Questions tagged [google-cloud-platform]
The google-cloud-platform tag has no usage guidance.
22 questions
2
votes
1
answer
139
views
Why is Google’s JavaScript Accessing 224.32.32.0/24 from the Browser?
I noticed a suspicious network error while trying to enter my credit card information on a page under console.cloud.google.com/billing. The network error indicated that a GET request to https://224.32....
- 21
4
votes
2
answers
119
views
Logging Strategy (high costs for storing all logs)
In our organization, we use a GCP setup with Kubernetes. We generate tons of firewall logs as we provide a digital service that generates a high volume of requests from our users. Storing all these ...
- 41
1
vote
1
answer
265
views
Why use access token for Google Artifact Registry access?
Applications using a Google service account can use that service account's key (a long-lived credential) to obtain a short-lived access token for Google Artifact Registry and documentation strongly ...
- 113
1
vote
0
answers
48
views
Google SAML auth not working through APP tile but works with direct link
We've recently migrated from Okta to Google for work for AWS authentication.
Our amazon org authentication is setup through IAM Identity center. It was working flawlessly using Okta but since we ...
- 111
2
votes
0
answers
69
views
What can an attacker with root access on a GKE node do on the network?
Let’s say that an attacker, through some chain of exploits, manages to get root on a Kubernetes node. Can they disable network policies on that node? I know that to a large extent this depends on the ...
- 141
1
vote
1
answer
404
views
Do you encrypt traffic between GKE nodes and external Load balancers?
I have a GKE standard deployment in GCP. I have TLS terminating at an IAAS managed load balancer, provided by their Ingress controller. The certificates are GoogleManagedCertificates. I'm fine with ...
- 113
0
votes
1
answer
321
views
How secure is my IP address?
I have a public facing IP address setup at a VM in the Google Cloud Platform.
I am wondering, if it is possible as an outsider to take away this public IP, or pretend another computer is this public ...
3
votes
1
answer
383
views
How does Google Cloud Customer Managed Encryption Keys (CMEK) differ from normal at-rest encryption
I am trying to solve a compliance issue with a vendor that uses Google Cloud with Customer Managed Encryption Keys (CMEK).
The vendor stores personal data in Google Cloud and claims that CMEK makes ...
- 31
-1
votes
1
answer
188
views
How to configure CDN GCP bucket access privileges
We use GCP Cloud Storage and Cloud CDN to deliver some static assets (html/css/js/.jpg/.png). The buckets used to store those are public with anonymous access (i.e. allUsers in GCP terms).
On one hand ...
- 99
1
vote
1
answer
139
views
How could attacker know user names of my Google Workspace? [closed]
I found in my Google admin logs that someone from outside my organization is trying to log in frequently by testing all our user accounts against weak passwords. I'm wondering how could that happen?
...
- 119
-1
votes
1
answer
301
views
Google Cloud Storage Service Account Key Management for Signed URLs
Background
I am looking to have a Cloud Storage bucket that is not publicly accessible for images. Then my plan was to sign any image URL on the website to authorize it for a short period of time (~30 ...
- 377
2
votes
1
answer
2k
views
should I treated the let's encrypt fullchain.pem as a public key
I am using let's encrypt to generate a certificate. It contains 'fullchain.pem' and 'privkey.pem'. should I treated the let's encrypt fullchain.pem as a public key? I find the public key certificate ...
- 135
0
votes
1
answer
139
views
How to perform security audit of a web service that uses google cloud's external HTTP(s) load balancer?
An independent security auditor discovered many open ports by using nmap while auditing a web service deployed on GCP. The service is a Cloud Run instance behind an HTTP(s) load balancer. The auditor ...
- 101
0
votes
0
answers
513
views
Is it possibile to interact with firebase database using credentials obtained from an APK?
during the static analysis while pentesting an android application I found the following information to connect to a firebase instance.
<string name="google_app_id">1:**REDACTED**:...
- 101
0
votes
1
answer
158
views
Can Cisco Umbrella be Used Along with Google Classroom?
We are creating an Information Assurance and Security Plan for a public school. The Plan will include Google Classroom because the school doesn’t have an online learning platform. The problem is our ...
1
vote
1
answer
284
views
Does adding a randomized string in S3 file path has equal security to Google Drive shared link
I would like to use an AWS S3 bucket to store my IoT firmware file and allows all of my IoT devices to access it to update the firmware to the latest version.
I want that the firmware file in the S3 ...
- 395
2
votes
1
answer
228
views
Container Vulnerability Management
Having difficulty understanding how to translate 'traditional' vulnerability management to a cloud environment. Previously accustomed to using tools like OpenVAS and Nessus, setting up scans which ...
- 123
0
votes
0
answers
15
views
Google Cloud Platform may have been compromised and used for cryptocurrency mining [duplicate]
How to detect where the issue on my server is, and whether the server is being used for cryptocurrency mining?
I just received an email from Google and my server stopped working.
Dear Developer,
Our ...
- 101
1
vote
0
answers
400
views
Keeping data confidential from the system administrator
Problem
How do I ensure that I cannot access confidential data manually through the database? Practically speaking, this is a firestore database on google cloud, and I have access to the administrator ...
- 111
2
votes
1
answer
663
views
My Firebase project has unknown users, has my google cloud service account been compromised?
My project is a flutter app, it is in Internal Testing only, I am the only user. I've been working on this project for about a month and all of a sudden today I keep getting unknown users registering. ...
- 21
3
votes
1
answer
1k
views
Is it safe to make every resource public in a Google Cloud Storage bucket?
I'm developing a business web application for my client, in which he can upload images (e.g. floor plans, photos of object etc.) and documents of different objects (word, excel etc.).
The images ...
- 133
1
vote
0
answers
168
views
No way of restricting public access to Firestore/API
Just glancing at GCP offerings for storing data, I noticed that while using Firestore, the only control for restricting public access is via security rules. However, in case of mis-configuration of ...
- 1,351