Welcome to the GCP Security Monitoring knowledge base! The CUIT Cybersecurity team has built this security monitoring process to detect security vulnerabilities or misconfigurations in the GCP Cloud. Each alert has a criticality assigned to demonstrate how to prioritize the issue detected. A description and remediation are also provided in each alert to guide you as the project owner on how to solve the issue at hand. Additionally each alert has references to the GCP Support Site, CIS Benchmark or MITRE ATT&CK framework which were the teams source to build the monitoring alerts. Below is a search bar which will let you type in the alert name and find additional information about the event. On the left you can see a drop down under GCP Security Monitoring, this will provide you access to a comprehensive list of detections which we use in our monitoring.
| Ui steps |
|---|
What do I do if I received a security alert?
1. Type in the name of your alert in the search box below. The name is found in the subject line of the alert email.
2. Select the alert that matches.
3. You will see a description of why the alert was raised, and what you can do to solve the issue.
4. If the remediation steps are not clear, please visit the reference link(s) to learn more. If you still need help, please email cybersec@columbia.edu |
| Live Search |
|---|
| spaceKey | CSVM |
|---|
| placeholder | type in the name of your alert |
|---|
| type | page |
|---|
| labels | gcp |
|---|
|
GCP Security Best Practices We have compiled the following list as best practices to provide a security foundation to GCP Project owners. These controls are designed to limit exposure and reduce the attack surface of your cloud resources. Run Antivirus or Anti-Malware on virtual machines Limit public resources Buckets and databases should be restricted from being directly accessible from the outside world world as noted in the GCP Security Controls This will prevent from information being exposed which it was not intended to Google recommends against this configuration “The Cloud Storage access control system includes the ability to specify that buckets are publicly writable. While configuring a bucket this way can be convenient for various purposes, we recommend against using this permission - it can be abused for distributing illegal content, viruses, and other malware, and the bucket owner is legally and financially responsible for the content stored in their buckets”
Limit which region resources are provisioned Since Columbia University is operating out of the United States from a legal perspective it is in the Universities best interest to host data within the same region. Deploying workloads to regions outside of the US will require an exception, you can find that process to the left of this page
Leverage University login systems and Multi Factor authentication No Public IPs on Virtual Machines Security best practice is to limit which network ports are accessible via the world on virtual machines To facilitate applications which need to be publicly accessible a load balancer should be used to provide that connectivity. This will also provide you additional features such as distribution of workload and high availability
| Child pages (Children Display) |
|---|
| all | true |
|---|
| style | h3 |
|---|
| sort | creation |
|---|
| excerptType | simple |
|---|
|
|