Shielded VMs are virtual machines (VMs) on Google Cloud Platform hardened by a set of security controls that help defend against rootkits and bootkits. Severity: Medium Ensure Compute instances are launched with Shielded VM enabledÄescription: To defend against advanced threats and ensure that the boot loader and firmware on your VMs are signed and untampered, it's recommended that Compute instances are launched with Shielded VM enabled. It's recommended to use Instance specific SSH keys that can limit the attack surface if the SSH keys are compromised. Using project-wide SSH keys eases the SSH key management but if compromised, poses the security risk that can affect all the instances within project. Project wide SSH keys can be used to log in into all the instances within project. Project-wide SSH keys are stored in Compute/Project-meta-data. Severity: Low Ensure 'Block Project-wide SSH keys' is enabled for VM instancesÄescription: It's recommended to use Instance specific SSH key(s) instead of using common/shared project-wide SSH key(s) to access Instances. GCP Compute recommendations Compute Engine VMs should use the Container-Optimized OSÄescription: This recommendation evaluates the config property of a node pool for the key-value pair, 'imageType': 'COS.' To decide which recommendations to resolve first, look at the severity of each recommendation and its potential effect on your secure score. Your secure score is based on the number of security recommendations you completed. To learn about actions that you can take in response to these recommendations, see Remediate recommendations in Defender for Cloud. The recommendations that appear in your environment are based on the resources that you're protecting and on your customized configuration. This article lists all the recommendations you might see in Microsoft Defender for Cloud if you connect a Google Cloud Platform (GCP) account by using the Environment settings page.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |