Typically, these system-level entities use the first serial port (port 1) and serial port 1 is often referred to as the serial console. The instance's operating system, BIOS, and other system-level entities often write output to the serial ports, and can accept input such as commands or answers to prompts. Interacting with a serial port is similar to using a terminal window, in that input and output is entirely in text mode and there's no graphical interface or mouse support. Therefore interactive serial console support should be disabled.Ī virtual machine instance has four virtual serial ports. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. Severity: High Ensure 'Enable connecting to serial ports' is not enabled for VM Instanceĭescription: Interacting with a serial port is often referred to as the serial console, which is similar to using a terminal window, in that input and output is entirely in text mode and there's no graphical interface or mouse support. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. Integrity monitoring helps you understand and make decisions about the state of your VM instances and the Shielded VM vTPM enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline. Shielded VM instances run firmware that is signed and verified using Google's Certificate Authority, ensuring that the instance's firmware is unmodified and establishing the root of trust for Secure Boot. Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module (vTPM)-enabled Measured Boot, and integrity monitoring. Shielded VM offers verifiable integrity of your Compute Engine VM instances, so you can be confident your instances haven't been compromised by boot- or kernel-level malware or rootkits. Shielded VMs are virtual machines (VMs) on Google Cloud Platform hardened by a set of security controls that help defend against rootkits and bootkits. Severity: Medium Ensure Compute instances are launched with Shielded VM enabledĭescription: To defend against advanced threats and ensure that the boot loader and firmware on your VMs are signed and untampered, it's recommended that Compute instances are launched with Shielded VM enabled. It's recommended to use Instance specific SSH keys that can limit the attack surface if the SSH keys are compromised. Using project-wide SSH keys eases the SSH key management but if compromised, poses the security risk that can affect all the instances within project. Project wide SSH keys can be used to log in into all the instances within project. Project-wide SSH keys are stored in Compute/Project-meta-data. Severity: Low Ensure 'Block Project-wide SSH keys' is enabled for VM instancesĭescription: It's recommended to use Instance specific SSH key(s) instead of using common/shared project-wide SSH key(s) to access Instances. GCP Compute recommendations Compute Engine VMs should use the Container-Optimized OSĭescription: This recommendation evaluates the config property of a node pool for the key-value pair, 'imageType': 'COS.' To decide which recommendations to resolve first, look at the severity of each recommendation and its potential effect on your secure score. Your secure score is based on the number of security recommendations you completed. To learn about actions that you can take in response to these recommendations, see Remediate recommendations in Defender for Cloud. The recommendations that appear in your environment are based on the resources that you're protecting and on your customized configuration. This article lists all the recommendations you might see in Microsoft Defender for Cloud if you connect a Google Cloud Platform (GCP) account by using the Environment settings page.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |