This self-paced training course gives participants broad study of security controls and techniques on Google Cloud Platform.
Through recorded lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure GCP solution, including Cloud Identity, the GCP Resource Manager, Cloud IAM, Google Virtual Private Cloud firewalls, Google Cloud Load balancing, Cloud CDN, Cloud Storage access control technologies, Stackdriver, Security Keys, Customer-Supplied Encryption Keys, the Google Data Loss Prevention API, and Cloud Armor. Participants learn mitigations for attacks at many points in a GCP-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.
To get the most out of this course, participants should have:
* Prior completion of Google Cloud Platform Fundamentals: Core Infrastructure or equivalent experience
* Prior completion of GCP and Hybrid Networking Deep Dive or equivalent experience
* Knowledge of foundational concepts in information security, such as
* vulnerability, threat, attack surface
* confidentiality, integrity, availability
* common threat types and their mitigation strategies
* public-key cryptography
* public and private key pairs
* cipher types
* certificate authorities
* Transport Layer Security/Secure Sockets Layer encrypted communication
* public key infrastructures
* security policy
* Basic proficiency with command-line tools and Linux operating system environments
* Systems Operations experience, deploying and managing applications, on-premises or in a public cloud environment
>>> By enrolling in this course you agree to the Qwiklabs Terms of Service as set out in the FAQ and located at: https://qwiklabs.com/terms_of_service
Welcome to Mitigating Security Vulnerabilities in Google Cloud
Welcome to Mitigating Security Vulnerabilities on Google Cloud Platform! In this course we will build upon the foundations laid during the earlier courses in this series. In this section, expect to learn more about security tools available to you when using Google Cloud, and how to use them to lower the risk of malicious attacks against your systems, software and data.
Protecting Against Distributed Denial of Service Attacks
Distributed Denial of Service Attacks are a major concern today and can have a huge impact on businesses if the business is not adequately prepared. In this module we will begin with a quick discussion on how DDoS attacks work and then review some DDoS mitigation techniques that are provided by the Google Cloud Platform. We will finish up with a review of complementary partner products and a lab where you will get a chance to see some DDoS mitigations in action.
Content-Related Vulnerabilities: Techniques and Best Practices
In this module we will discuss threats to your content. First, we review the threat of ransomware, and some of the mitigations you can utilize in Google Cloud to help protect your systems from it. Then we will move to a discussion of threats related to data misuse and privacy violations and discuss a few mitigation strategies that can be utilized to protect applications and systems.
Monitoring, Logging, Auditing and Scanning
Collecting, processing, aggregating, and displaying real-time quantitative data is helpful in supplying raw input into business analytics and in facilitating analysis of security breaches. Google Cloud provides many services and features to help with this - and that is what this module is all about.In this module we will investigate Stackdriver monitoring and logging, cloud audit logging, and then discuss how to leverage Forseti Security to systematically monitor your GCP resources.