01 Run projects list command (Windows/macOS/Linux) using custom query filters to list the IDs of the Google Cloud Platform (GCP) projects currently available in your cloud account:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
gcloud projects list
--format="table(projectId)"
02 The command output should return the requested GCP project identifiers (IDs):
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
PROJECT_ID
cc-project5-stack-1637916379
cc-mobile-project-11263793
03 Run compute networks list command (Windows/macOS/Linux) using the ID of the GCP project that you want to examine as the identifier parameter and custom query filters to describe the name of each VPC network created within the selected project:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
gcloud compute networks list
--project cc-project5-stack-1637916379
--format="table(name)"
04 The command output should return the name(s) of the VPC network(s) created for the specified project:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
NAME
cc-app-stack-network
cc-main-stack-network
05 Run compute firewall-rules list command (Windows/macOS/Linux) using the name of the VPC network that you want to examine as the identifier parameter and custom filtering to list all the firewall rules defined for the selected Virtual Private Cloud (VPC):
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
gcloud compute firewall-rules list
--filter network=cc-app-stack-network
--sort-by priority
--format=table"(name,disabled,direction,sourceRanges,allowed[].map().firewall_rule().list())"
06 The command output should return the information available for the existing VPC firewall rules:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
NAME: cc-web-allow-http
DISABLED: False
DIRECTION: INGRESS
SOURCE_RANGES: ['0.0.0.0/0']
ALLOW: tcp:80
NAME: cc-web-allow-https
DISABLED: False
DIRECTION: INGRESS
SOURCE_RANGES: ['0.0.0.0/0']
ALLOW: tcp:443
NAME: cc-web-allow-redis
DISABLED: False
DIRECTION: INGRESS
SOURCE_RANGES: ['0.0.0.0/0']
ALLOW: tcp:6379
Check the
compute firewall-rules list command output for any enabled firewall rules (i.e.
DISABLED: False) with the
DIRECTION set to
INGRESS,
SOURCE_RANGES set to
['0.0.0.0/0'], and
ALLOW set to
tcp:6379 or
tcp:0-65535. If one or more rules match the search criteria, there are VPC network firewall rules that allow unrestricted access on TCP port 6379, therefore, the Redis cache server access granted to the associated cloud resources is not restricted or secured.
07 Repeat steps no. 5 and 6 for each VPC network created for the selected GCP project.
08 Repeat steps no. 3 – 7 for each GCP project deployed in your Google Cloud account.