GCP VPC Network

Overview
Critical
2
High
4
Medium
60
Low
2
Informational
0
Security issues (68)
Severity Non-Compliance Region Resource Issue Remediation Read more Action
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) us-east1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium us-east1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) us-east4 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium us-east4 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) us-west1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium us-west1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) us-west2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium us-west2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) us-west3 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium us-west3 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) us-west4 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium us-west4 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) us-central1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) northamerica-northeast1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium northamerica-northeast1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) northamerica-northeast2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium northamerica-northeast2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) southamerica-east1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium southamerica-east1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) southamerica-west1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium southamerica-west1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) europe-west1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium europe-west1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) europe-west2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium europe-west2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) europe-west3 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium europe-west3 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) europe-west4 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium europe-west4 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) europe-west6 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium europe-west6 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) europe-north1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium europe-north1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) europe-central2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium europe-central2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-south1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-south1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-south2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-south2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-southeast1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-southeast1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-southeast2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-southeast2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-east1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-east1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-east2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-east2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-northeast1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-northeast1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-northeast2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-northeast2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) asia-northeast3 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium asia-northeast3 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) australia-southeast1 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium australia-southeast1 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium australia-southeast1 vpc-subnetwork-test VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.8 PCI DSS 10.2 HIPAA (Audit) australia-southeast2 default VPC subnet has VPC flow logs disabled. To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. More info
Medium australia-southeast2 default VPC subnet does not have Private Google Access enabled. To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets. More info
Medium CIS 3.1 global default Default VPC network is in use by 7 compute VM instances. To follow best security practices and networking requirements, make sure your projects are not using the default Virtual Private Cloud (VPC) network. More info
Low CIS 2.12 global default VPC network does not have DNS logging enabled. To follow best security practices and networking requirements, make sure your VPC Networks use DNS Server Policy with logging enabled. More info
Medium global default VPC network has firewall metadata logging enabled. To reduce the size of the log files and optimize cloud storage costs, ensure that VPC firewall logging is not configured to include logging metadata. More info
