Course Code: GO5977 / Duration: 2 Days
Course Overview
Through lectures, demonstrations and hands-on labs, participants explore and implement the components of a safe GCP solution. Participants also learn attack mitigation techniques at many points in a GCP-based infrastructure, including distributed denial of service attacks, phishing attacks, and threats related to content classification and use.
Virtual Learning:
This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.
How can I attend my course?
COURSE OBJECTIVES
This course teaches participants the following skills:
• Understanding of Google’s approach to security
• Administrative identity management through Cloud Identity.
• Implementation of administrative access with minimum privileges using Google Cloud Resource Manager, Cloud IAM.
• Implementation of IP traffic controls using VPC firewalls and Cloud Armor
• Identity Aware Proxy Implementation
• Analysis of configuration changes or resource metadata with GC audit trails
• Scanning and writing sensitive data with the Data Loss Prevention API
• Scanning a GC implementation with Forseti
• Remediate important types of vulnerabilities, especially in public access to data and virtual machines.
Course Content
PART I: Security Management in the Google Cloud
Module 1: Fundamentals of GC Safety
• Google Cloud security approach
• The shared responsibility model for security
• Threats mitigated by Google and GC
• Transparency in access
Module 2: Identity in the Cloud
• Identity in the cloud
• Synchronization with Microsoft Active Directory
• Choice between Google and SAML-based SSO authentication
• GCP best practices
Module 3: Identity and Access Management
• GCP Resource Manager: projects, folders and organizations
• GCP IAM features, including custom features
• GCP IAM policies, including organizational policies
• GCP IAM Best Practices
Module 4: Configuring the Google Virtual Private Cloud for Privacy and Security
• VPC firewall configuration (entry and exit rules)
• Load balancing and SSL policies
• Private access to the Google API
• Use of SSL proxy
• Best practices for structuring VPC networks
• Best security practices for VPNs
• Security considerations for interconnection and peering options
• Security products available from partners
Module 5: Monitoring, Logging, Auditing and Scanning
• Stacker monitoring and logging
• VPC flow records
• Cloud Audit Log
• Deploying and Using Forseti
PART II: Vulnerability Mitigation in the Google Cloud
Module 6: Engine protection for computing: techniques and best practices
• Calculate default and customer-defined engine service accounts
• RIO functions for virtual machines
• Virtual Machine API Scopes
• SSH key management for Linux virtual machines
• Managing RDP Logins for Windows Virtual Machines
• Organizational policy controls: trusted images, public IP address, serial port deactivation
• Encryption of VM images with customer-managed and customer-supplied encryption keys
• Find and remedy public access to virtual machines
• WV best practices
• Encryption of VM discs with encryption keys provided by the customer
Module 7: Data Protection in the Cloud: Techniques and Best Practices
• Cloud storage and AMI permissions
• Cloud storage and ACLs
• Cloud data auditing, including search and repair of publicly accessible data
• Signed Cloud Storage URLs
• Signed policy documents
• Encrypting Cloud Storage Objects with Customer-Managed and Customer-Supplied Encryption Keys
• Best practices, including deleting archived versions of objects after keystrokes
• Authorized views of BigQuery
• BigQuery IAM features
• Best practices, including preference of IAM permits over ACLs
Module 8: Protection against distributed denial of service attacks: techniques and best practices
• How DDoS attacks work
• Mitigation: GCLB, Cloud CDN, Auto Scaling, VPC Input/Output Firewalls, Cloud Armor
• Types of complementary partner products
Module 9: Application Security: Techniques and Best Practices
• Types of application security vulnerabilities
• DoS protections in App Engine and Cloud features
• Cloud Security Scanner
• Threat: Phishing and Oauth phishing
• Identity Recognition Proxy
Module 10: Content-Related Vulnerabilities: Techniques and Best Practices
• Threat: Ransomware
• Mitigation: backup API, IAM, data loss prevention
• Threats: Data misuse, privacy violations, confidential/restricted/unacceptable content
• Mitigation: Content classification using Cloud ML APIs; data analysis and writing using Data Loss Prevention APIs
COURSE PREREQUISITES
To get the most out of this course, participants should have
• Previous completion of Google Cloud fundamentals: Basic infrastructure or equivalent experience
• Previous completion of Networking on the Google Cloud or equivalent experience
• Knowledge of the fundamental concepts of information security: Fundamental concepts: vulnerability, threat, attack surface, confidentiality, integrity, availability
• Types of common threats and their mitigation strategies, Public Key Cryptography ,Public and Private Key Pairs, Certificates, Encryption Types,
• Key Width, Certification Authorities. Transport Layer Security/Secure Sockets Transport Layer Encryption Communication, Public Key Infrastructures.
• Security policy: Basic command line tools and Linux operating system environments.
• Experience in system operations, including application deployment and management, either on-premise or in a public cloud environment, understanding of reading code in Python or JavaScript.
To book this course please call
+44 (0) 1444 410296 or email Info@kplknowledge.co.uk
Training and accreditation is provided through Global Knowledge