GCP VPC Network
Overview
Critical
2High
4Medium
60Low
2Informational
0Security issues (68)
Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|---|---|
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-east1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | us-east1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-east4 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | us-east4 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-west1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | us-west1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-west2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | us-west2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-west3 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | us-west3 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-west4 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | us-west4 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-central1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | northamerica-northeast1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | northamerica-northeast1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | northamerica-northeast2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | northamerica-northeast2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | southamerica-east1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | southamerica-east1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | southamerica-west1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | southamerica-west1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | europe-west1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | europe-west2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west3 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | europe-west3 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west4 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | europe-west4 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west6 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | europe-west6 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-north1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | europe-north1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-central2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | europe-central2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-south1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-south1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-south2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-south2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-southeast1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-southeast1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-southeast2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-southeast2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-east1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-east1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-east2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-east2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-northeast1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-northeast1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-northeast2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-northeast2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-northeast3 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | asia-northeast3 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | australia-southeast1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | australia-southeast1 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | — | australia-southeast1 | vpc-subnetwork-test | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | australia-southeast2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
Medium | — | australia-southeast2 | default | VPC subnet does not have Private Google Access enabled. | To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. | More info | |
Medium | CIS 3.1 | global | default | Default VPC network is in use by 7 compute VM instances. | To follow best security practices and networking requirements, make sure your projects are not using the default Virtual Private Cloud (VPC) network. | More info | |
Low | CIS 2.12 | global | default | VPC network does not have DNS logging enabled. | To follow best security practices and networking requirements, make sure your VPC Networks use DNS Server Policy with logging enabled. | More info | |
Medium | — | global | default | VPC network has firewall metadata logging enabled. | To reduce the size of the log files and optimize cloud storage costs, ensure that VPC firewall logging is not configured to include logging metadata. | More info | |
Low | CIS 2.12 | global | vpc-network-test | VPC network does not have DNS logging enabled. | To follow best security practices and networking requirements, make sure your VPC Networks use DNS Server Policy with logging enabled. | More info | |
High | CIS 3.7 | global | default-allow-rdp | VPC firewall rules allow unrestricted inbound/ingress access on TCP port 3389 (RDP). | To reduce the attack surface for the VM instances associated with the firewall rules, ensure that your VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 (RDP). | More info | |
