GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
SMTP Port Should Not Be Open
More Info:
Determines if TCP port 25 for SMTP is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as SMTP should be restricted to known IP addresses.
Risk Level
Medium
Address
Security
Compliance Standards
HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
To remediate the SMTP Port Should Not Be Open misconfiguration in GCP using the GCP console, follow these steps:
- Log in to the GCP console (https://console.cloud.google.com/).
- Navigate to the Cloud Console.
- Select the project where the VM instance is running.
- In the left-hand menu, click on “Compute Engine” and then “VM instances”.
- Locate the instance that has the open SMTP port and click on the name of the instance.
- In the details pane, click on the “Edit” button at the top of the page.
- Scroll down to the “Firewall” section and click on “Networking interfaces”.
- Locate the “default-allow-smtp” rule and click on the trash icon to delete the rule.
- Click on the “Save” button at the bottom of the page to apply the changes.
Once you have completed these steps, the SMTP port should no longer be open on the VM instance.
To remediate the “SMTP Port Should Not Be Open” misconfiguration in GCP using GCP CLI, you can follow these steps:
-
Open the Cloud Shell in your GCP Console.
-
Run the following command to list all the firewall rules in your project:
gcloud compute firewall-rules list -
Identify the firewall rule that allows SMTP traffic. You can look for a rule that has a target tag that allows SMTP traffic, such as “allow-smtp”.
-
Run the following command to delete the firewall rule:
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that allows SMTP traffic.
-
Confirm the deletion by typing “y” and pressing enter.
-
Verify that the firewall rule has been deleted by running the following command:
gcloud compute firewall-rules listYou should no longer see the firewall rule that allows SMTP traffic.
By following these steps, you have successfully remediated the “SMTP Port Should Not Be Open” misconfiguration in GCP using GCP CLI.
To remediate the SMTP Port Should Not Be Open misconfiguration in GCP using Python, follow the below steps:
- First, you need to identify the instance(s) in your GCP project that has SMTP Port open. You can use the following command in the Cloud Shell to list all the instances in your project:
gcloud compute instances list
- Once you have identified the instance(s) with open SMTP Port, you need to connect to the instance(s) using SSH. You can use the following command to connect to an instance:
gcloud compute ssh [INSTANCE_NAME]
- After you have connected to the instance, you need to check if the SMTP service is running. You can use the following command to check the status of the SMTP service:
sudo systemctl status postfix
- If the SMTP service is running, you need to stop it using the following command:
sudo systemctl stop postfix
- After stopping the SMTP service, you need to disable it so that it does not start automatically on system startup. You can use the following command to disable the SMTP service:
sudo systemctl disable postfix
- Finally, you need to close the SMTP port by modifying the firewall rules. You can use the following command to close the SMTP port:
gcloud compute firewall-rules update [FIREWALL_RULE_NAME] --action deny --rules tcp:25
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that allows SMTP traffic.
- Once you have completed the above steps, you can exit the SSH session using the following command:
exit
By following the above steps, you can remediate the SMTP Port Should Not Be Open misconfiguration in GCP using Python.