Let learn through the challenge lab.
Challenge scenario
Cymbal Bank is an American retail bank with over 2,000 branches in all 50 states. It offers comprehensive debit and credit services that are built on top of a robust payments platform. Cymbal Bank is a digitally transforming legacy financial services institution.
Cymbal Bank was founded in 1920 under the name Troxler. Cymbal Group acquired the company in 1975 after it had been investing heavily in Cymbal Group's proprietary ATMs. As the bank grew into a national leader, they put strategic emphasis on modernizing the customer experience both in-person at their branches and digitally through an app they released in 2014. Cymbal Bank employs 42,000 people nationwide and, in 2019, reported $24 billion in revenue.
In this challenge, you are a cloud security engineer tasked with securing Cymbal Bank's Google Cloud environment by leveraging Security Command Center's features. You have performed these tasks in previous labs. Now, it's your turn to demonstrate your proficiency with Security Command Center by implementing advanced threat detection and mitigation strategies, optimizing access controls, and ensuring compliance with industry regulations and best practices.
Task 1. Configure the environment
1. Go to Compute Engine > VM instances.
2. Click on VM: cls-vm
3. Click Edit in detail page.
4. Go to Network interfaces section, and click the arrow to expand it.
5. At External IPv4 address, click and select Reserve static external IP address (It's says "Ephemeral").
6. Name the IP address exactly: static-ip.
7. Click Reserve, then click Save.
8. Copy this new static External IP (It's will be used in Task 4.)
Task 2. Create static mute rules for Cymbal Bank
1. Open and active cloud shell.
2. Set your Project ID as variables.
export PROJECT_ID=$(gcloud config get-value project)3. Run this 3 commands to generate the mute rules.
gcloud scc muteconfigs create muting-flow-log-findings \
--project=$PROJECT_ID \
--filter='category="FLOW_LOGS_DISABLED"' \
--description="Rule for muting VPC Flow Logs"gcloud scc muteconfigs create muting-audit-logging-findings \
--project=$PROJECT_ID \
--filter='category="AUDIT_LOGGING_DISABLED"' \
--description="Rule for muting audit logs"gcloud scc muteconfigs create muting-admin-sa-findings \
--project=$PROJECT_ID \
--filter='category="ADMIN_SERVICE_ACCOUNT"' \
--description="Admin service account"Task 3. Analyze and fix Cymbal Bank's high vulnerability findings
1. On search bar, type Firewall, and click (VPC Network > Firewall).
2. Look for rules that allow public SSH and RDP. (It's will be named like default-allow-rdp and default-allow-ssh)
3. Click on the default-allow-rdp rule and click Edit.
4. Find Soruce IPv4 ranges. Delete 0.0.0.0/0 and replace it with the IAP IP range: 35.235.240.0/20.
5. Click Save.
6. Click on the default-allow-ssh rule and click Edit.
7. Find Soruce IPv4 ranges. Delete 0.0.0.0/0 and replace it with the IAP IP range: 35.235.240.0/20.
8. Click Save.
Note: IP 35.235.240.0/20 is the secure standard for Google Cloud Firewall rules.
Task 4. Identify application vulnerabilities with SCC's security scanning features
1. On search bar, type Web Security Scanner, and click (Security > Web Security Scanner).
2. Click + New Scan
3. In the Starting URL field, type http://<STATIC_IP>:8080 (replace <STATIC_IP> with the External IP of cls-vm you copied in Task 1).
4. Leave all other settings as default, then click Save.
5. Click Run to start the scan.
Task 5. Export Cymbal Bank Findings to Google Cloud Storage
1. On search bar, type Cloud Storage.
2. Create new bucket. Bucket name, Location type, and Location are follow the lab detail in Task 5.
3. On search bar, type Findings, and click (Security > Security Command Center > Findings).
4. Verify the time range is still set to Last 180 days.
5. Click the Export button, then select Cloud Storage.
6. In Project dropdown, select Qwiklabs Project ID.
7. In the Export path field, click Browse, select the bucket that created on previous step (5.2), and add file name /findings.jsonl at the bottom, then click Export.
Congratulations. Complete the lab.
