Security in Google Cloud Platform Course Overview

Enroll for 3-day Security in Google Cloud Platform course from Koenig Solutions. In this course you will learn about security controls and techniques on Google Cloud Platform.

Through a blend of hands-on labs and interactive lectures, you will learn to explore and deploy the components of a secure GCP solution. Participants also learn mitigation techniques for attacks at many points in a GCP-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.

This course is part of the following Certifications:

     Google Cloud Certified Professional Cloud Security Engineer (PCSE)

Target Audience:

  • Cloud information security analysts, architects, and engineers
  • Information security/cybersecurity specialists
  • Cloud infrastructure architects
  • Developers of cloud applications.

Learning Objectives:

  • Understanding the Google approach to security
  • Managing administrative identities using Cloud Identity.
  • Implementing least privilege administrative access using Google Cloud Resource Manager, Cloud IAM.
  • Implementing IP traffic controls using VPC firewalls and Cloud Armor
  • Implementing Identity Aware Proxy
  • Analyzing changes to the configuration or metadata of resources with GCP audit logs
  • Scanning for and redact sensitive data with the Data Loss Prevention API
  • Scanning a GCP deployment with Forseti
  • Remediating important types of vulnerabilities, especially in public access to data and VMs

 

 

This is a Rare Course and it can be take up to 3 weeks to arrange the training.

The 1-on-1 Advantage

Methodology

Flexible Dates

  • • Choose Start Date
  • • Reschedule After Booking
  • • Weekend / Evening Option

4-Hour Sessions

You will learn:

Module 1: Foundations of GCP Security
  • Understand the GCP shared security responsibility model.
  • Understand Google Cloud’s approach to security
  • Understand the kinds of threats mitigated by Google and by GCP.
  • Define and Understand Access Transparency and Access Approval (beta).
  • Cloud Identity
  • Syncing with Microsoft Active Directory using Google Cloud Directory Sync
  • Using Managed Service for Microsoft Active Directory (beta)
  • Choosing between Google authentication and SAML-based SSO.
  • Best practices, including DNS configuration, super admin accounts.
  • Lab: Defining Users with Cloud Identity Console.
  • GCP Resource Manager: projects, folders, and organizations.
  • GCP IAM roles, including custom roles.
  • GCP IAM policies, including organization policies.
  • GCP IAM Labels
  • GCP IAM Recommender.
  • GCP IAM Troubleshooter.
  • GCP IAM Audit Logs
  • Best practices, including separation of duties and least privilege, the use of Google groups in policies, and avoiding the use of primitive roles
  • Labs: Configuring Cloud IAM, including custom roles and organization policies.
  • Configuring VPC firewalls (both ingress and egress rules)
  • Load balancing and SSL policies
  • Private Google API access.
  • SSL proxy use
  • Best practices for VPC networks, including peering and shared VPC use, correct use of subnetworks.
  • Best security practices for VPNs
  • Security considerations for interconnect and peering options
  • Available security products from partners.
  • Defining a service perimeter, including perimeter bridges.
  • Setting up private connectivity to Google APIs and services.
  • Lab: Configuring VPC firewalls.
  • Compute Engine service accounts, default and customer-defined.
  • IAM roles for VMs
  • API scopes for VMs
  • Managing SSH keys for Linux VMs
  • Managing RDP logins for Windows VMs.
  • Organization policy controls: trusted images, public IP address, disabling serial port
  • Encrypting VM images with customer-managed encryption keys and with customer-supplied encryption keys
  • Finding and remediating public access to VMs.
  • Best practices, including using hardened custom images, custom service accounts (not the default service account), tailored API scopes, and the use of application default credentials instead of user-managed keys.
  • Lab: Configuring, using, and auditing VM service accounts and scopes.
  • Encrypting VM disks with customer-supplied encryption keys.
  • Lab: Encrypting disks with customer-supplied encryption keys
  • Using Shielded VMs to maintain the integrity of virtual machines.
  • Cloud Storage and IAM permissions
  • Cloud Storage and ACLs
  • Auditing cloud data, including finding and remediating publicly accessible data
  • Signed Cloud Storage URLs.
  • Signed policy documents
  • Encrypting Cloud Storage objects with customer-managed encryption keys and with customer-supplied encryption keys.
  • Best practices, including deleting archived versions of objects after key rotation.
  • Lab: Using customer-supplied encryption keys with Cloud Storage
  • Lab: Using customer-managed encryption keys with Cloud Storage and Cloud KMS.
  • BigQuery authorized views
  • BigQuery IAM roles.
  • Best practices, including preferring IAM permissions over ACLs.
  • Lab: Creating a BigQuery authorized view.
  • Types of application security vulnerabilities
  • DoS protections in App Engine and Cloud Functions.
  • Cloud Security Scanner.
  • Lab: Using Cloud Security Scanner to find vulnerabilities in an App Engine application.
  • Identity Aware Proxy
  • Lab: Configuring Identity Aware Proxy to protect a project.
  • Authorization
  • Securing Workloads.
  • Securing Clusters
  • Logging and Monitoring.
  • How DDoS attacks work.
  • Mitigations: GCLB, Cloud CDN, autoscaling, VPC ingress and egress firewalls, Cloud Armor (including its rules language).
  • Types of complementary partner products.
  • Lab: Configuring GCLB, CDN, traffic blacklisting with Cloud Armor.
  • Threat: Ransomware
  • Mitigations: Backups, IAM, Data Loss Prevention API
  • Threats: Data misuse, privacy violations, sensitive/restricted/unacceptable content.
  • Threat: Identity and Oauth phishing
  • Mitigations: Classifying content using Cloud ML APIs; scanning and redacting data using Data Loss Prevention API.
  • Lab: Redacting Sensitive Data with Data Loss Prevention API.
  • Security Command Center
  • Stackdriver monitoring and logging
  • Lab: Installing Stackdriver agents
  • Lab: Configuring and using Stackdriver monitoring and logging
  • VPC flow logs.
  • Lab: Viewing and using VPC flow logs in Stackdriver.
  • Cloud audit logging
  • Lab: Configuring and viewing audit logs in Stackdrive
  • Deploying and Using Forseti
  • Lab: Inventorying a Deployment with Forseti Inventory (demo)
  • Lab: Scanning a Deployment with Forseti Scanner (demo).
Live Online Training (Duration : 24 Hours) Fee On Request
We Offer :
  • 1-on-1 Public - Select your own start date. Other students can be merged.
  • 1-on-1 Private - Select your own start date. You will be the only student in the class.

