Ensure that your Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) to any uncommon ports in order to protect against attackers that use brute force methods to gain access to the virtual machine instances associated with these firewall rules. An uncommon port can be any TCP/UDP port that is not included in the common service ports category, i.e. other than the commonly used ports such as 80 (HTTP), 443 (HTTPS), 20/21 (FTP), 22 (SSH), 23 (Telnet), 53 (DNS), 3389 (RDP), 25/465/587 (SMTP), 3306 (MySQL), 5432 (PostgreSQL), 1521 (Oracle Database), 1433 (SQL Server), 135 (RPC), and 137/138/139/445 (SMB/CIFS).
Allowing unrestricted (0.0.0.0/0) inbound access to uncommon ports via VPC network firewall rules can increase opportunities for malicious activities such as hacking, data capture, and all kinds of attacks (brute-force attacks, man-in-the-middle attack, Denial-of-Service attacks, etc).
Audit
To determine if your Google Cloud VPC firewall rules allow unrestricted ingress access to uncommon TCP/UDP ports, perform the following operations:
Remediation / Resolution
To update your VPC network firewall rules configuration in order to restrict access on uncommon TCP/UDP ports to trusted, authorized IP addresses or IP ranges only, perform the following operations:
References
- Google Cloud Platform (GCP) Documentation
- VPC firewall rules overview
- Using firewall rules
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud compute networks list
- gcloud compute firewall-rules list
- gcloud beta compute firewall-rules update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unrestricted Inbound Access on Uncommon Ports
Risk Level: High