GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Telnet Port Should Not Be Open
More Info:
Determines if TCP port 23 for Telnet is open to the public.
Risk Level
Medium
Address
Security
Compliance Standards
SOC2, GDPR, ISO27001, HIPAA, HITRUST, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
To remediate the misconfiguration of “Telnet Port Should Not Be Open” for GCP using GCP console, please follow the below steps:
- Login to your GCP console.
- Navigate to the GCP project which has the instance with the open Telnet port.
- Click on the hamburger menu on the top left corner of the console and select “Compute Engine” under the “Compute” section.
- From the list of instances, select the instance with the open Telnet port.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Firewall” section and click on “Management, disks, networking, SSH keys”.
- Under the “Firewall” section, click on “default-allow-internal”.
- Scroll down to the “Protocols and ports” section and uncheck the “tcp:23” option.
- Click on the “Save” button at the bottom of the page.
By following the above steps, you have successfully remediated the misconfiguration of “Telnet Port Should Not Be Open” for GCP using GCP console.
To remediate the “Telnet Port Should Not Be Open” misconfiguration on GCP using GCP CLI, follow these steps:
-
Open the Cloud Shell in the GCP Console.
-
Run the following command to list all the instances in the project:
gcloud compute instances list
-
Identify the instance that has the telnet port open.
-
Connect to the instance using SSH:
gcloud compute ssh [INSTANCE_NAME] --zone [ZONE]
- Once connected to the instance, run the following command to check if telnet is installed:
which telnet
- If telnet is installed, run the following command to uninstall it:
sudo apt-get remove telnet
- If telnet is not installed, run the following command to check if the telnet port is open:
sudo netstat -tuln | grep 23
- If the telnet port is open, edit the firewall rules for the instance to close the telnet port:
gcloud compute firewall-rules update [FIREWALL_RULE_NAME] --remove-ports=23 --direction=INGRESS
- Verify that the telnet port is closed by running the following command:
sudo netstat -tuln | grep 23
-
Exit the SSH session by typing
exit. -
Repeat steps 4-10 for any other instances that have the telnet port open.
By following the above steps, you can remediate the “Telnet Port Should Not Be Open” misconfiguration on GCP using GCP CLI.
To remediate the Telnet Port Should Not Be Open misconfiguration in GCP using Python, you can follow these steps:
- Connect to the GCP project using the Python client library.
from google.cloud import compute_v1
compute_client = compute_v1.InstancesClient()
project = "your-project-id"
zone = "your-zone"
instance_name = "your-instance-name"
instance = compute_client.get(project=project, zone=zone, instance=instance_name)
- Check if the Telnet port is open by looking at the instance’s firewall rules.
firewall_rules = compute_client.list_firewall_policies(project=project, zone=zone)
for rule in firewall_rules:
if rule.allowed[0].ports == ['23']:
print(f"Firewall rule {rule.name} allows Telnet traffic.")
- If there is a firewall rule that allows Telnet traffic, delete it.
for rule in firewall_rules:
if rule.allowed[0].ports == ['23']:
operation = compute_client.delete_firewall_policy(project=project, firewall_policy=rule.name)
operation.result()
print(f"Firewall rule {rule.name} deleted.")
- Confirm that the Telnet port is no longer open by checking the instance’s firewall rules again.
firewall_rules = compute_client.list_firewall_policies(project=project, zone=zone)
for rule in firewall_rules:
if rule.allowed[0].ports == ['23']:
print(f"Firewall rule {rule.name} still allows Telnet traffic.")
By following these steps, you can remediate the Telnet Port Should Not Be Open misconfiguration for a GCP instance using Python.