GCP VPC Monitoring

Your network binds everything together

What we do?

Default VPC In Use

Determines whether the default VPC is being used for launching new services or artifacts. The default VPC should not be used in order to avoid launching multiple services in the same network which may not require connectivity. Each application, or network tier, should use its own VPC.

Addresses: Security

Additional Reading:

Excessive Firewall Rules

Ensure that no users have the KMS admin role and any one of the CryptoKey roles follows separation of duties, where no user have access to resources out of the scope of duty.

Addresses: Security

Additional Reading:

Private Access Enabled

Ensures Private Google Access is enabled for all Subnets. Private Google Access allows VM instances on a subnet to reach Google APIs and services without an IP address. This creates a more secure network for the internal communication.

Addresses: Security

Additional Reading:

Open VNC Server

Determines if TCP port 5900 for VNC Server is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as VNC Server should be restricted to known IP addresses.

Addresses: Security

Additional Reading:

Open VNC Client

Determines if TCP port 5500 for VNC Client is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as VNC Client should be restricted to known IP addresses.

Addresses: Security

Additional Reading:

Open Telnet

Determines if TCP port 23 for Telnet is open to the public.

Addresses: Security

Additional Reading:

Open SSH

Determines if TCP port 22 for FTP is open to the public.

Addresses: Security

Additional Reading:

Open Sql Server

Determines if TCP port 1433 or UDP port 1434 for SQL Server is open to the public.

Addresses: Security

Additional Reading:

Open SMTP

Determines if TCP port 25 for SMTP is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as SMTP should be restricted to known IP addresses.

Addresses: Security

Additional Reading:

Open SMBoTCP

Determines if TCP port 445 for Windows SMB over TCP is open to the public.

Addresses: Security

Additional Reading:

Open RPC

Determines if TCP port 135 for RPC is open to the public.

Addresses: Security

Additional Reading:

Open RDP

Determines if TCP port 3389 for RDP is open to the public

Addresses: Security

Additional Reading:

Open PostgreSQL

Determines if TCP port 5432 for PostgreSQL is open to the public

Addresses: Security

Additional Reading:

Open Oracle

Determines if TCP port 1521 for Oracle is open to the public

Addresses: Security

Additional Reading:

Open NetBIOS

Determines if UDP port 137 or 138 for NetBIOS is open to the public

Addresses: Security

Additional Reading:

Open MySql

Determines if TCP port 4333 or 3306 for MySQL is open to the public

Addresses: Security

Additional Reading:

Open Kibana

Determines if TCP port 5601 for Kibana is open to the public

Addresses: Security

Additional Reading:

Open Hadoop HDFS NameNode WebUI

Determines if TCP port 50070 and 50470 for Hadoop/HDFS NameNode WebUI service is open to the public

Addresses: Security

Additional Reading:

Open Hadoop HDFS NameNode Metadata Service

Determines if TCP port 8020 for HDFS NameNode metadata service is open to the public.

Addresses: Security

Additional Reading:

Open FTP

Determines if TCP port 20 or 21 for FTP is open to the public.

Addresses: Security

Additional Reading:

Open DNS

Determines if TCP or UDP port 53 for DNS is open to the public.

Addresses: Security

Additional Reading:

Open CIFS

Determines if UDP port 445 for CIFS is open to the public

Addresses: Security

Additional Reading:

Open All Ports

Determines if all ports are open to the public.

Addresses: Security

Additional Reading:

Flow Logs Enabled

Ensures VPC flow logs are enabled for traffic logging.

Addresses: Security

Additional Reading:

VPC Network Route Logging

Ensures that logging and log alerts exist for VPC network route changes.

Addresses: Security

Additional Reading:

VPC Network Logging

Ensures that logging and log alerts exist for VPC network changes.

Addresses: Security

Additional Reading:

VPC Firewall Rule Logging

Ensures that logging and log alerts exist for firewall rule changes.

Addresses: Security

Additional Reading: