1. Login to the GCP console and navigate to the Compute Engine section.
2. Select the instance(s) for which you want to remediate the misconfiguration.
3. Click on the “Edit” button at the top of the page to edit the instance settings.
4. Scroll down to the “Firewall” section and click on “Edit” next to the default-allow-rdp rule.
5. In the “Protocols and ports” section, uncheck the box next to “RDP” to disable access to the RDP port.
6. Click on the “Save” button to save the changes.
7. Verify that the RDP port is no longer open by running a port scan on the instance(s).

​

1. Open the Cloud Shell console in your GCP project.
2. Check if the RDP port is open by running the following command: gcloud compute firewall-rules list | grep RDP This will list all the firewall rules that contain the keyword “RDP.”
3. Identify the firewall rule that allows RDP traffic and note its name.
4. Delete the firewall rule that allows RDP traffic by running the following command: gcloud compute firewall-rules delete [FIREWALL_RULE_NAME] Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that allows RDP traffic.
5. Confirm the deletion of the firewall rule by running the following command: gcloud compute firewall-rules list | grep RDP This command should not return any results.
6. Verify that RDP port is closed by running the following command: nmap -Pn -p 3389 [INSTANCE_IP_ADDRESS] Replace [INSTANCE_IP_ADDRESS] with the IP address of the instance you want to check. This command will scan the instance for open ports and should not return any results for port 3389 (RDP).
7. Repeat steps 2-6 for all instances in your GCP project to ensure that RDP port is not open on any of them.

1. First, you need to identify the instance(s) with the open RDP port. You can use the GCP Python SDK to retrieve a list of all instances in your project and filter them based on the open RDP port.

from google.cloud import compute_v1

# Initialize the Compute Engine API client
compute_client = compute_v1.InstancesClient()

# Project ID for this request.
project = 'your-project-id'  

# List all instances in the project
instances = compute_client.list(project=project)

# Filter instances with open RDP port
rdp_instances = [i for i in instances if i.network_interfaces[0].access_configs[0].nat_ip_port_range == '3389']

2. Once you have identified the instances with the open RDP port, you can update their firewall rules to block incoming traffic on port 3389. You can use the GCP Python SDK to retrieve a list of all firewall rules in your project and update the rules that allow traffic on port 3389 to block the traffic instead.

# List all firewall rules in the project
firewall_rules = compute_client.list_firewall_policies(project=project)

# Update the firewall rules to block incoming traffic on port 3389
for rule in firewall_rules:
    if rule.allowed[0].ports == ['3389']:
        rule.direction = 'DENY'
        rule.priority = 1000
        rule.denied = [{'IPProtocol': 'tcp', 'ports': ['3389']}]
        compute_client.update_firewall_policy(project=project, firewall_policy=rule)

3. Finally, you can verify that the RDP port is no longer open on the instances by checking their firewall rules.

# Verify that the RDP port is closed on the instances
for instance in rdp_instances:
    firewall = compute_client.get_firewall_policy(project=project, firewall_policy='default-allow-rdp')
    if {'IPProtocol': 'tcp', 'ports': ['3389']} not in firewall.allowed:
        print(f"RDP port is closed on instance {instance.name}")