Default network exposes the project to external attacks
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | LOW | Google Cloud Provider | NETWORK |
Description
The default network generated by Google Cloud has insecure firewall rules, opening several ports to anyone on the internet.
- Ports 22 (SSH), 3389 (RDP) and ICMP are open to any source.
- All ports are open to any instance in the same network.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Having open ports means anyone can try and connect to the asset.
- If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks (DDoS).
- If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.
Remediation guidelines
Delete the default network for the project. If necessary, create a new network with rules granting access to trusted sources only.
For more information on configuring firewalls, refer to Best practices for firewall rules