4 Hours
8 Hours
Week Days
Weekend

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Group Training
Date On Request
Course Prerequisites
  • Prior completion of Google Cloud Fundamentals: Core Infrastructure or equivalent experience
  • Prior completion of Networking in Google Cloud Platform or equivalent experience
  • Knowledge of foundational concepts in information security:
  • Fundamental concepts:
    • vulnerability, threat, attack surface
    • confidentiality, integrity, availability
  • Common threat types and their mitigation strategies
  • Public-key cryptography
    • Public and private key pairs
    • Certificates
    • Cipher types
    • Key width
  • Certificate authorities
  • Transport Layer Security/Secure Sockets Layer encrypted communication
  • Public key infrastructures
  • Security policy
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
  • Reading comprehension of code in Python or JavaScript

 

Request More Information

Add Name and Email Address of participant (If different from you)

FAQ's


In both, you choose the schedule. In public, other participants can join, Private other participants want to join.
Yes, course requiring practical include hands-on labs.
You can buy online from the page by clicking on "Buy Now". You can view alternate payment method on payment options page.
Yes, you can pay from the course page and flexi page.
Yes, the site is secure by utilizing Secure Sockets Layer (SSL) Technology. SSL technology enables the encryption of sensitive information during online transactions. We use the highest assurance SSL/TLS certificate, which ensures that no unauthorized person can get to your sensitive payment data over the web.
We use the best standards in Internet security. Any data retained is not shared with third parties.
You can request a refund if you do not wish to enroll in the course.
To receive an acknowledgment of your online payment, you should have a valid email address. At the point when you enter your name, Visa, and other data, you have the option of entering your email address. Would it be a good idea for you to decide to enter your email address, confirmation of your payment will be emailed to you.
After you submit your payment, you will land on the payment confirmation screen.It contains your payment confirmation message. You will likewise get a confirmation email after your transaction is submitted.
We do accept all major credit cards from Visa, Mastercard, American Express, and Discover.
Credit card transactions normally take 48 hours to settle. Approval is given right away; however,it takes 48 hours for the money to be moved.
Yes, we do accept partial payments, you may use one payment method for part of the transaction and another payment method for other parts of the transaction.
Yes, if we have an office in your city.
Yes, we do offer corporate training More details
Yes, we do.
Yes, we also offer weekend classes.
Yes, Koenig follows a BYOL(Bring Your Own Laptop) policy.
It is recommended but not mandatory. Being acquainted with the basic course material will enable you and the trainer to move at a desired pace during classes.You can access courseware for most vendors.
Buy-Now. Pay-Later option is available using credit card in USA and India only.
You will receive the digital certificate post training completion via learning enhancement tool after registration.
Yes you can.
Yes, we do. For details go to flexi
You can pay through debit/credit card or bank wire transfer.
Dubai, Goa, Delhi, Bangalore.
Yes you can request your customer experience manager for the same.

Prices & Payments

Yes of course.
Yes, We are

Travel and Visa

Yes we do after your registration for course.

Food and Beverages

Yes.

Others

Says our CEO-
“It is an interesting story and dates back half a century. My father started a manufacturing business in India in the 1960's for import substitute electromechanical components such as microswitches. German and Japanese goods were held in high esteem so he named his company Essen Deinki (Essen is a well known industrial town in Germany and Deinki is Japanese for electric company). His products were very good quality and the fact that they sounded German and Japanese also helped. He did quite well. In 1970s he branched out into electronic products and again looked for a German name. This time he chose Koenig, and Koenig Electronics was born. In 1990s after graduating from college I was looking for a name for my company and Koenig Solutions sounded just right. Initially we had marketed under the brand of Digital Equipment Corporation but DEC went out of business and we switched to the Koenig name. Koenig is difficult to pronounce and marketeers said it is not a good choice for a B2C brand. But it has proven lucky for us.” – Says Rohit Aggarwal (Founder and CEO - Koenig Solutions)
All our trainers are fluent in English . Majority of our customers are from outside India and our trainers speak in a neutral accent which is easily understandable by students from all nationalities. Our money back guarantee also stands for accent of the trainer.
Medical services in India are at par with the world and are a fraction of costs in Europe and USA. A number of our students have scheduled cosmetic, dental and ocular procedures during their stay in India. We can provide advice about this, on request.
Yes, if you send 4 participants, we can offer an exclusive training for them which can be started from Any Date™ suitable for you.