High | CIS 3.6 | global | default-allow-ssh | VPC firewall rules allow unrestricted inbound/ingress access on TCP port 22 (SSH). | To reduce the attack surface for the VM instances associated with the firewall rules, ensure that your VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 (SSH). | More info | |
Critical | CIS 3.6 CIS 3.7 | global | gke-cluster-1-9c94fdab-vms | VPC firewall rules define all ports open to the public. | To protect VM instances against DoS or brute-force attacks, ensure that your VPC network firewall rules don't have all ports open to the public. | More info | |
High | CIS 3.6 | global | vpc-network-test-allow-ssh | VPC firewall rules allow unrestricted inbound/ingress access on TCP port 22 (SSH). | To reduce the attack surface for the VM instances associated with the firewall rules, ensure that your VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 (SSH). | More info | |
Critical | CIS 3.6 CIS 3.7 | global | vpc-network-open | VPC firewall rules define all ports open to the public. | To protect VM instances against DoS or brute-force attacks, ensure that your VPC network firewall rules don't have all ports open to the public. | More info | |
High | — | global | vpc-network-open-custom | VPC firewall rules allow unrestricted inbound/ingress access on TCP port 1433 (SQL Server). | To reduce the attack surface for the VM instances associated with the firewall rules, ensure that your VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 1433 (SQL Server). | More info |
Subnets (30)
Subnet | Region | Created | Gateway | Private Google access | Security issues |
---|---|---|---|---|---|
default | us-east1 | 10.142.0.1 | Off | 2 Medium (details) | |
default | us-east4 | 10.150.0.1 | Off | 2 Medium (details) | |
default | us-west1 | 10.138.0.1 | Off | 2 Medium (details) | |
default | us-west2 | 10.168.0.1 | Off | 2 Medium (details) | |
default | us-west3 | 10.180.0.1 | Off | 2 Medium (details) | |
default | us-west4 | 10.182.0.1 | Off | 2 Medium (details) | |
default | us-central1 | 10.128.0.1 | On | 1 Medium (details) | |
default | northamerica-northeast1 | 10.162.0.1 | Off | 2 Medium (details) | |
default | northamerica-northeast2 | 10.188.0.1 | Off | 2 Medium (details) | |
default | southamerica-east1 | 10.158.0.1 | Off | 2 Medium (details) | |
default | southamerica-west1 | 10.194.0.1 | Off | 2 Medium (details) | |
default | europe-west1 | 10.132.0.1 | Off | 2 Medium (details) | |
default | europe-west2 | 10.154.0.1 | Off | 2 Medium (details) | |
default | europe-west3 | 10.156.0.1 | Off | 2 Medium (details) | |
default | europe-west4 | 10.164.0.1 | Off | 2 Medium (details) | |
default | europe-west6 | 10.172.0.1 | Off | 2 Medium (details) | |
default | europe-north1 | 10.166.0.1 | Off | 2 Medium (details) | |
default | europe-central2 | 10.186.0.1 | Off | 2 Medium (details) | |
default | asia-south1 | 10.160.0.1 | Off | 2 Medium (details) | |
default | asia-south2 | 10.190.0.1 | Off | 2 Medium (details) | |
default | asia-southeast1 | 10.148.0.1 | Off | 2 Medium (details) | |
default | asia-southeast2 | 10.184.0.1 | Off | 2 Medium (details) | |
default | asia-east1 | 10.140.0.1 | Off | 2 Medium (details) | |
default | asia-east2 | 10.170.0.1 | Off | 2 Medium (details) | |
default | asia-northeast1 | 10.146.0.1 | Off | 2 Medium (details) | |
default | asia-northeast2 | 10.174.0.1 | Off | 2 Medium (details) | |
default | asia-northeast3 | 10.178.0.1 | Off | 2 Medium (details) | |
default | australia-southeast1 | 10.152.0.1 | Off | 2 Medium (details) | |
vpc-subnetwork-test | australia-southeast1 | 10.0.0.1 | Off | 1 Medium (details) | |
default | australia-southeast2 | 10.192.0.1 | Off | 2 Medium (details) |
Firewalls (13)
Firewall | Firewall type | Logs | Priority | Targets | IP range | Network | Protocol ports | Security issues |
---|---|---|---|---|---|---|---|---|
api-server | Ingress | On | 1000 | Apply to all | 10.138.0.2 | default | tcp:8090 | — |
default-allow-http | Ingress | Off | 1000 | http-server | 0.0.0.0/0 | default | tcp:80 | — |
default-allow-https | Ingress | Off | 1000 | https-server | 0.0.0.0/0 | default | tcp:443 | — |
default-allow-icmp | Ingress | Off | 65534 | Apply to all | 0.0.0.0/0 | default | icmp | — |
default-allow-internal | Ingress | Off | 65534 | Apply to all | 10.128.0.0/9 | default | tcp:0-65535, udp:0-65535, icmp | — |
default-allow-rdp | Ingress | Off | 65534 | Apply to all | 0.0.0.0/0 | default | tcp:3389 | 1 High (details) |
default-allow-ssh | Ingress | Off | 65534 | Apply to all | 0.0.0.0/0 | default | tcp:22 | 1 High (details) |
gke-cluster-1-9c94fdab-all | Ingress | Off | 1000 | gke-cluster-1-9c94fdab-node | 10.4.0.0/14 | default | ah, sctp, tcp, udp, icmp, esp | — |
gke-cluster-1-9c94fdab-ssh | Ingress | Off | 1000 | gke-cluster-1-9c94fdab-node | 35.239.63.247/32 | default | tcp:22 | — |
gke-cluster-1-9c94fdab-vms | Ingress | Off | 1000 | gke-cluster-1-9c94fdab-node | 0.0.0.0/0 | default | icmp, tcp:0-65535, udp:0-65535 | 1 Critical (details) |
vpc-network-test-allow-ssh | Ingress | Off | 65534 | Apply to all | 0.0.0.0/0 | vpc-network-test | tcp:22 | 1 High (details) |
vpc-network-open | Ingress | Off | 65534 | Apply to all | 0.0.0.0/0 | vpc-network-open | tcp:0-65535 | 1 Critical (details) |
vpc-network-open-custom | Ingress | Off | 65534 | Apply to all | 0.0.0.0/0 | vpc-network-open-custom | tcp:1433 | 1 High (details) |