GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Oracle Port Should Not Be Open
More Info:
Determines if TCP port 1521 for Oracle is open to the public
Risk Level
Medium
Address
Security
Compliance Standards
SOC2, GDPR, HITRUST, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
To remediate the Oracle Port Should Not Be Open misconfiguration for GCP using GCP console, follow these steps:
-
Log in to the GCP console (https://console.cloud.google.com/).
-
Select the project that contains the affected resource.
-
In the navigation menu on the left-hand side, click on “Compute Engine” and then select “VM instances”.
-
Locate the instance that has the open Oracle port and click on its name to open its details page.
-
Click on the “Edit” button at the top of the page to edit the instance settings.
-
Scroll down to the “Firewall” section and click on “Management, security, disks, networking, sole tenancy”.
-
Under the “Firewall” section, click on “Network interfaces”.
-
Click on “default” to expand the network interface settings.
-
In the “Firewall rules” section, locate the rule that allows traffic on the Oracle port (default is 1521).
-
Click on the trashcan icon next to the rule to delete it.
-
Click on the “Save” button at the bottom of the page to save the changes.
-
Verify that the Oracle port is no longer open by running a port scan or checking the instance’s firewall rules.
By following these steps, you have successfully remediated the Oracle Port Should Not Be Open misconfiguration for GCP using GCP console.
To remediate the misconfiguration “Oracle Port Should Not Be Open” for GCP using GCP CLI, follow the below steps:
-
Open the GCP console and navigate to the GCP project where the misconfiguration exists.
-
Open the Cloud Shell by clicking on the icon on the top right corner of the console.
-
Run the following command to list all the firewall rules in the project:
gcloud compute firewall-rules list
-
Identify the firewall rule that allows access to the Oracle port. Note down the name of the firewall rule.
-
Run the following command to delete the firewall rule:
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule identified in step 4.
-
Confirm the deletion by typing “Y” when prompted.
-
Verify that the firewall rule has been deleted by running the following command:
gcloud compute firewall-rules list
The output should not contain the firewall rule that was deleted in step 5.
By following these steps, you have successfully remediated the misconfiguration “Oracle Port Should Not Be Open” for GCP using GCP CLI.
To remediate the misconfiguration “Oracle Port Should Not Be Open” in GCP using Python, you can follow the below steps:
-
Identify the instances in your GCP project that have the Oracle port open. You can use the GCP Python SDK to get the list of instances and their network configuration.
-
For each instance with the Oracle port open, use the GCP Python SDK to update the firewall rule that allows traffic to the Oracle port. You can either delete the rule or modify it to allow traffic only from a specific IP address or range.
-
To delete the firewall rule, you can use the following Python code:
from google.cloud import compute_v1
# Create a client object to interact with GCP
client = compute_v1.FirewallsClient()
# Define the name of the firewall rule to delete
firewall_rule_name = 'oracle-port'
# Delete the firewall rule
operation = client.delete(project='your-project-id', firewall=firewall_rule_name)
- To modify the firewall rule to allow traffic only from a specific IP address or range, you can use the following Python code:
from google.cloud import compute_v1
# Create a client object to interact with GCP
client = compute_v1.FirewallsClient()
# Define the name of the firewall rule to modify
firewall_rule_name = 'oracle-port'
# Define the new source IP range for the firewall rule
new_source_range = '10.0.0.0/24'
# Get the current firewall rule
firewall_rule = client.get(project='your-project-id', firewall=firewall_rule_name)
# Modify the firewall rule to allow traffic only from the new source IP range
firewall_rule.source_ranges = [new_source_range]
operation = client.update(project='your-project-id', firewall=firewall_rule_name, firewall_resource=firewall_rule)
Note: Replace ‘your-project-id’ with the actual ID of your GCP project, and ‘oracle-port’ with the name of the firewall rule that allows traffic to the Oracle port.