You're reading from Architecting Google Cloud Solutions Learn to design robust and future-proof solutions with Google Cloud technologies

Product type Paperback

Published in Apr 2021

Publisher Packt

ISBN-13 9781800563308

Length 472 pages

Edition 1st Edition

Tools

Google App Engine

Concepts

Cloud Computing

Author (1):

Victor Dantas

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Introduction to Google Cloud

2. Chapter 1: An Introduction to Google Cloud for Architects FREE CHAPTER

3. Chapter 2: Mastering the Basics of Google Cloud

4. Section 2: Designing Great Solutions in Google Cloud

5. Chapter 3: Designing the Network

6. Chapter 4: Architecting Compute Infrastructure

7. Chapter 5: Architecting Storage and Data Infrastructure

8. Chapter 6: Configuring Services for Observability

9. Chapter 7: Designing for Security and Compliance

10. Section 3: Designing for the Modern Enterprise

11. Chapter 8: Approaching Big Data and Data Pipelines

12. Chapter 9: Jumping on the DevOps Bandwagon with Site Reliability Engineering (SRE)

13. Chapter 10: Re-Architecting with Microservices

14. Chapter 11: Applying Machine Learning and Artificial Intelligence

15. Chapter 12: Achieving Operational Excellence

16. Other Books You May Enjoy

Securing networks

Networking plays a fundamental role in securing your infrastructure. A network designed to be open and permissive is what allows attackers to move laterally and penetrate further into systems once they get in. In Chapter 3, Designing the Network, we discussed the concept of zero trust security. The main point to remember is that you should always assume a breach, making design decisions that protect your infrastructure when a breach happens. What that means for networks is that you should always ensure traffic is implicitly denied, while only specific IP addresses and network ports are allowed in the firewall on an as-needed basis. Another way to frame this is to assume each network request in the environment is coming from a compromised server or an open, untrusted public network. What can you do to minimize the impact such requests can have? Isolation and firewalling.