arrow_back

Use reports to remediate findings

登录 加入
Test and share your knowledge with our community!
done
Get access to over 700 hands-on labs, skill badges, and courses

Use reports to remediate findings

Lab 1 小时 30 分钟 universal_currency_alt 2 个积分 show_chart 入门级
Test and share your knowledge with our community!
done
Get access to over 700 hands-on labs, skill badges, and courses
important icon IMPORTANT:

desktop/labtop icon Make sure to complete this hands-on lab on a desktop/laptop only.

check icon There are only 5 attempts permitted per lab.

quiz target icon As a reminder – it is common to not get every question correct on your first try, and even to need to redo a task; this is part of the learning process.

timer icon Once a lab is started, the timer cannot be paused. After 1 hour and 30 minutes, the lab will end and you’ll need to start again.

tip icon For more information review the Lab technical tips reading.

Activity overview

Reports are essential for helping remediate findings, especially for cybersecurity, compliance, and quality assurance. These reports often highlight vulnerabilities, issues, or non-compliance with established standards. By analyzing these reports, you can identify areas for improvement and gather data-driven evidence to make informed decisions. Concrete data enables efficient prioritization and resource allocation to address the identified issues.

Consequently, addressing the findings outlined in reports helps mitigate potential risks and vulnerabilities that could otherwise be exploited. This is especially critical in cybersecurity, where unaddressed issues can lead to data breaches or system compromises.

As a cloud security analyst, you are responsible for evaluating controls against established standards to ensure that an organization's security posture is effective, compliant, and aligned with industry best practices. This evaluation process is crucial for helping with risk management, compliance, and continuous security improvement, ultimately helping organizations protect sensitive data, systems, and their overall reputation.

In this lab, you’ll use the Security Command Center interface to identify and remediate threats and vulnerabilities, and confirm that the issues have been resolved.

Scenario

In your role as a newly appointed junior cloud security analyst at Cymbal Bank, one of your critical responsibilities includes identifying and mitigating threats and vulnerabilities in a timely and effective manner. Your team lead, Chloe, has approached you with a report that highlights security concerns on the company network. Specifically, they have recently discovered that there is a Cloud Storage bucket within the organization that contains sensitive documents and is incorrectly configured. You’ll need to correctly configure the bucket and verify that the issues have been resolved.

Here’s how you'll do this task: First, you’ll use the Security Command Center to identify and verify the security threats. Then, you’ll remediate the high and medium risk issues. Finally, you’ll run a compliance report to verify that the remediation has been successful.

Setup

Before you click Start Lab

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This practical lab lets you do the activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

To complete this lab, you need:

  • Access to a standard internet browser (Chrome browser recommended).
Note: Use an Incognito or private browser window to run this lab. This prevents any conflicts between your personal account and the Student account, which may cause extra charges incurred to your personal account.
  • Time to complete the lab---remember, once you start, you cannot pause a lab.
Note: If you already have your own personal Google Cloud account or project, do not use it for this lab to avoid extra charges to your account.

How to start your lab and sign in to the Google Cloud console

  1. Click the Start Lab button. On the left is the Lab Details panel with the following:

    • Time remaining
    • The Open Google Cloud console button
    • The temporary credentials that you must use for this lab
    • Other information, if needed, to step through this lab
    Note: If you need to pay for the lab, a pop-up opens for you to select your payment method.

  2. Click Open Google Cloud console (or right-click and select Open Link in Incognito Window) if you are running the Chrome browser. The Sign in page opens in a new browser tab.

    Tip: You can arrange the tabs in separate, side-by-side windows to easily switch between them.

    Note: If the Choose an account dialog displays, click Use Another Account.

  3. If necessary, copy the Google Cloud username below and paste it into the Sign in dialog. Click Next.

{{{user_0.username | "Google Cloud username"}}}

You can also find the Google Cloud username in the Lab Details panel.

  1. Copy the Google Cloud password below and paste it into the Welcome dialog. Click Next.
{{{user_0.password | "Google Cloud password"}}}

You can also find the Google Cloud password in the Lab Details panel.

Important: You must use the credentials the lab provides you. Do not use your Google Cloud account credentials. Note: Using your own Google Cloud account for this lab may incur extra charges.
  1. Click through the subsequent pages:
    • Accept the terms and conditions
    • Do not add recovery options or two-factor authentication (because this is a temporary account)
    • Do not sign up for free trials

After a few moments, the Console opens in this tab.

