCP console, follow these steps:
- Open the Google Cloud Console and select the project where the misconfiguration is present.
- Go to the Compute Engine section from the left-hand menu.
- Select the VM instance where the FTP port is open.
- Click on the Edit button at the top of the page.
- Scroll down to the Firewall section and click on the “default-allow-ftp” rule.
- Click on the “Edit” button next to the rule.
- In the “Protocols and ports” section, uncheck the “tcp:21” option.
- Click on the “Save” button to apply the changes.
- Repeat steps 5-8 for any other FTP rules that are present.
Using CLI
Using CLI
To remediate the FTP Port Should Not Be Open misconfiguration for GCP using GCP CLI, you can follow these steps:
- Open the Google Cloud Console and navigate to the GCP project where the misconfiguration exists.
- Open the Cloud Shell by clicking on the Cloud Shell icon in the top right corner of the console.
-
In the Cloud Shell, run the following command to list all the firewall rules in the project:
- Identify the firewall rule that allows FTP traffic to the instance. Note down the name of the firewall rule.
-
Run the following command to delete the firewall rule:
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that you identified in step 4.
-
Confirm the deletion by entering
Ywhen prompted. -
Verify that the firewall rule has been deleted by running the following command:
The output should not include the firewall rule that you just deleted.
Using Python
Using Python
To remediate the FTP Port Should Not Be Open misconfiguration in GCP using Python, you can follow these steps:This will list all the instances in your project along with their metadata.Replace This will show you if the FTP port (port 21) is open or not.Replace This should not show any output, which means that the FTP port is closed.By following these steps, you can remediate the FTP Port Should Not Be Open misconfiguration in GCP using Python.
- First, you need to identify the project and the instance that has the open FTP port. You can use the
google-cloud-sdkcommand-line tool to do this. Run the following command:
- Once you have identified the instance, you need to connect to it using SSH. You can use the
gcloud compute sshcommand to do this. Run the following command:
[INSTANCE_NAME] with the name of the instance you want to connect to.- Once you are connected to the instance, you need to check if the FTP port is open. You can use the
netstatcommand to do this. Run the following command:
- If the FTP port is open, you need to close it. You can do this by modifying the instance’s firewall rules. You can use the
google-cloud-sdkcommand-line tool to do this. Run the following command:
[FIREWALL_RULE_NAME] with the name of the firewall rule that allows traffic to port 21. Replace [IP_RANGE] with the IP range that is allowed to access the FTP port.- Finally, you need to verify that the FTP port is closed. You can do this by running the
netstatcommand again: