Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Windows SMB Port Should Not Be Open” for GCP using GCP console, follow the below steps:
- Open the Google Cloud Console and select the project for which you want to remediate the misconfiguration.
- Navigate to the Compute Engine section and select the VM instance that has the open Windows SMB port.
- Click on the Edit button at the top of the page.
- Scroll down to the Firewall section and click on “Add Firewall Rule”.
- In the Name field, enter a name for the firewall rule.
- In the Targets field, select “Specified target tags” and enter the tag that is associated with the VM instance.
- In the Source filter field, select “IP ranges” and enter the IP range that you want to allow access to the Windows SMB port.
- In the Protocols and ports field, select “Specified protocols and ports” and enter “tcp:445”.
- Click on the “Create” button to create the firewall rule.
- Once the firewall rule is created, click on the Save button to save the changes to the VM instance.
- Verify that the Windows SMB port is no longer open by running a port scan on the VM instance.
Using CLI
Using CLI
To remediate the misconfiguration “Windows SMB Port Should Not Be Open” for GCP using GCP CLI, you can follow these steps:By following these steps, you will have successfully remediated the misconfiguration “Windows SMB Port Should Not Be Open” for GCP using GCP CLI.
- Login to your GCP console using your credentials.
- Open the Cloud Shell by clicking on the icon located on the top right corner of the console.
- Run the following command to list all the instances in your project:
- Identify the instance which has the open SMB port.
- Run the following command to SSH into the instance:
- Once you are logged in to the instance, run the following command to check if the SMB port is open:
- If the SMB port is open, run the following command to stop the SMB service:
- Run the following command to disable the SMB service from starting on boot:
- Finally, run the following command to confirm that the SMB port is no longer open:
- Exit the SSH session by running the following command:
Using Python
Using Python
To remediate the misconfiguration “Windows SMB Port Should Not Be Open” on GCP using Python, you can follow the below steps:
- Use the Google Cloud SDK to authenticate and authorize access to your GCP account.
-
Use the Python
google-cloud-computelibrary to create a new firewall rule that blocks the Windows SMB port (TCP port 445) on all instances in your GCP project. - Here is the sample Python code to create a new firewall rule:
-
In the above code, replace
your-project-idwith your GCP project ID andus-central1-awith your preferred zone. - The above code creates a new firewall rule named “block-smb” that blocks TCP port 445 on all instances with the tag “windows”. You can add this tag to your Windows instances to apply the firewall rule.
- After running the above code, you should see a new firewall rule named “block-smb” in your GCP console.
- Verify that the firewall rule is working as expected by testing the Windows SMB port from outside your GCP network.