Ensure That the Default Network Does Not Exist in a Project
The default network has automatically created firewall rules and has default configurations. It is recommended to create your network and delete the default network.
Risk Level: Medium
Cloud Entity: GCP VPC Network
CloudGuard Rule ID: D9.GCP.NET.20
Covered by Spectral: Yes
Category: Networking & Content Delivery
GSL LOGIC
Network should not have name='default'
REMEDIATION
From Portal
- Go to VPC networks https://console.cloud.google.com/networking/networks
- Click the network named 'default'
- Click DELETE VPC NETWORK
From TF
Set the auto_create_network to be equal to false:
resource 'google_project' 'my_project' {
...
auto_create_network = false
...
}
From Command Line
Run
gcloud compute networks delete default
References
- https://cloud.google.com/compute/docs/networking#firewall_rules
- https://cloud.google.com/compute/docs/reference/latest/networks/insert
- https://cloud.google.com/compute/docs/reference/latest/networks/delete
GCP VPC Network
A VPC network, sometimes just called a ���network,��� is a virtual version of a physical network, like a data center network. It provides connectivity for your Compute Engine virtual machine (VM) instances, Kubernetes Engine clusters, App Engine Flex instances, and other resources in your project.
Projects can contain multiple VPC networks. New projects start with a default network that has one subnet in each region (an auto mo
Compliance Frameworks
- CloudGuard GCP All Rules Ruleset
- GCP CIS Controls V 8
- GCP CIS Foundations v. 1.0.0
- GCP CIS Foundations v. 1.1.0
- GCP CIS Foundations v. 1.2.0
- GCP CIS Foundations v. 1.3.0
- GCP CIS Foundations v. 2.0
- GCP CloudGuard Best Practices
- GCP CloudGuard CheckUp
- GCP CloudGuard Network Security
- GCP GDPR Readiness
- GCP HIPAA
- GCP ISO 27001:2013
- GCP LGPD regulation
- GCP MITRE ATT&CK Framework v12.1
- GCP NIST 800-53 Rev 4
- GCP NIST 800-53 Rev 5
- GCP NIST CSF v1.1
- GCP PCI-DSS 3.2
Updated over 1 year ago