To control the traffic on the load balancer, such as deny or allow specified IP addresses, ensure that all backend services have an attached security policy.
Backend service is not configured to log HTTP(S) traffic.
To monitor and debug web traffic via logging data to Cloud Monitoring service, ensure that your load balancing backend services are configured to log HTTP(S) traffic.
To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, ensure that your load balancers are configured to use valid SSL/TLS certificates.
Target SSL proxy uses an SSL policy with insecure and/or deprecated ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, etc.
To prevent usage of insecure or deprecated TLS features, ensure that SSL policies associated with your HTTPS and SSL Proxy load balancers are configured with the Minimum TLS version set to TLS 1.2.
Target SSL proxy uses the default SSL policy, which is considered deprecated and insecure, as it supports a minimum TLS version of TLS 1.0.
To prevent usage of insecure or deprecated TLS features, ensure that SSL policies associated with your HTTPS and SSL Proxy load balancers are configured with the Minimum TLS version set to TLS 1.2.
Target HTTPs proxy uses an SSL policy with insecure and/or deprecated ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, etc.
To prevent usage of insecure or deprecated TLS features, ensure that SSL policies associated with your HTTPS and SSL Proxy load balancers are configured with the Minimum TLS version set to TLS 1.2.
Target HTTPs proxy uses an SSL policy with insecure and/or deprecated ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, etc.
To prevent usage of insecure or deprecated TLS features, ensure that SSL policies associated with your HTTPS and SSL Proxy load balancers are configured with the Minimum TLS version set to TLS 1.2.
Managed zone uses RSASHA1 algorithm for zone signing.
To prevent DNS hijacking or man in the middle attacks, ensure that your DNS managed zones have DNSSEC security feature enabled and are not using the RSASHA1 algorithm for zone signing.