Control: GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
Configures auditing against a CIS Benchmark item.
Level: 2
GCP Firewall Rules
are specific to a VPC Network
. Each rule either allows
or denies
traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances.
Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an IPv4
address or IPv4 block in CIDR
notation can be used. Generic (0.0.0.0/0)
incoming traffic from the internet to VPC or VM instance using SSH
on Port 22
can be avoided.
Resource Types
This control targets the following resource types:
Primary Policies
The following policies can be used to configure this control:
Category
In Your Workspace
Developers
- tmod:@turbot/gcp-cisv2-0#/control/types/r0306
- tmod:@turbot/cis#/control/categories/v071204
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv2-0#/control/types/r0306"
Get Controls