Oracle Port Should Not Be Open

More Info:

Determines if TCP port 1521 for Oracle is open to the public

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, GDPR, HITRUST, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Oracle Port Should Not Be Open” for GCP using GCP CLI, follow the below steps:

Open the GCP console and navigate to the GCP project where the misconfiguration exists.
Open the Cloud Shell by clicking on the icon on the top right corner of the console.
Run the following command to list all the firewall rules in the project:

gcloud compute firewall-rules list

Identify the firewall rule that allows access to the Oracle port. Note down the name of the firewall rule.
Run the following command to delete the firewall rule:

gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]

Replace [FIREWALL_RULE_NAME] with the name of the firewall rule identified in step 4.

Confirm the deletion by typing “Y” when prompted.
Verify that the firewall rule has been deleted by running the following command:

gcloud compute firewall-rules list

The output should not contain the firewall rule that was deleted in step 5.By following these steps, you have successfully remediated the misconfiguration “Oracle Port Should Not Be Open” for GCP using GCP CLI.

Using Python

To remediate the misconfiguration “Oracle Port Should Not Be Open” in GCP using Python, you can follow the below steps:

Identify the instances in your GCP project that have the Oracle port open. You can use the GCP Python SDK to get the list of instances and their network configuration.
For each instance with the Oracle port open, use the GCP Python SDK to update the firewall rule that allows traffic to the Oracle port. You can either delete the rule or modify it to allow traffic only from a specific IP address or range.
To delete the firewall rule, you can use the following Python code:

from google.cloud import compute_v1

# Create a client object to interact with GCP
client = compute_v1.FirewallsClient()

# Define the name of the firewall rule to delete
firewall_rule_name = 'oracle-port'

# Delete the firewall rule
operation = client.delete(project='your-project-id', firewall=firewall_rule_name)

To modify the firewall rule to allow traffic only from a specific IP address or range, you can use the following Python code:

from google.cloud import compute_v1

# Create a client object to interact with GCP
client = compute_v1.FirewallsClient()

# Define the name of the firewall rule to modify
firewall_rule_name = 'oracle-port'

# Define the new source IP range for the firewall rule
new_source_range = '10.0.0.0/24'

# Get the current firewall rule
firewall_rule = client.get(project='your-project-id', firewall=firewall_rule_name)

# Modify the firewall rule to allow traffic only from the new source IP range
firewall_rule.source_ranges = [new_source_range]
operation = client.update(project='your-project-id', firewall=firewall_rule_name, firewall_resource=firewall_rule)

Note: Replace ‘your-project-id’ with the actual ID of your GCP project, and ‘oracle-port’ with the name of the firewall rule that allows traffic to the Oracle port.

Additional Reading:

https://cloud.google.com/vpc/docs/using-firewalls

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Oracle Port Should Not Be Open

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: