Ensure GCP Google compute firewall ingress does not allow FTP port (20) access
*Error: GCP Google compute firewall ingress allows FTP port (20) access**
Bridgecrew Policy ID: BC_GCP_NETWORKING_18
Checkov Check ID: CKV_GCP_77
Severity: LOW
GCP Google compute firewall ingress allows FTP port (20) access
Description
It is a best practice to ensure that your firewall ingress rules do not allow unrestricted access to FTP port 20, as it can increase the risk of unauthorized access or attacks on your network. FTP (File Transfer Protocol) is a widely used protocol for transferring files between computers, but it can also be a potential security risk if not properly configured. By restricting access to only specific IP addresses or ranges that you trust, you can help secure your network from potential threats.
Fix - Runtime
Fix - Buildtime
Terraform
resource "google_compute_firewall" "restricted" {
name = "example"
network = "google_compute_network.vpc.name"
allow {
protocol = "tcp"
ports = ["20"]
}
source_ranges = ["172.1.2.3/32"]
target_tags = ["ftp"]
}
Updated 9 months ago