Ensure that Google Cloud VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 5432 in order to implement the Principle of Least Privilege (POLP) and significantly reduce the attack surface for the virtual machine (VM) instances associated with the firewall rules. TCP port 5432 is used by the PostgreSQL Database Server, an open source object-relational database system (RDBMS) well known for reliability, feature robustness, and performance.
Allowing unrestricted inbound access on TCP port 5432 (PostgreSQL Database) via VPC network firewall rules can increase opportunities for malicious activities such as hacking, brute-force attacks, DDoS, and SQL injection attacks.
To determine if your Google Cloud VPC firewall rules allow unrestricted access on TCP port 5432, perform the following operations:
Remediation / Resolution
To update your VPC network firewall rules configuration in order to restrict PostgreSQL Database Server access to trusted, authorized IP addresses or IP ranges only, perform the following operations:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unrestricted PostgreSQL Database Access
Risk level: High