Módulo 1: Foundations of Google Cloud Security
- Temas:
- Google Cloud’s Approach to Security
- The Shared Security Responsibility Model
- Threats Mitigated by Google and Google Cloud
- Access Transparency
- Objetivos:
- Learn about Google Cloud’s approach to security.
- Understand the shared security responsibility model.
- Understand the kinds of threats mitigated by Google and by Google Cloud.
- Define and understand access transparency.
Módulo 2: Cloud Identity
- Temas:
- Cloud Identity
- Google Cloud Directory Sync
- Google Authentication Versus SAML-based SSO
- Authentication Best Practices
- Objetivos:
- Learn what Cloud Identity is and what it does.
- Learn how Directory Sync securely syncs users and permissions between your on-prem LDAP or AD server and the cloud.
- Understand the two ways Google Cloud handles authentication and how to set up SSO.
- Explore best practices for managing groups, permissions, domains and admins with Cloud Identity.
Módulo 3: Identity and Access Management (IAM)
- Temas:
- Resource Manager
- IAM Roles
- IAM Policies
- IAM Recommender
- IAM Troubleshooter
- IAM Audit Logs
- IAM Best Practices
- Objetivos:
- Understand Resource Manager: projects, folders, and organizations.
- Learn how to implement IAM roles, including custom roles.
- Understand IAM policies, including organization policies.
- Understand best practices, including separation of duties and least privilege, the use of Google groups in policies, and avoiding the use of basic roles.
- Learn how to configure IAM, including custom roles and organization policies.
Módulo 4: Configuring Virtual Private Cloud for Isolation and Security
- Temas:
- VPC Firewalls
- Load Balancing and SSL Policies
- Interconnect and Peering Policies
- Best Practices for VPC Networks
- VPC Flow Logs
- Learn best practices for configuring VPC firewalls (both ingress and egress rules).
- Understand load balancing and SSL policies.
- Understand how to set up private Google API access.
- Understand SSL proxy use.
- Objetivos:
- Learn best practices for VPC networks, including peering and shared VPC use, and the correct use of subnetworks.
- Learn best security practices for VPNs.
- Understand security considerations for interconnect and peering options.
- Become familiar with available security products from partners.
- Learn to configure VPC firewalls.
- Prevent data exfiltration with VPC Service Controls.
Módulo 5: Securing Compute Engine: Techniques and Best Practices
- Temas:
- Service Accounts, IAM Roles and API Scopes
- Managing VM Logins
- Organization Policy Controls
- Compute Engine Best Practices
- Encrypting Disks with CSEK
- Objetivos:
- Learn about Compute Engine service accounts, default and customer-defined.
- Understand IAM roles and scopes for VMs.
- Understand how Shielded VMs help maintain your system and application integrity.
Módulo 6: Securing Cloud Data: Techniques and Best Practices
- Temas:
- Cloud Storage IAM permissions and ACLs
- Auditing Cloud Data
- Signed URLs and Policy Documents
- Encrypting with CMEK and CSEK
- Cloud HSM
- BigQuery IAM Roles and Authorized Views
- Storage Best Practices
- Objetivos:
- Use cloud permissions and roles to secure cloud resources.
- Audit cloud data.
- Use signed URLs to give access to objects in a Cloud Storage bucket.
- Manage what can be placed in a Cloud Storage bucket using Signed Policy Document.
- Encrypt cloud data using customer managed encryption keys (CMEK), customer supplied encryption keys (CSEK), and Cloud HSM.
- Protecting data in BigQuery using IAM roles and authorized views.
Módulo 7: Application Security: Techniques and Best Practices
- Temas:
- Types of Application Security Vulnerabilities
- Web Security Scanner
- Threat: Identity and Oauth Phishing
- Identity-Aware Proxy
- Secret Manager
- Objetivos:
- Recall various types of application security vulnerabilities.
- Understand DoS protections in App Engine and Cloud Functions.
- Understand the role of Web Security Scanner in mitigating risks.
- Define and recall the threats posed by Identity and Oauth phishing.
- Understand the role of Identity-Aware Proxy in mitigating risks.
- Store application credentials and metadata securely using Secret Manager.
Módulo 8: Securing Google Kubernetes Engine: Techniques and Best Practices
- Temas:
- Introduction to Kubernetes/GKE
- Authentication and Authorization
- Hardening Your Clusters
- Securing Your Workloads
- Monitoring and Logging
- Objetivos:
- Understand the basic components of a Kubernetes environment.
- Understand how authentication and authorization works in Google Kubernetes Engine.
- Recall how to harden Kubernetes Clusters against attacks.
- Recall how to harden Kubernetes workloads against attacks.
- Understand logging and monitoring options in Google Kubernetes Engine.
Módulo 9: Protecting against Distributed Denial of Service Attacks (DDoS)
- Temas:
- How DDoS Attacks Work
- Google Cloud Mitigations
- Types of Complementary Partner Products
- Objetivos:
- Understand how DDoS attacks work.
- Recall common mitigations: Cloud Load Balancing, Cloud CDN, autoscaling, VPC ingress and egress firewalls, Google Cloud Armor.
- Recall the various types of complementary partner products available.
- Use Google Cloud Armor to blocklist an IP address and restrict access to an HTTP load balancer.
Módulo 10: Content-Related Vulnerabilities: Techniques and Best Practices
- Temas:
- Threat Ransomware
- Ransomware Mitigations
- Threats: Data Misuse, Privacy Violations, Sensitive Content
- Content-Related Mitigations
- Objetivos:
- Discuss the threat of ransomware.
- Understand ransomware mitigations: Backups, IAM, Cloud Data Loss Prevention API.
- Understand threats to content: Data misuse, privacy violations, sensitive/restricted/ unacceptable content.
- Recall mitigations for threats to content: Classifying content using Cloud ML APIs; scanning and redacting data using the DLP API.
Módulo 11: Monitoring, Logging, Auditing, and Scanning
- Temas:
- Cloud Audit Logs
- Deploying and Using Forseti
- Objetivos:
- Understand and use Security Command Center.
- Understand and use Cloud Monitoring and Cloud Logging.
- Install the Monitoring and Logging Agents.
- Understand Cloud Audit Logs.
- Gain experience configuring and viewing Cloud Audit Logs.
- Gain experience deploying and using Forseti.
- Learn how to inventory a deployment with Forseti Inventory.
- Learn how to scan a deployment with Forseti Scanner.