Book Image

Google Cloud Certified Professional Cloud Network Engineer Guide

By : Maurizio Ipsale, Mirko Gilioli
Book Image

Google Cloud Certified Professional Cloud Network Engineer Guide

By: Maurizio Ipsale, Mirko Gilioli

Overview of this book

Google Cloud, the public cloud platform from Google, has a variety of networking options, which are instrumental in managing a networking architecture. This book will give you hands-on experience of implementing and securing networks in Google Cloud Platform (GCP). You will understand the basics of Google Cloud infrastructure and learn to design, plan, and prototype a network on GCP. After implementing a Virtual Private Cloud (VPC), you will configure network services and implement hybrid connectivity. Later, the book focuses on security, which forms an important aspect of a network. You will also get to grips with network security and learn to manage and monitor network operations in GCP. Finally, you will learn to optimize network resources and delve into advanced networking. The book also helps you to reinforce your knowledge with the help of mock tests featuring exam-like questions. By the end of this book, you will have gained a complete understanding of networking in Google Cloud and learned everything you need to pass the certification exam.
Table of Contents (14 chapters)
1
Section 1: Network Infrastructure
5
Section 2: Network Services and Security
9
Section 3: Network Operations, Management, and Monitoring
12
Chapter 9: Professional Cloud Network Engineer Certification Preparation

Configuring Cloud Armor security policies

Imagine that you have deployed your web application globally using several backend services in different GCP regions and you distribute the traffic using the external HTTP(S) load balancer. Now, to secure your web application, you need to deploy different security services. Google Cloud offers Cloud Armor, which is a fully distributed managed service to protect your web application against Denial of Service (DoS), Distributed Denial of Service (DDoS), and web application attacks. More specifically, Cloud Armor can protect from the Open Web Application Security Project (OWASP) top 10 attacks. This is the list of the top 10 most dangerous attacks targeting web applications. It is a list that is updated by the OWASP every year. It can also mitigate DDoS at scale. Cloud Armor has the following features:

  • IP-based and geo-based access control: You can blacklist clients based on IP ranges or from Google's GeoIP maps.
  • A pre-configured...