Ensure that your Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) to any uncommon ports in order to protect against attackers that use brute force methods to gain access to the virtual machine instances associated with these firewall rules. An uncommon port can be any TCP/UDP port that is not included in the common service ports category, i.e. other than the commonly used ports such as 80 (HTTP), 443 (HTTPS), 20/21 (FTP), 22 (SSH), 23 (Telnet), 53 (DNS), 3389 (RDP), 25/465/587 (SMTP), 3306 (MySQL), 5432 (PostgreSQL), 1521 (Oracle Database), 1433 (SQL Server), 135 (RPC), and 137/138/139/445 (SMB/CIFS).
Allowing unrestricted (0.0.0.0/0) inbound access to uncommon ports via VPC network firewall rules can increase opportunities for malicious activities such as hacking, data capture, and all kinds of attacks (brute-force attacks, man-in-the-middle attack, Denial-of-Service attacks, etc).
To determine if your Google Cloud VPC firewall rules allow unrestricted ingress access to uncommon TCP/UDP ports, perform the following operations:
Remediation / Resolution
To update your VPC network firewall rules configuration in order to restrict access on uncommon TCP/UDP ports to trusted, authorized IP addresses or IP ranges only, perform the following operations:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Check for Unrestricted Inbound Access on Uncommon Ports
Risk level: High