Triage and Remediation
Remediation
Using Console
Using Console
To remediate the RDP port being open misconfiguration in GCP using the GCP console, please follow the below steps:
- Login to the GCP console and navigate to the Compute Engine section.
- Select the instance(s) for which you want to remediate the misconfiguration.
- Click on the “Edit” button at the top of the page to edit the instance settings.
- Scroll down to the “Firewall” section and click on “Edit” next to the default-allow-rdp rule.
- In the “Protocols and ports” section, uncheck the box next to “RDP” to disable access to the RDP port.
- Click on the “Save” button to save the changes.
- Verify that the RDP port is no longer open by running a port scan on the instance(s).
Using CLI
Using CLI
To remediate the RDP Port should not be open misconfiguration on GCP using GCP CLI, follow these steps:
- Open the Cloud Shell console in your GCP project.
-
Check if the RDP port is open by running the following command:
gcloud compute firewall-rules list | grep RDPThis will list all the firewall rules that contain the keyword “RDP.” - Identify the firewall rule that allows RDP traffic and note its name.
-
Delete the firewall rule that allows RDP traffic by running the following command:
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that allows RDP traffic. -
Confirm the deletion of the firewall rule by running the following command:
gcloud compute firewall-rules list | grep RDPThis command should not return any results. -
Verify that RDP port is closed by running the following command:
nmap -Pn -p 3389 [INSTANCE_IP_ADDRESS]Replace [INSTANCE_IP_ADDRESS] with the IP address of the instance you want to check. This command will scan the instance for open ports and should not return any results for port 3389 (RDP). - Repeat steps 2-6 for all instances in your GCP project to ensure that RDP port is not open on any of them.
Using Python
Using Python
To remediate the misconfiguration of RDP port being open in GCP using Python, you can follow these steps:By following these steps, you can remediate the misconfiguration of RDP port being open in GCP using Python.
- First, you need to identify the instance(s) with the open RDP port. You can use the GCP Python SDK to retrieve a list of all instances in your project and filter them based on the open RDP port.
- Once you have identified the instances with the open RDP port, you can update their firewall rules to block incoming traffic on port 3389. You can use the GCP Python SDK to retrieve a list of all firewall rules in your project and update the rules that allow traffic on port 3389 to block the traffic instead.
- Finally, you can verify that the RDP port is no longer open on the instances by checking their firewall rules.