Sprinto Dashboard

How to resolve Sprinto check for protecting GCP Compute Instance from direct internet traffic

About

Sprinto Check: GCP Compute instance should be protected from direct internet traffic

Ensuring the security of GCP Cloud Instances involves multiple considerations, including firewall rules, specific port connections, target tags, and source IP restrictions. This article provides a comprehensive guide on how to address the Sprinto check for protecting GCP Cloud Instances from direct internet traffic, covering key points such as firewall rules, port 22 connections, target tags, and source IP restrictions.

Purpose

The purpose of the Sprinto check for GCP Cloud Instance Protection from Direct Internet Traffic is to enhance security by implementing measures to safeguard virtual machines from unauthorized access. The implementation focuses on the following key aspects:

  • Firewall Rule Enablement: Ensure appropriate firewall rules are in place to control traffic to and from GCP Cloud Instances.

  • Port 22 Connection Verification: Confirm the presence of port 22 connections and assess their necessity for SSH access.

  • Target Tags Identification: Verify the existence of target tags associated with the respective compute instance, aiding in identifying applicable firewall rules.

  • Source IP Restrictions: Ensure that source IP restrictions are configured, preventing unrestricted access (0.0.0.0).

How to Implement

To address the Sprinto check and implement protection measures for GCP Cloud Instances, follow the steps below, covering firewall rules, port 22 connections, target tags, and source IP restrictions:

Before you Begin

  • Ensure you are permitted to modify firewall rules and GCP Cloud Instance settings.

  • Log in to Sprinto as an administrator.

Protection Implementation

  1. Log in to the GCP Cloud Console using your credentials.

  2. Navigate to the left-hand menu and select VPC Network > Firewall.

  3. Ensure that the necessary firewall rules are enabled, allowing required traffic for your GCP Cloud Instances.

  4. Confirm the presence of port 22 connections if required for SSH access.

  5. Verify that the target tags associated with the compute instance are present to identify applicable firewall rules.

  6. For source IP restrictions, review and adjust the firewall rules to ensure that the source IPs do not match 0.0.0.0.

  7. Click Save to apply any changes.

Upon completion of these steps, Sprinto fetches the configuration changes and updates the GCP Cloud Instance should be protected from direct internet traffic check status to "Passing."

For additional support or clarification regarding the Sprinto check, please get in touch with Sprinto Support. We are available to assist with any further inquiries or guidance.

PreviousHow to resolve Sprinto check for protecting GCP Cloud SQL from direct internet trafficNextHow to resolve Sprinto check for reporting staff device health status