Security in Google Cloud [GO5977]

Total time
Location
At location, Online
Starting date and place
Logo Global Knowledge Network Training Ltd.

Need more information? Get more details on the site of the provider.

Starting dates and places

place(Virtual Training Centre)
12 Jul 2021 until 14 Jul 2021
place(Virtual Training Centre)
13 Sep 2021 until 15 Sep 2021

Description

OVERVIEW

Through lectures, demonstrations and hands-on labs, participants explore and implement the components of a safe GCP solution. Participants also learn attack mitigation techniques at many points in a GCP-based infrastructure, including distributed denial of service attacks, phishing attacks, and threats related to content classification and use.

Virtual Learning: 

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the informat…

Read the complete description

Frequently asked questions

There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.

Didn't find what you were looking for? See also: Cloud Computing, Security, Internet Security, CompTIA A+ / Network+ / Security+, and IT Security.

OVERVIEW

Through lectures, demonstrations and hands-on labs, participants explore and implement the components of a safe GCP solution. Participants also learn attack mitigation techniques at many points in a GCP-based infrastructure, including distributed denial of service attacks, phishing attacks, and threats related to content classification and use.

Virtual Learning: 

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

OBJECTIVES

This course teaches participants the following skills:

  • Understanding of Google's approach to security
  • Administrative identity management through Cloud Identity.
  • Implementation of administrative access with minimum privileges using Google Cloud Resource Manager, Cloud IAM.
  • Implementation of IP traffic controls using VPC firewalls and Cloud Armor
  • Identity Aware Proxy Implementation
  • Analysis of configuration changes or resource metadata with GC audit trails
  • Scanning and writing sensitive data with the Data Loss Prevention API
  • Scanning a GC implementation with Forseti
  • Remediate important types of vulnerabilities, especially in public access to data and virtual machines.

AUDIENCE

This class is intended for the following:

  • Cloud Information Security Analysts, Architects and Engineers
  • Information Security and Cybersecurity Specialists
  • Cloud Infrastructure Architects
  • Cloud Application Developers

 

CONTENT

PART I: Security Management in the Google Cloud

Module 1: Fundamentals of GC Safety

  • Google Cloud security approach
  • The shared responsibility model for security
  • Threats mitigated by Google and GC
  • Transparency in access

Module 2: Identity in the Cloud

  • Identity in the cloud
  • Synchronization with Microsoft Active Directory
  • Choice between Google and SAML-based SSO authentication
  • GCP best practices

Module 3: Identity and Access Management

  • GCP Resource Manager: projects, folders and organizations
  • GCP IAM features, including custom features
  • GCP IAM policies, including organizational policies
  • GCP IAM Best Practices
     

Module 4: Configuring the Google Virtual Private Cloud for Privacy and Security

  • VPC firewall configuration (entry and exit rules)
  • Load balancing and SSL policies
  • Private access to the Google API
  • Use of SSL proxy
  • Best practices for structuring VPC networks
  • Best security practices for VPNs
  • Security considerations for interconnection and peering options
  • Security products available from partners
     

Module 5: Monitoring, Logging, Auditing and Scanning

  • Stacker monitoring and logging
  • VPC flow records
  • Cloud Audit Log
  • Deploying and Using Forseti

 PART II: Vulnerability Mitigation in the Google Cloud

Module 6: Engine protection for computing: techniques and best practices

  • Calculate default and customer-defined engine service accounts
  • RIO functions for virtual machines
  • Virtual Machine API Scopes
  • SSH key management for Linux virtual machines
  • Managing RDP Logins for Windows Virtual Machines
  • Organizational policy controls: trusted images, public IP address, serial port deactivation
  • Encryption of VM images with customer-managed and customer-supplied encryption keys
  • Find and remedy public access to virtual machines
  • WV best practices
  • Encryption of VM discs with encryption keys provided by the customer


Module 7: Data Protection in the Cloud: Techniques and Best Practices

  • Cloud storage and AMI permissions
  • Cloud storage and ACLs
  • Cloud data auditing, including search and repair of publicly accessible data
  • Signed Cloud Storage URLs
  • Signed policy documents
  • Encrypting Cloud Storage Objects with Customer-Managed and Customer-Supplied Encryption Keys
  • Best practices, including deleting archived versions of objects after keystrokes
  • Authorized views of BigQuery
  • BigQuery IAM features
  • Best practices, including preference of IAM permits over ACLs


Module 8: Protection against distributed denial of service attacks: techniques and best practices

  • How DDoS attacks work
  • Mitigation: GCLB, Cloud CDN, Auto Scaling, VPC Input/Output Firewalls, Cloud Armor
  • Types of complementary partner products


Module 9: Application Security: Techniques and Best Practices

  • Types of application security vulnerabilities
  • DoS protections in App Engine and Cloud features
  • Cloud Security Scanner
  • Threat: Phishing and Oauth phishing
  • Identity Recognition Proxy


Module 10: Content-Related Vulnerabilities: Techniques and Best Practices

  • Threat: Ransomware
  • Mitigation: backup API, IAM, data loss prevention
  • Threats: Data misuse, privacy violations, confidential/restricted/unacceptable content
  • Mitigation: Content classification using Cloud ML APIs; data analysis and writing using Data Loss Prevention APIs
There are no reviews yet.

Share your review

Do you have experience with this course? Submit your review and help other people make the right choice. As a thank you for your effort we will donate £1.- to Stichting Edukans.

There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.