Ensure that your Google Cloud VPC network firewall rules don't have range of ports configured to allow inbound traffic, in order to protect associated virtual machine instances against Denial-of-Service (DoS) attacks or brute-force attacks. To follow cloud security best practices, it is strongly recommended to open only specific ports within your firewall rules, based on your application requirements.
VPC network firewall rules are used to filter network traffic to and from virtual machine instances running inside a virtual network. A Virtual Private Cloud (VPC) firewall contains security rules that allow or deny inbound network traffic to your VM instances. For each firewall rule, you can specify source, destination, port, and network protocol. Opening range of ports within your VPC network firewall rules is not a good practice because it can allow attackers to use port scanners and other probing techniques to identify services running on your instances and exploit their vulnerabilities.
To determine if your VPC network firewall rules are using range of ports to allow inbound traffic, perform the following operations:
Remediation / Resolution
To update your Google Cloud VPC network firewall rules configuration in order to restrict inbound access to specific ports only, perform the following operations:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for VPC Firewall Rules with Port Ranges
Risk level: Medium