GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
VNC Client Port Should Not Be Open
More Info:
Determines if TCP port 5500 for VNC Client is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as VNC Client should be restricted to known IP addresses.
Risk Level
Medium
Address
Security
Compliance Standards
HITRUST
Triage and Remediation
Remediation
To remediate the misconfiguration “VNC Client Port Should Not Be Open” in GCP using GCP console, follow the below steps:
- Login to the GCP console with your credentials.
- Navigate to the Compute Engine section from the left-hand side menu.
- Click on the name of the instance where you want to remediate the misconfiguration.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Firewall” section.
- Click on the “default-allow-rdp” rule.
- Click on the “Edit” button.
- In the “Protocols and ports” section, uncheck the “tcp:3389” checkbox.
- Click on the “Save” button to save the changes.
- Repeat steps 6-9 for “default-allow-vnc” rule.
- Click on the “Save” button at the bottom of the page to save the changes.
After following the above steps, the VNC Client Port will be closed and the misconfiguration will be remediated.
To remediate the VNC Client Port Should Not Be Open misconfiguration in GCP using GCP CLI, follow these steps:
-
Open the Cloud Shell by clicking the Activate Cloud Shell button in the GCP Console.
-
Run the following command to list all the firewall rules in your project:
gcloud compute firewall-rules list -
Identify the firewall rule that allows traffic to the VNC client port (usually port 5900).
-
Run the following command to delete the firewall rule:
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]Replace
[FIREWALL_RULE_NAME]with the name of the firewall rule that allows traffic to the VNC client port. -
Verify that the firewall rule has been deleted by running the following command:
gcloud compute firewall-rules listThe output should not include the firewall rule that allowed traffic to the VNC client port.
-
You have successfully remediated the VNC Client Port Should Not Be Open misconfiguration in GCP using GCP CLI.
To remediate the VNC Client Port open misconfiguration in GCP using Python, you can follow these steps:
-
First, you need to authenticate and authorize your Google Cloud account using the Python client library. You can do this by following the instructions in the official Google Cloud documentation.
-
Next, you need to identify the GCP project and the specific instance(s) that have the VNC client port open. You can use the
google-cloud-sdkcommand-line tool or the Python client library to list all the instances in your project. -
Once you have identified the instances with the VNC client port open, you can use the Python client library to update the firewall rules for each instance to block the VNC client port. Here’s an example code snippet that uses the
google-cloud-firewalllibrary to update the firewall rules for an instance:
from google.cloud import firewall
# Replace PROJECT_ID with your GCP project ID
project_id = 'PROJECT_ID'
# Replace INSTANCE_NAME with the name of the instance with the VNC client port open
instance_name = 'INSTANCE_NAME'
# Replace VNC_CLIENT_PORT with the actual port number (usually 5900)
vnc_client_port = 5900
# Create a firewall client object
firewall_client = firewall.FirewallClient()
# Get the firewall rules for the instance
firewall_rules = firewall_client.list(project=project_id)
# Find the rule that allows traffic to the VNC client port
vnc_client_rule = None
for rule in firewall_rules:
if rule.allowed[0].ports == [str(vnc_client_port)] and \
rule.direction == 'INGRESS' and \
rule.target_tags == [instance_name]:
vnc_client_rule = rule
break
# If the rule exists, update it to block traffic to the VNC client port
if vnc_client_rule:
vnc_client_rule.allowed = []
firewall_client.update(vnc_client_rule)
- Finally, you can verify that the VNC client port is no longer open by trying to connect to it from a remote machine. If the remediation was successful, the connection should be refused.