Network Intelligence Center
Another tool an IT auditor can leverage for visibility in GCP is Network Intelligence Center. As per Google’s documentation, “Network Intelligence Center provides a single console for Google Cloud network observability, monitoring, and troubleshooting.”
Network Intelligence Center has five modules:
- Network Topology
- Connectivity Tests
- Performance Dashboard
- Firewall Insights
- Network Analyzer
Firewall Insights and Network Analyzer provide very valuable information for an IT auditor. You can get to Network Intelligence by searching for it on the Google console, as seen in Figure 7.29:
Figure 7.29 – Network Intelligence
Let us start with Firewall Insights. As per Google’s documentation, “Firewall Insights helps in optimizing firewall rules. Firewall Insights provides data about how firewall rules are being used, exposes misconfigurations, and identifies rules that could be made stricter.” When you launch Firewall Insights,you will see a dashboard with different categories of rules, as seen in Figure 7.30:
Figure 7.30 – Firewall Insights
Let us click on the Allow rules with overly permissive IP address or port ranges tab. In our example, the IT auditor should note there are default rules present, including allowing inbound network traffic to SSH and RDP. In Chapter 4, Network, Infrastructure, and Security Controls, we stated that default firewall rules are over-permissive and insecure; therefore, the IT auditor needs to examine these default rules closely to ensure they match the organization’s risk posture. The default rules can be seen in Figure 7.31:
Figure 7.31 – VPC firewalls rules
Another module the IT auditor should leverage is Network Analyzer. As per Google’s documentation, “Network Analyzer automatically monitors your VPC network configurations and detects misconfigurations and suboptimal configurations.” Network Analyzer can provide very useful information to an ITauditor, such as VPC Network and Network Services, as seen in Figure 7.32:
Figure 7.32 – Network Analyzer
Summary
In this chapter, we looked at the tools for monitoring the performance, availability, and security of infrastructure and applications for AWS, Azure, and GCP environments. We covered standard tools and options that exist within each cloud environment, and how an IT auditor can leverage them to monitor and assess the respective clouds.
In our next chapter, we will perform a walk-through demonstrating how to assess identity and access management (IAM) controls.