1. Login to your GCP console.
2. Select the project where the misconfiguration exists.
3. Navigate to the Compute Engine section.
4. Select the VM instance where the misconfiguration exists.
5. Click on the “Edit” button at the top of the VM instance details page.
6. Scroll down to the “Firewall” section.
7. Click on “Add firewall rule”.
8. Enter a name for the firewall rule.
9. Set the “Action on match” to “Deny”.
10. Set the “Targets” to “All instances in the network”.
11. In the “Source filter” section, select “IP ranges”.
12. Enter the IP range that you want to block.
13. In the “Protocols and ports” section, select “Specified protocols and ports”.
14. In the “Protocols and ports” field, enter “udp:137; udp:138; tcp:139; tcp:445” to block NetBIOS traffic.
15. Click on the “Create” button to save the firewall rule.

​

1. Open the Cloud Shell in the GCP console.
2. Run the following command to list all the firewall rules in your project:
   Copy

   Ask AI

   gcloud compute firewall-rules list
   

3. Look for the firewall rule that allows traffic on port 139 or 445, which are the ports used by NetBIOS. Note the name of the firewall rule.
4. Run the following command to delete the firewall rule:
   Copy

   Ask AI

   gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]
   

   Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that you noted in step 3.
5. Confirm that the firewall rule has been deleted by running the command in step 2 again.
6. Verify that the NetBIOS port is no longer open by running a port scan on your GCP instance from an external network.

1. Use the google-cloud-securitycenter library to retrieve the list of assets that have open NetBIOS ports. You can use the following code snippet to achieve this:

from google.cloud import securitycenter

client = securitycenter.SecurityCenterClient()

# The organization ID to retrieve findings for
org_id = 'YOUR_ORGANIZATION_ID'

# The filter expression to find assets with open NetBIOS ports
filter_exp = (
    "security_marks.marks.netbios_open : true AND "
    f"resource_properties.project_id = {org_id}"
)

# Call the API to retrieve the findings
findings = client.list_findings(
    request={
        "parent": f"organizations/{org_id}",
        "filter": filter_exp,
    }
)

2. For each asset with an open NetBIOS port, use the google-cloud-compute library to update the firewall rule and close the port. You can use the following code snippet to achieve this:

from google.cloud import compute_v1

client = compute_v1.FirewallsClient()

# The name of the firewall rule to update
firewall_name = 'YOUR_FIREWALL_RULE_NAME'

# The name of the network to update the firewall rule for
network_name = 'YOUR_NETWORK_NAME'

# The name of the project that contains the network and firewall rule
project_name = 'YOUR_PROJECT_NAME'

# The IP range to close the NetBIOS port for
ip_range = '0.0.0.0/0'

# Call the API to update the firewall rule
firewall = client.get(f'projects/{project_name}/global/firewalls/{firewall_name}')
updated_firewall = compute_v1.Firewall(
    allowed=[rule for rule in firewall.allowed if rule.IPProtocol != 'udp' or rule.ports != ['137']],
    target_tags=firewall.target_tags,
    source_ranges=[range for range in firewall.source_ranges if range != ip_range],
    network=f'projects/{project_name}/global/networks/{network_name}'
)
operation = client.update(request={
    "firewall": updated_firewall,
    "updateMask": "allowed,targetTags,sourceRanges,network",
    "firewall": f"projects/{project_name}/global/firewalls/{firewall_name}"
})