Legacy Networks Should Not Be Used

More Info:

Ensure legacy networks do not exist for a project.

Risk Level

Medium

Address

Security

Compliance Standards

CISGCP, CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the “Legacy Networks Should Not Be Used” misconfiguration in GCP using GCP CLI, follow these steps:

Open the GCP Cloud Shell by clicking on the Activate Cloud Shell button on the top right corner of the GCP Console.
Run the following command to list all the VPC networks in your project:
```
gcloud compute networks list
```
Identify the legacy network(s) in the list. Legacy networks are identified by the “LEGACY” network type.
Delete the legacy network(s) using the following command:
```
gcloud compute networks delete [LEGACY_NETWORK_NAME]
```
Replace [LEGACY_NETWORK_NAME] with the name of the legacy network you want to delete.
Confirm the deletion by typing “y” when prompted.

Note: Deleting a VPC network deletes all the subnets, routes, and firewall rules associated with the network. Therefore, make sure to review the network configuration and any dependencies before deleting it.

Using Python

To remediate the misconfiguration “Legacy Networks Should Not Be Used” in GCP using Python, you can follow the below steps:Step 1: Install the required packages:

pip install google-cloud-compute

Step 2: Authenticate with GCP using the below command:

export GOOGLE_APPLICATION_CREDENTIALS=/path/to/your/credentials.json

Step 3: Write a Python script to remediate the misconfiguration:

from google.cloud import compute_v1

# Create a client object for Compute Engine API
compute_client = compute_v1.ComputeClient()

# Get the list of networks
networks = compute_client.networks().list(project="your-project-id", region="your-region").execute()

# Loop through the networks and check if any of them are legacy networks
for network in networks["items"]:
    if network["kind"] == "compute#network" and "legacy" in network["name"]:
        # If the network is a legacy network, delete it
        compute_client.networks().delete(project="your-project-id", network=network["name"]).execute()
        print("Legacy network {} has been deleted.".format(network["name"]))

Step 4: Replace “your-project-id” and “your-region” with your actual project ID and region where the legacy networks are located.Step 5: Run the Python script to delete all the legacy networks in the specified project and region.Note: Before deleting any network, make sure that it is not being used by any resources in your project.

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Legacy Networks Should Not Be Used

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation