GCP-VPCNetwork-Open-SSH

Severity: High

Description: This control ensures that SSH access is restricted from the internet. GCP Firewall Rules are specific to a VPC Network. Each rule either allows or denies traffic when its conditions are met. Its conditions allow you to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Generic (0.0.0.0/0) incoming traffic from internet to VPC or VM instance using SSH on Port 22 can be avoided.

Remediation Steps:

Perform following to remove default network from project:

1. Sign in to GCP Console https://console.cloud.google.com.

2. Go to VPC network list in GCP Console by visiting networking list.

3. Go to the Firewall Rules.

4. Click the Firewall Rule you want to modify.

5. Click on EDIT button

6. Modify Source IP ranges to IP

7. Click on Save.

Important:

The check is applicable only for Firewall rules with direction INGRESS

Reference:

• CIS reference: Google Cloud Platform Foundation Benchmark v1.1.0 - 03-12-2020: Recommendation #3.6

• https://cloud.google.com/vpc/docs/firewalls#blockedtraffic