Risk Level
Medium
Description
This plugin ensures VPC flow logs are enabled for traffic logging. VPC flow logs record all traffic flowing in to and out of a VPC. These logs are critical for auditing and review after security incidents.
About the Service:
Google Cloud VPC:
According to Google definitions, VPC which stands for a Virtual Private Network is a virtual version of a physical layer, implemented inside of Google’s Production Network, using Andromeda. The Virtual Private Network offers various features including, connectivity for your Compute Engine Virtual Machine (VM) instances, Google Kubernetes Engine (GKE) clusters, etc. It helps to load balancing and proxy systems for internal system affairs. It even allows assistance in the traffic from Google Cloud external load to backends. Users can have the advantage of containing multiple VPC Networks over a single GCP Project. Various default features are already enabled with VPC Networks, for instance, logging metadata is incorporated into your Virtual Private Cloud (VPC) firewall log files. Click here to read more about Google Cloud VPC Networks.
Impact:
When an account is setup in Google CLoud Platform services, by default the VPC Flow Logs include is debilitated or disabled when another VPC network subnet is made. Once empowered, VPC Flow Logs will begin gathering network traffic information to and from your Virtual Private Cloud (VPC) subnets, logging information that can be valuable for understanding organization utilization, network traffic cost advancement, network criminology, and constant security investigation. To upgrade Google Cloud VPC network perceivability and security it is firmly prescribed to empower Flow Logs for each business-basic or creation VPC subnet. So as to solve the issue a plugin is required. This plugin is made to ensure that VPC flow logs are enabled for traffic logging. VPC flow logs record all traffic flowing in to and out of a VPC. These logs are critical for auditing and review after security incidents.
Steps to Reproduce:
Using GCP Console-
In order to ensure if Virtual Private Cloud Flow Logs is enabled or authorized for all the VPC network subnets in your GCP Project, follow the steps mentioned below:
- Firstly, use the administrator account for signing up to Google Cloud Platform Console.
- Now, from the top navigation bar, select the GCP Project you want to investigate in.
- From the Navigation Menu on the left, you may find Networking section.
- Click on the VPC Network subsection under Networking.
- Under the VPC Network navigation panel, you may find VPC Networks as shown in the figure below.
- Click on VPC Networks navigation link and a VPC Networks dashboard will appear on the screen. Click to open directly from here.
- A list of all the VPC Networks will be displayed on the screen with the details about each of them. Click and open the VPC Network from the list, you want to examine.
- Once you click, a page will open for your selected VPC Network. Check out the Flow Logs section available over there.
- If you find one or more subnets have the Flow Logs configuration settings put down to OFF, then the VPC Flow Logs feature is not authorized or enabled for every subnet of that GCP Project.
- This way you can check out if Virtual Private Cloud Flow Logs is enabled or authorized for all the VPC network subnets in your GCP Project.
- Repeat the steps from 7 to 9 for other VPC subnets available in the selected VPC Network.
- Repeat the steps mentioned above for reviewing accounts in other folders/projects associated with other GCP organizations deployed within your record.
Steps for Remediation:
Using GCP Console
In order to enable or authorize the Virtual Private Clouds Flow Logs for all the VPC network subnets in your GCP Project, follow the steps mentioned below:
- Firstly, use the administrator account for signing up to Google Cloud Platform Console.
- Now, from the top navigation bar, select the GCP Project you want to investigate.
- From the Navigation Menu on the left, you may find the Networking section.
- Click on the VPC Network subsection under Networking.
- Under the VPC Network navigation panel, you may find VPC Networks as shown in the figure below.
- Click on VPC Networks navigation link and a VPC Networks dashboard will appear on the screen. Click to open directly from here.
- A list of all the VPC Networks will be displayed on the screen with the details about each of them. Click and open the VPC Network from the list, you want to examine.
- Once you click on the name of VPC Subnet under the Subnet Column, of which you want to configure the settings, a new page will appear with all the details about that VPN Subnet.
- On that VPC Network subnet information page, click on the Edit (Pencil) button available at the uppermost menu to reconfigure the settings.
- On the editing page, scroll down to find the Flow Logs option. By default, it has been set to OFF. You need to change the Flow Logs to ON mode. This will enable VPC Flow Logs to collect data from VM instances deployed within the subnet.
- After ensuring your edited options, click on SAVE Button to apply changes and go back to the previous page.
- Repeat the steps from 7 to 11 for other VPC subnets available in selected VPC Network.
- You may repeat the above steps for other GCP Projects under your organization.