Low CIS 2.12 global vpc-network-test VPC network does not have DNS logging enabled. To follow best security practices and networking requirements, make sure your VPC Networks use DNS Server Policy with logging enabled. More info
High CIS 3.7 global default-allow-rdp VPC firewall rules allow unrestricted inbound/ingress access on TCP port 3389 (RDP). To reduce the attack surface for the VM instances associated with the firewall rules, ensure that your VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 (RDP). More info
High CIS 3.6 global default-allow-ssh VPC firewall rules allow unrestricted inbound/ingress access on TCP port 22 (SSH). To reduce the attack surface for the VM instances associated with the firewall rules, ensure that your VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 (SSH). More info
Critical CIS 3.6 CIS 3.7 global gke-cluster-1-9c94fdab-vms VPC firewall rules define all ports open to the public. To protect VM instances against DoS or brute-force attacks, ensure that your VPC network firewall rules don't have all ports open to the public. More info
High CIS 3.6 global vpc-network-test-allow-ssh VPC firewall rules allow unrestricted inbound/ingress access on TCP port 22 (SSH). To reduce the attack surface for the VM instances associated with the firewall rules, ensure that your VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 (SSH). More info
Critical CIS 3.6 CIS 3.7 global vpc-network-open VPC firewall rules define all ports open to the public. To protect VM instances against DoS or brute-force attacks, ensure that your VPC network firewall rules don't have all ports open to the public. More info
High global vpc-network-open-custom VPC firewall rules allow unrestricted inbound/ingress access on TCP port 1433 (SQL Server). To reduce the attack surface for the VM instances associated with the firewall rules, ensure that your VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 1433 (SQL Server). More info
VPC Networks (2)
VPC Network Description Created MTU Subnets Security issues
defaultDefault network for the project default 2 Medium + 1 other (details)
vpc-network-test 1,460vpc-subnetwork-test 1 Low (details)
Subnets (30)
Subnet Region Created Gateway Private Google access Security issues
defaultus-east1 10.142.0.1Off 2 Medium (details)
defaultus-east4 10.150.0.1Off 2 Medium (details)
defaultus-west1 10.138.0.1Off 2 Medium (details)
defaultus-west2 10.168.0.1Off 2 Medium (details)
defaultus-west3 10.180.0.1Off 2 Medium (details)
defaultus-west4 10.182.0.1Off 2 Medium (details)
defaultus-central1 10.128.0.1On 1 Medium (details)
defaultnorthamerica-northeast1 10.162.0.1Off 2 Medium (details)
defaultnorthamerica-northeast2 10.188.0.1Off 2 Medium (details)
defaultsouthamerica-east1 10.158.0.1Off 2 Medium (details)
defaultsouthamerica-west1 10.194.0.1Off 2 Medium (details)
defaulteurope-west1 10.132.0.1Off 2 Medium (details)
defaulteurope-west2 10.154.0.1Off 2 Medium (details)
defaulteurope-west3 10.156.0.1Off 2 Medium (details)
defaulteurope-west4 10.164.0.1Off 2 Medium (details)
defaulteurope-west6 10.172.0.1Off 2 Medium (details)
defaulteurope-north1 10.166.0.1Off 2 Medium (details)
defaulteurope-central2 10.186.0.1Off 2 Medium (details)
defaultasia-south1 10.160.0.1Off 2 Medium (details)
defaultasia-south2 10.190.0.1Off 2 Medium (details)
defaultasia-southeast1 10.148.0.1Off 2 Medium (details)
defaultasia-southeast2 10.184.0.1Off 2 Medium (details)
defaultasia-east1 10.140.0.1Off 2 Medium (details)
defaultasia-east2 10.170.0.1Off 2 Medium (details)
defaultasia-northeast1 10.146.0.1Off 2 Medium (details)
defaultasia-northeast2 10.174.0.1Off 2 Medium (details)
defaultasia-northeast3 10.178.0.1Off 2 Medium (details)
defaultaustralia-southeast1 10.152.0.1Off 2 Medium (details)
vpc-subnetwork-testaustralia-southeast1 10.0.0.1Off 1 Medium (details)
defaultaustralia-southeast2 10.192.0.1Off 2 Medium (details)
Firewalls (13)
Firewall Firewall type Logs Priority Targets IP range Network Protocol ports Security issues
api-serverIngressOn1000Apply to all10.138.0.2defaulttcp:8090
default-allow-httpIngressOff1000http-server0.0.0.0/0defaulttcp:80
default-allow-httpsIngressOff1000https-server0.0.0.0/0defaulttcp:443
default-allow-icmpIngressOff65534Apply to all0.0.0.0/0defaulticmp
default-allow-internalIngressOff65534Apply to all10.128.0.0/9defaulttcp:0-65535, udp:0-65535, icmp
default-allow-rdpIngressOff65534Apply to all0.0.0.0/0defaulttcp:3389 1 High (details)
default-allow-sshIngressOff65534Apply to all0.0.0.0/0defaulttcp:22 1 High (details)
gke-cluster-1-9c94fdab-allIngressOff1000gke-cluster-1-9c94fdab-node10.4.0.0/14defaultah, sctp, tcp, udp, icmp, esp
gke-cluster-1-9c94fdab-sshIngressOff1000gke-cluster-1-9c94fdab-node35.239.63.247/32defaulttcp:22
gke-cluster-1-9c94fdab-vmsIngressOff1000gke-cluster-1-9c94fdab-node0.0.0.0/0defaulticmp, tcp:0-65535, udp:0-65535 1 Critical (details)
vpc-network-test-allow-sshIngressOff65534Apply to all0.0.0.0/0vpc-network-testtcp:22 1 High (details)
vpc-network-openIngressOff65534Apply to all0.0.0.0/0vpc-network-opentcp:0-65535 1 Critical (details)
vpc-network-open-customIngressOff65534Apply to all0.0.0.0/0vpc-network-open-customtcp:1433 1 High (details)