Note: You can view the menu with a list of Google Cloud Products and Services by clicking the Navigation menu at the top-left. Google Cloud console menu with the Navigation menu icon highlighted

Task 1. Identify the vulnerabilities with Security Command Center (SCC)

In this task, you’ll use the Security Command Centre (SCC) to check the compliance status of your project, and identify the high and medium risk vulnerabilities that need to be remediated.

  1. In the Google Cloud console, from the Navigation menu (Navigation Menu icon), select Security > Overview. The Security Command Center Overview page opens.
  2. In the Security Command Center menu, click Vulnerabilities. The Vulnerabilities page opens.

There are many active vulnerabilities listed. You can use the filter to search for the specified findings using the Module ID. You will focus on the following active findings listed for your storage bucket:

  • Public bucket ACL (PUBLIC_BUCKET_ACL): This entry indicates that there is an Access Control List (ACL) entry for the storage bucket that is publicly accessible which means that anyone on the internet can read files stored in the bucket. This is a high-risk security vulnerability that needs to be prioritized for remediation.

  • Bucket policy only disabled (BUCKET_POLICY_ONLY_DISABLED): This entry indicates that uniform bucket-level permissions are not enabled on a bucket. Uniform bucket-level access provides a way to control who can access Cloud Storage buckets and objects, simplifying how you grant access to your Cloud Storage resources. This is a medium-risk vulnerability that must also be remediated.

  • Bucket logging disabled (BUCKET_LOGGING_DISABLED): This entry indicates that there is a storage bucket that does not have logging enabled. This is a low-risk vulnerability that you are not required to remediate in this scenario.

Note: If the Public bucket ACL or Bucket policy only disabled are not listed or don't display any active findings, you may have to wait a few minutes and refresh. Wait until these vulnerabilities display active findings before continuing.

Next, run a compliance report that confirms the vulnerability issues.

  1. In the Security Command Center menu, click Compliance. The Compliance page opens.
  2. In the Google Cloud compliance standards section, click View details in the CIS Google Cloud Platform Foundation 2.0 tile. The CIS Google Cloud Platform Foundation 2.0 report opens.
  3. Click on the Findings column to sort the findings and display the active findings at the top of the list.

Task 2. Remediate the security vulnerabilities

In this task, you’ll remediate the security vulnerabilities identified in the previous task. Then, you’ll check the security status of the Cloud Storage bucket in the report to confirm that the issues have been remediated.

  1. In the Google Cloud console, from the Navigation menu (Navigation Menu icon), select Cloud Storage > Buckets.
  2. Under the Filter section, click the Name link of the bucket for your project (). The Bucket details page opens.
  3. Click the Permissions tab. The Permissions section lists all the permissions provided for the bucket.

First, remove the public access to the Cloud Storage bucket.

  1. Under the Permissions section, click the View by Roles tab.
  2. Expand the Storage Object Viewer role and select the checkbox for allUsers.
  3. Click Remove Access.
  4. A pop-up will appear asking you to confirm the access removal. Ensure Remove allUsers from the role Storage Object Viewer on this resource is selected and click Remove.

Next, switch the access control to uniform. This will enforce a single (uniform) set of permissions for the bucket and its objects.

  1. On the Access control tile, click Switch to uniform.
  2. On the Edit access control dialog, select Uniform.
  3. Click Save.

Finally, run a compliance report to confirm that the vulnerability issues have been remediated.

  1. In the Google Cloud console, from the Navigation menu (Navigation Menu icon), select Security > Compliance.
  2. In the CIS Google Cloud Platform Foundation 2.0 tile, and click View details to view the report again.

The number of active findings for the Cloud Storage buckets should not be anonymously or publicly accessible and Bucket policy only should be Enabled rules should now be 0. This indicates that the Public bucket ACL and Bucket policy only disabled vulnerabilities for the Cloud Storage bucket have been remediated.

Note: If the active findings for the Public bucket ACL or Bucket policy only disabled don't display as 0 (zero) after you have successfully remediated the vulnerabilities, you may have to wait a few minutes and refresh.

Click Check my progress to verify that you have completed this task correctly.

Remediate the security vulnerabilities

Conclusion

Great work!

Throughout this lab, you have gained practical experience in identifying and prioritizing threats using the Security Command Center. You also remediated the vulnerabilities identified for your project, and generated a report to confirm that the vulnerabilities have been remediated.

By remediating the vulnerabilities and ensuring the compliance status of the Cloud Storage bucket, you’ve helped your organization to prevent data breaches, unauthorized access, and data loss.

End your lab

Before you end the lab, make sure you’re satisfied that you’ve completed all the tasks. When you're ready, click End Lab and then click Submit.

Ending the lab will remove your access to the lab environment, and you won’t be able to access the work you've completed in it again.

Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.