Remote debugging protocols—including GDB, Java Debug Wire Protocol (JDWP), Xdebug, and Android Debug Bridge (ADB)—grant direct control over running processes written in C, C++, Java, PHP, and Android. When these services are left exposed on the internet, they create high-severity attack surfaces.
Cloud Firewall's intrusion prevention system (IPS) includes built-in rules that detect and block remote debugging traffic. By default, these rules run in Monitor mode. Switch them to Block mode to actively prevent remote debugging access.
Security risks
| Risk | Description |
|---|---|
| Unauthorized internal access | Open remote debugging services allow any user with network access to run arbitrary commands and take full control of a host, including employees acting outside their authorized scope. |
| Remote code execution | Attackers scan internet-facing ports for exposed debugging services. Once found, they can execute remote commands, gain full host permissions, and perform actions such as Trojan insertion and data theft. |
| Worm and Trojan propagation | Worms and Trojans spread across remote debugging protocols, leading to threats such as cryptomining and ransomware. |
Block remote debugging with Cloud Firewall
IPS rule modes control how Cloud Firewall responds to matched traffic:
| Mode | Behavior |
|---|---|
| Monitor | Detects matching traffic and logs it. Does not block. |
| Block | Automatically blocks traffic that matches the rules. |
To switch the remote debugging rules to Block mode:
Log in to the Cloud Firewall console.
In the left navigation pane, choose Prevention Configuration > IPS Configuration.
In the Basic Protection section, click Configure.
In the Basic Protection dialog box, change the mode of some or all remote debugging-related rules from Monitor to Block.