• GCP VPC

Monitor your GCP VPC and Network configuration.

Security

Default VPC In Use
Determines whether the default VPC is being used for launching new services or artifacts. The default VPC should not be used in order to avoid launching multiple services in the same network which may not require connectivity. Each application, or network tier, should use its own VPC.

Excessive Firewall Rules
Ensure that no users have the KMS admin role and any one of the CryptoKey roles follows separation of duties, where no user have access to resources out of the scope of duty.

Private Access Enabled
Ensures Private Google Access is enabled for all Subnets. Private Google Access allows VM instances on a subnet to reach Google APIs and services without an IP address. This creates a more secure network for the internal communication.

Open VNC Server
Determines if TCP port 5900 for VNC Server is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as VNC Server should be restricted to known IP addresses.

Open VNC Client
Determines if TCP port 5500 for VNC Client is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as VNC Client should be restricted to known IP addresses.

Open Telnet
Determines if TCP port 23 for Telnet is open to the public.

Open SSH
Determines if TCP port 22 for FTP is open to the public.

Open Sql Server
Determines if TCP port 1433 or UDP port 1434 for SQL Server is open to the public.

Open SMTP
Determines if TCP port 25 for SMTP is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as SMTP should be restricted to known IP addresses.

Open SMBoTCP
Determines if TCP port 445 for Windows SMB over TCP is open to the public.

Open RPC
Determines if TCP port 135 for RPC is open to the public.

Open RDP
Determines if TCP port 3389 for RDP is open to the public

Open PostgreSQL
Determines if TCP port 5432 for PostgreSQL is open to the public

Open Oracle
Determines if TCP port 1521 for Oracle is open to the public

Open NetBIOS
Determines if UDP port 137 or 138 for NetBIOS is open to the public

Open MySql
Determines if TCP port 4333 or 3306 for MySQL is open to the public

Open Kibana
Determines if TCP port 5601 for Kibana is open to the public

Open Hadoop HDFS NameNode WebUI
Determines if TCP port 50070 and 50470 for Hadoop/HDFS NameNode WebUI service is open to the public

Open Hadoop HDFS NameNode Metadata Service
Determines if TCP port 8020 for HDFS NameNode metadata service is open to the public.

Open FTP
Determines if TCP port 20 or 21 for FTP is open to the public.

Open DNS
Determines if TCP or UDP port 53 for DNS is open to the public.

Open CIFS
Determines if UDP port 445 for CIFS is open to the public

Open All Ports
Determines if all ports are open to the public.

Flow Logs Enabled
Ensures VPC flow logs are enabled for traffic logging.

VPC Network Route Logging
Ensures that logging and log alerts exist for VPC network route changes.

VPC Network Logging
Ensures that logging and log alerts exist for VPC network changes.

VPC Firewall Rule Logging
Ensures that logging and log alerts exist for firewall rule changes.

Sources

https://www.cloudanix.com/recipelist/gcp/gcpvpcmonitoring
https://cloud.google.com/vpc/docs/vpc
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/configure-private-google-access
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/logging/docs/logs-based-metrics/
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-firewalls
https://cloud.google.com/vpc/docs/using-flow-logs
https://cloud.google.com/logging/docs/logs-based-metrics
https://cloud.google.com/logging/docs/logs-based-metrics
https://cloud.google.com/logging/docs/logs-based-metrics/

Help Us Improve!

If you have any suggestions to improve this checklist, please let us know by filling out this form.