Ensure that Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP ports 20 and 21 in order to protect against attackers that use brute force methods to gain access to the virtual machine (VM) instances associated with the firewall rules. TCP ports 20 and 21 are used for data transfer and communication by the File Transfer Protocol (FTP) client-server applications.
Allowing unrestricted FTP access to your Google Cloud virtual machine (VM) instances via VPC network firewall rules can increase opportunities for malicious activities such as brute-force attacks, FTP bounce attacks, spoofing, and packet capture attacks.
To determine if your Google Cloud VPC firewall rules allow unrestricted access on TCP ports 20 and 21, perform the following operations:
Remediation / Resolution
To update your VPC network firewall rules configuration in order to restrict File Transfer Protocol (FTP) access to trusted, authorized IP addresses or IP ranges only, perform the following operations:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unrestricted FTP Access
Risk level: High