Content Comparison

Welcome to the GCP Security Monitoring knowledge base!

The CUIT Cybersecurity team has built this security monitoring process to detect security vulnerabilities or misconfigurations in the GCP Cloud. Each alert has a criticality assigned to demonstrate how to prioritize the issue detected. A description and remediation are also provided in each alert to guide you as the project owner on how to solve the issue at hand. Additionally each alert has references to the GCP Support Site, CIS Benchmark or MITRE ATT&CK framework which were the teams source to build the monitoring alerts. 

Below is a search bar which will let you type in the alert name and find additional information about the event. On the left you can see a drop down under GCP Security Monitoring, this will provide you access to a comprehensive list of detections which we use in our monitoring. 

GCP Security Best Practices

We have compiled the following list as best practices to provide a security foundation to GCP Project owners. These controls are designed to limit exposure and reduce the attack surface of your cloud resources. 

• Run Antivirus or Anti-Malware on virtual machines

• If you are looking for antivirus or anti-malware CUIT provides Malwarebytes to the university

• IT Staff around the university can request a site to manage their endpoints 

• Limit public resources 

• Buckets and databases should be restricted from being directly accessible from the outside world 

• This will prevent from information being exposed which it was not intended to

• Google recommends against this configuration

• “The Cloud Storage access control system includes the ability to specify that buckets are publicly writable. While configuring a bucket this way can be convenient for various purposes, we recommend against using this permission - it can be abused for distributing illegal content, viruses, and other malware, and the bucket owner is legally and financially responsible for the content stored in their buckets”

• https://cloud.google.com/storage/docs/gsutil/addlhelp/SecurityandPrivacyConsiderations#access-control-lists

• Limit which region resources are provisioned

• Since Columbia University is operating out of the United States from a legal perspective it is in the Universities best interest to host data within the same region. 

• Deploying workloads to regions outside of the US will require an exception, you can find that process to the left of this page

• Leverage University login systems and Multi Factor authentication

• The Identity and access management system provide a platform to enable UNI based authentication on applications

• https://cuit.columbia.edu/cas-authentication

• No Public IPs on Virtual Machines

• Security best practice is to limit which network ports are accessible via the world on virtual machines

• To facilitate applications which need to be publicly accessible a load balancer should be used to provide that connectivity. This will also provide you additional features such as distribution of workload and high availability

• https://cloud.google.com/load-balancing/docs