Leveraging Google Cloud Armor, Security Scanner and the Data Loss Prevention API
This course focuses on the design and implementation of security scanning, protection against Distributed Denial of Service (DDoS) attacks and security auditing. The course also covers the use of the Data Loss Prevention API in protecting sensitive data.
What you'll learn
Recent years have witnessed a steady increase in the number of reported instances of data being compromised, stolen and even sold for ransom.
In this course, Leveraging Google Cloud Armor, Security Scanner and the Data Loss Prevention API, you will gain the ability to mitigate threats of DDoS attacks using Cloud Armor, scan your App Engine and Compute Engine web apps using Security Scanner, enforce audit rules using Forseti and use the Data Loss Prevention API to control access to sensitive data.
First, you will learn how to use Cloud Armor to mitigate the threat of DDoS attacks directed at your HTTP(S) load balanced applications. Cloud Armor will enforce these rules at the edge of the Google network and prevent unwanted requests from permeating into the interior of your VPC network.
Next, you will discover how to use the Security Scanner to identify potential vulnerabilities in your App Engine and Compute Engine web apps. These currently include checks for cross-site scripting, flash injection, mixed content, clear-text passwords, invalid headers and the use of outdated libraries. This list of vulnerabilities is constantly being added to, which means that your Security Scanner reports will change and get richer and better over time. You will also use Forseti, a third-party tool that is used to conduct security audits of IAM policies and compare the actual and desired state of system resources.
Finally, you will explore how to use the Data Loss Prevention API to control access to sensitive data. The DLP API has a long list of country-specific types of sensitive data type - US Social Security Numbers and the tax identifiers of several countries. The API has built-in detectors to return probabilities that a given data item matches a certain type of sensitive data. It is also possible to add custom detectors, and to use powerful techniques for redaction and de-identification of such data.
When you’re finished with this course, you will have the skills and knowledge of various security auditing and protection services to protect against DDoS attacks, as well as identify vulnerabilities in your apps and project settings to help identify and protect sensitive data.
Table of contents
- Module Overview 1m
- Prerequisites and Course Outline 3m
- Introducing Cloud Armor 4m
- Limits, Restrictions, and Pricing 1m
- Configuring Security Policies and Rules 7m
- Configuring Firewall Rules, Instance Templates, and a Managed Instance Group 8m
- Configuring a Load Balancer and Simulating a DDoS Attack 6m
- Blacklisting Malicious Instances Using Cloud Armor Policies 5m
- Module Overview 1m
- Vulnerability Scanning Using Cloud Security Scanner 7m
- Caveats, Restrictions, and Pricing 2m
- Deploy an App Engine Application 4m
- Configure and Run a Vulnerability Scan 4m
- Run a Simple Web Application on a Compute Engine VM 4m
- Configure and Run a Scan on a Compute Engine Web Application 2m
- Introducing Forseti Security Tools 4m
- Installing Forseti Security Tools for the GCP 3m
- Working with Forseti Tools 8m
- Module Overview 1m
- Data Loss Prevention API Building Blocks 7m
- Custom Info Type Detectors 2m
- Inspecting Text for Sensitive Location Data 6m
- Inspsecting Sensitive Data in Cloud Storage Bucket and Analyzing Results in Big Query 5m
- Registering and Using Custom Inspection Templates 3m
- Image Redaction and Text De-identification 6m
- Configuring and Using Custom Info Type Detectors 6m
- Automated Classification of Text Files in Cloud Storage Buckets 5m
- Classifying Files as Containing Sensitive or Nonsensitive Content 7m
- Assigning Service Account Permissions and Classifying Files 5m
- Summary and Further Study 2m
About the author
Janani has a Masters degree from Stanford and worked for 7+ years at Google. She was one of the original engineers on Google Docs and holds 4 patents for its real-time collaborative editing framework. After spending years working in tech in the Bay Area, New York, and Singapore at companies such as Microsoft, Google, and Flipkart, Janani finally decided to combine her love for technology with her passion for teaching. She is now the co-founder of Loonycorn, a content studio focused on providing ... more