Determines whether the default VPC is being used for launching new services or artifacts. The default VPC should not be used in order to avoid launching multiple services in the same network which may not require connectivity. Each application, or network tier, should use its own VPC.
Lists all the network interfaces resources from those instances that have default VPC in use.
Ensure that firewall rules are kept at a minimum
Ensures Private Google Access is enabled for all Subnets. Private Google Access allows VM instances on a subnet to reach Google APIs and services without an IP address. This creates a more secure network for the internal communication.
Determines if TCP port 5900 for VNC Server is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as VNC Server should be restricted to known IP addresses.
Determines if TCP port 5500 for VNC Client is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as VNC Client should be restricted to known IP addresses.
Determines if TCP port 23 for Telnet is open to the public.
Determines if TCP port 22 for SSH is open to the public.
Determines if TCP port 1433 or UDP port 1434 for SQL Server is open to the public.
Determines if TCP port 25 for SMTP is open to the public. While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as SMTP should be restricted to known IP addresses.
Determines if TCP port 445 for Windows SMB over TCP is open to the public.
Determines if TCP port 135 for RPC is open to the public.
Determines if TCP port 3389 for RDP is open to the public
Determines if TCP port 5432 for PostgreSQL is open to the public
Determines if TCP port 1521 for Oracle is open to the public
Determines if UDP port 137 or 138 for NetBIOS is open to the public
Determines if TCP port 4333 or 3306 for MySQL is open to the public
Determines if TCP port 5601 for Kibana is open to the public
Determines if TCP port 50070 and 50470 for Hadoop/HDFS NameNode WebUI service is open to the public
Determines if TCP port 8020 for HDFS NameNode metadata service is open to the public.
Determines if TCP port 20 or 21 for FTP is open to the public.
Determines if TCP or UDP port 53 for DNS is open to the public.
Determines if UDP port 445 for CIFS is open to the public
Determines if all ports are open to the public.
Ensures VPC flow logs are enabled for traffic logging.
Ensure that DNSSEC is enabled for Cloud DNS.
Ensure legacy networks do not exist for a project.
Ensure that RSASHA1 is not used for the key-signing key in Cloud DNS DNSSEC.
Ensure that RSASHA1 is not used for the zone-signing key in Cloud DNS DNSSEC.
Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites.