Google云平台的安全管理

课程概况

This self-paced training course gives participants broad study of security controls and techniques on Google Cloud Platform.

Through recorded lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure GCP solution, including Cloud Identity, the GCP Resource Manager, Cloud IAM, Google Virtual Private Cloud firewalls, Google Cloud Load balancing, Cloud CDN, Cloud Storage access control technologies, Stackdriver, Security Keys, Customer-Supplied Encryption Keys, the Google Data Loss Prevention API, and Cloud Armor. Participants learn mitigations for attacks at many points in a GCP-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.

To get the most out of this course, participants should have:
* Prior completion of Google Cloud Platform Fundamentals: Core Infrastructure or equivalent experience
* Prior completion of GCP and Hybrid Networking Deep Dive or equivalent experience
* Knowledge of foundational concepts in information security, such as
* vulnerability, threat, attack surface
* confidentiality, integrity, availability
* common threat types and their mitigation strategies
* public-key cryptography
* public and private key pairs
* certificates
* cipher types
* certificate authorities
* Transport Layer Security/Secure Sockets Layer encrypted communication
* public key infrastructures
* security policy
* Basic proficiency with command-line tools and Linux operating system environments
* Systems Operations experience, deploying and managing applications, on-premises or in a public cloud environment
* Reading comprehension of code in Python or Javascript

>>> By enrolling in this course you agree to the Qwiklabs Terms of Service as set out in the FAQ and located at: https://qwiklabs.com/terms_of_service <<<

课程大纲

Welcome to Managing Security in Google Cloud Platform

Welcome to the Foundations of Google Cloud Platform Security module, Part 1 of the Security in Google Cloud Platform specialization. This course gives participants broad study of security controls and techniques on Google Cloud Platform. Through lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure GCP solution.

Foundations of GCP Security

Securing systems is a hot topic and should be a priority for everyone today - and, as you will see, it is definitely a priority here at Google.

In this module we will introduce you to GCP’s approach to security. We will also discuss the shared security responsibility model, which is a collaborative effort between Google and its users. Next, we will outline several threats that are mitigated for you when your systems are run on Google’s infrastructure in GCP. And, finally, we will end with a section on access transparency.

Cloud Identity

In this module we will discuss Cloud Identity, a service which makes it easy to manage cloud users, devices, and apps from one console. We will also discuss a few related features to help reduce the operational overhead of managing GCP users, such as the Google Cloud Directory Sync and Single Sign-On. We will end with some authentication best practices.

Identity and Access Management (IAM)

Cloud Identity and Access Management (or Cloud IAM as it is known) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage your cloud resources centrally. More specifically, we will cover; the Resource Manager which enables you to centrally manage projects, folders, and organizations, IAM roles and policies, including custom roles, and Cloud IAM best practices, including separation of duties and the principle of least privilege.

VPCs for Isolation and Security

Managed networking on GCP utilizes a Virtual Private Cloud (or VPC). In this module we will discuss VPC related security concepts including: VPC firewalls, load balancing SSL policies, network Interconnect & peering options, VPC network best practices and VPC flow logs. You will also have the opportunity to practice what you’ve learned, by completing the labs exercises “Configuring VPC Firewalls” and “Using and Viewing VPC Flow Logs in Stackdriver.”

StackDriver and Scanning

Collecting, processing, aggregating, and displaying real-time quantitative data is helpful in supplying raw input into business analytics and in facilitating analysis of security breaches. GCP provides many services and features to help with this - and that is what this module is all about.In this module we will investigate Stackdriver monitoring and logging, cloud audit logging, and then discuss how to leverage Forseti Security to systematically monitor your GCP resources.