SQL Server Port Should Not Be Open

More Info:

Determines if TCP port 1433 or UDP port 1434 for SQL Server is open to the public.

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, GDPR, HIPAA, HITRUST, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate an SQL Server port being open in GCP using GCP CLI, follow these steps:

Open the Google Cloud Console and navigate to the Compute Engine page.
Identify the instance with the open SQL Server port.
Connect to the instance using SSH.
Run the following command to list the firewall rules:
```
gcloud compute firewall-rules list
```
Identify the firewall rule that allows the SQL Server port to be open.
Run the following command to delete the firewall rule:
```
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]
```
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that allows the SQL Server port to be open.
Verify that the firewall rule has been deleted by running the following command:
```
gcloud compute firewall-rules list
```
The output should not include the firewall rule that allowed the SQL Server port to be open.
Once the firewall rule has been deleted, the SQL Server port will no longer be open. You can verify this by attempting to connect to the SQL Server port from a remote machine.

Using Python

To remediate the SQL Server Port Should Not Be Open misconfiguration in GCP using Python, you can follow these steps:

Connect to the Google Cloud Platform using the Google Cloud SDK.
Use the Google Cloud Python client library to create a firewall rule that blocks all incoming traffic to the SQL Server port. Here’s an example code snippet to create a firewall rule:

from google.cloud import compute_v1

# Set the project ID and region
project_id = 'your-project-id'
region = 'your-region'

# Create the firewall rule
client = compute_v1.FirewallsClient()
firewall_rule_body = {
    "name": "block-sql-server-port",
    "network": f"projects/{project_id}/global/networks/default",
    "direction": "INGRESS",
    "priority": 1000,
    "action": "deny",
    "rules": [
        {
            "protocol": "tcp",
            "ports": ["1433"]
        }
    ],
    "target_tags": ["sql-server"]
}
response = client.insert(project=project_id, firewall_resource=firewall_rule_body)

In the above code snippet, replace your-project-id and your-region with your actual project ID and region. The target_tags field specifies the tags of the resources that should be blocked from accessing the SQL Server port.

Apply the sql-server tag to all the instances that are running SQL Server.

from google.cloud import compute_v1

# Set the project ID and region
project_id = 'your-project-id'
region = 'your-region'

# Set the instance name
instance_name = 'your-instance-name'

# Set the tags
tags = ["sql-server"]

# Update the tags for the instance
client = compute_v1.InstancesClient()
instance = client.get(project=project_id, zone=region + '-a', instance=instance_name)
instance.tags = tags
client.update(project=project_id, zone=region + '-a', instance=instance_name, instance_resource=instance)

In the above code snippet, replace your-project-id, your-region, and your-instance-name with your actual project ID, region, and instance name. The tags field specifies the tags that should be applied to the instance.

Verify that the firewall rule is working as expected by attempting to connect to the SQL Server port from a remote machine. The connection should be blocked.

These steps should remediate the SQL Server Port Should Not Be Open misconfiguration in GCP using Python.

Additional Reading:

https://cloud.google.com/vpc/docs/using-firewalls

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

SQL Server Port Should Not Be Open

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: