Ensure that your Google Compute Engine instances are configured to use Shielded VM security feature for protection against rootkits and bootkits.Google Compute Engine service can enable 3 advanced security components for Shielded VM instances:
Virtual Trusted Platform Module (vTPM) - this component validates the guest virtual machine (VM) pre-boot and boot integrity, and provides key generation and protection.
Integrity Monitoring - lets you monitor and verify the runtime boot integrity of your shielded VM instances using Google Cloud Operations reports (also known as Stackdriver reports).
Secure boot helps - this security component protects your VM instances against boot-level and kernel-level malware and rootkits.
Enable Shielded VM security feature to help protect production workloads from cybersecurity threats like remote attacks, privilege escalation, and malicious actors. Shielded virtual machines (VMs) leverage advanced platform security capabilities such as secure and measured boot, a Virtual Trusted Platform Module (vTPM), UEFI firmware, and integrity monitoring. To defend against advanced threats and ensure that the boot loader and firmware on your Google Compute Engine instances are signed and untampered, it is strongly recommended that your production instances are launched with Shielded VM enabled.
To determine if your virtual machine (VM) instances are protected by Shielded VM feature, perform the following operations:
Remediation / Resolution
To enable and configure Shielded VM security feature in order to protect your Google Cloud VM instances against advanced security threats, perform the following operations:
- CIS Security Documentation
- Securing Google Cloud Computing Platform
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable "Shielded VM" Security Feature
Risk level: Medium