NetBIOS Port Should Not Be Open

More Info:

Determines if UDP port 137 or 138 for NetBIOS is open to the public

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, GDPR, ISO27001, HIPAA, HITRUST, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the NetBIOS Port Should Not Be Open misconfiguration in GCP using GCP CLI, follow these steps:

Open the Cloud Shell in the GCP console.
Run the following command to list all the firewall rules in your project:
```
gcloud compute firewall-rules list
```
Look for the firewall rule that allows traffic on port 139 or 445, which are the ports used by NetBIOS. Note the name of the firewall rule.
Run the following command to delete the firewall rule:
```
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]
```
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that you noted in step 3.
Confirm that the firewall rule has been deleted by running the command in step 2 again.
Verify that the NetBIOS port is no longer open by running a port scan on your GCP instance from an external network.

By following these steps, you have successfully remediated the NetBIOS Port Should Not Be Open misconfiguration in GCP using GCP CLI.

Using Python

To remediate the NetBIOS Port Should Not Be Open misconfiguration in GCP using Python, you can follow these steps:

Use the google-cloud-securitycenter library to retrieve the list of assets that have open NetBIOS ports. You can use the following code snippet to achieve this:

from google.cloud import securitycenter

client = securitycenter.SecurityCenterClient()

# The organization ID to retrieve findings for
org_id = 'YOUR_ORGANIZATION_ID'

# The filter expression to find assets with open NetBIOS ports
filter_exp = (
    "security_marks.marks.netbios_open : true AND "
    f"resource_properties.project_id = {org_id}"
)

# Call the API to retrieve the findings
findings = client.list_findings(
    request={
        "parent": f"organizations/{org_id}",
        "filter": filter_exp,
    }
)

For each asset with an open NetBIOS port, use the google-cloud-compute library to update the firewall rule and close the port. You can use the following code snippet to achieve this:

from google.cloud import compute_v1

client = compute_v1.FirewallsClient()

# The name of the firewall rule to update
firewall_name = 'YOUR_FIREWALL_RULE_NAME'

# The name of the network to update the firewall rule for
network_name = 'YOUR_NETWORK_NAME'

# The name of the project that contains the network and firewall rule
project_name = 'YOUR_PROJECT_NAME'

# The IP range to close the NetBIOS port for
ip_range = '0.0.0.0/0'

# Call the API to update the firewall rule
firewall = client.get(f'projects/{project_name}/global/firewalls/{firewall_name}')
updated_firewall = compute_v1.Firewall(
    allowed=[rule for rule in firewall.allowed if rule.IPProtocol != 'udp' or rule.ports != ['137']],
    target_tags=firewall.target_tags,
    source_ranges=[range for range in firewall.source_ranges if range != ip_range],
    network=f'projects/{project_name}/global/networks/{network_name}'
)
operation = client.update(request={
    "firewall": updated_firewall,
    "updateMask": "allowed,targetTags,sourceRanges,network",
    "firewall": f"projects/{project_name}/global/firewalls/{firewall_name}"
})

Note that you may need to adjust the code snippets to fit your specific use case, such as changing the filter expression or updating the firewall rule with different parameters.

Additional Reading:

https://cloud.google.com/vpc/docs/using-firewalls

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

NetBIOS Port Should Not Be Open

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: