GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
RDP Port Should Not Be Open
More Info:
Determines if TCP port 3389 for RDP is open to the public
Risk Level
Medium
Address
Security
Compliance Standards
SOC2, PCIDSS, ISO27001, HIPAA, CISGCP, CBP, HITRUST, GDPR, NISTCSF, FedRAMP
Triage and Remediation
Remediation
To remediate the RDP port being open misconfiguration in GCP using the GCP console, please follow the below steps:
-
Login to the GCP console and navigate to the Compute Engine section.
-
Select the instance(s) for which you want to remediate the misconfiguration.
-
Click on the “Edit” button at the top of the page to edit the instance settings.
-
Scroll down to the “Firewall” section and click on “Edit” next to the default-allow-rdp rule.
-
In the “Protocols and ports” section, uncheck the box next to “RDP” to disable access to the RDP port.
-
Click on the “Save” button to save the changes.
-
Verify that the RDP port is no longer open by running a port scan on the instance(s).
That’s it! By following the above steps, you have successfully remediated the misconfiguration of the RDP port being open in GCP.
To remediate the RDP Port should not be open misconfiguration on GCP using GCP CLI, follow these steps:
-
Open the Cloud Shell console in your GCP project.
-
Check if the RDP port is open by running the following command:
gcloud compute firewall-rules list | grep RDPThis will list all the firewall rules that contain the keyword “RDP.”
-
Identify the firewall rule that allows RDP traffic and note its name.
-
Delete the firewall rule that allows RDP traffic by running the following command:
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that allows RDP traffic.
-
Confirm the deletion of the firewall rule by running the following command:
gcloud compute firewall-rules list | grep RDPThis command should not return any results.
-
Verify that RDP port is closed by running the following command:
nmap -Pn -p 3389 [INSTANCE_IP_ADDRESS]Replace [INSTANCE_IP_ADDRESS] with the IP address of the instance you want to check. This command will scan the instance for open ports and should not return any results for port 3389 (RDP).
-
Repeat steps 2-6 for all instances in your GCP project to ensure that RDP port is not open on any of them.
By following these steps, you can remediate the RDP Port should not be open misconfiguration on GCP using GCP CLI.
To remediate the misconfiguration of RDP port being open in GCP using Python, you can follow these steps:
- First, you need to identify the instance(s) with the open RDP port. You can use the GCP Python SDK to retrieve a list of all instances in your project and filter them based on the open RDP port.
from google.cloud import compute_v1
# Initialize the Compute Engine API client
compute_client = compute_v1.InstancesClient()
# Project ID for this request.
project = 'your-project-id'
# List all instances in the project
instances = compute_client.list(project=project)
# Filter instances with open RDP port
rdp_instances = [i for i in instances if i.network_interfaces[0].access_configs[0].nat_ip_port_range == '3389']
- Once you have identified the instances with the open RDP port, you can update their firewall rules to block incoming traffic on port 3389. You can use the GCP Python SDK to retrieve a list of all firewall rules in your project and update the rules that allow traffic on port 3389 to block the traffic instead.
# List all firewall rules in the project
firewall_rules = compute_client.list_firewall_policies(project=project)
# Update the firewall rules to block incoming traffic on port 3389
for rule in firewall_rules:
if rule.allowed[0].ports == ['3389']:
rule.direction = 'DENY'
rule.priority = 1000
rule.denied = [{'IPProtocol': 'tcp', 'ports': ['3389']}]
compute_client.update_firewall_policy(project=project, firewall_policy=rule)
- Finally, you can verify that the RDP port is no longer open on the instances by checking their firewall rules.
# Verify that the RDP port is closed on the instances
for instance in rdp_instances:
firewall = compute_client.get_firewall_policy(project=project, firewall_policy='default-allow-rdp')
if {'IPProtocol': 'tcp', 'ports': ['3389']} not in firewall.allowed:
print(f"RDP port is closed on instance {instance.name}")
By following these steps, you can remediate the misconfiguration of RDP port being open in GCP using Python.