SlideShare a Scribd company logo

Shape your remote connection to your GCE instance

DevOps Indonesia
DevOps Indonesia

This document summarizes information presented by Mr. Didiet Agus P about DevOps in Indonesia. It discusses securing remote connections to Google Compute Engine instances, including using firewalls, bastion hosts, VPNs, and other methods. It also provides an overview of Virtual Private Cloud networks and how they can be used to isolate resources and control traffic. The document concludes by sharing contact information for DevOps communities in Indonesia.

Technology
1 of 22
Download to read offline
DEVOPS INDONESIA By : Mr. Didiet Agus P DevOps Community in Indonesia Bandung,29 November 2019 Shape your remote connection to your GCE Instance
Secure your remote connection to your GCE Instance
About Me ● DevOps Engineer PT. Gits Indonesia Member of openSUSE Project, openSUSE-Id, KLAS, Kubernetes-Id etc Cloud Enthusiast Contact me : ● ● ● – didiet@gits.id pambudiono@opensuse.org–
Background ● Web services are still under development and aren't ready to be exposed to external users because they're feature incomplete or haven't yet been configured with HTTPS. ● An instance might be providing services designed to be consumed only by other instances in the project. ● Instances should only be reached through dedicated interconnect options from company offices or data centers.
Two Kind of GCE Instance : ● With External IP addresses – With Public IP Address Accessible from internet– ● Without External IP addresses – No Public IP Address Not accessible from internet–
Connecting services on machine with external IP address ● Firewall Bastion host and SSH forwarding VPN HTTPS and SSL Multi Factor Authentication ● ● ● ●
Connecting services on machine without external IP address ● Bastion host and SSH forwarding VPN HTTPS and SSL proxy load balancers ● ●
Firewall ● First line of defense to restrict who can reach the instance. By creating firewall rules, we can restrict all traffic to a target machine Firewalls aren't a standalone solution. Restricting traffic to specific source IPs doesn't protect sensitive information, such as login credentials, commands that create or destroy resources or files, or logs. In addition, firewalls aren't always the appropriate solution. For example, firewalls aren't ideal for development environments that don't have static IP addresses, such as roaming laptops. ● ● ●
VPC (Virtual Private Cloud) Network ● A Virtual Private Cloud network is a virtual version of a physical network, like a data center network. It provides connectivity for Compute Engine virtual machine (VM) instances, Kubernetes Engine clusters, App Engine Flex instances, and other resources in the project. ●
VPC Specifications ● Traffic to and from instances can be controlled with network firewall rules. Resources within a VPC network can communicate with one another using internal (private) IPv4 addresses, subject to applicable network firewall rules. VPC networks can be connected to other VPC networks in different projects or organizations by using VPC Network Peering. VPC networks can be securely connected in hybrid environments using Cloud VPN or Cloud Interconnect. VPC networks only support IPv4 unicast traffic ● ● ● ●
tz g: VPC network Firewall rules ClCREATE FIREWALL RULE C REFRESH 8 DELETE VPC networks Firewall rulescontrol incomingor outgoingtraffic to aninstance. Bydefault. incoming traffic fromoutsideyour network isblocked. Learn more Note:App Enginefirewalls aremanaged here.External IPaddresses -- ) ¢ Firewall rules - F1ter resources Columns • -> !>Cl •101• <I Routes Name Type Targets filters Protocols I ports Action Priority NetwOf'k .... VPC network peering a4195e3f4fa0011e9b41d4201Oa94003 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node SharedVPC a4246f323014311eaa7da 4201Oa94013 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node Serverless VPC access a4701d3Ba053611eaa7da4201Oa94013 Ingress gke-core-cluster-ff4e79b9- IPranges:0.0.0.0/0 tcp:6379 Allow 1000 defauh Packet mirroring node a5fdc3f971Obi11eaa5e54201Oa94001 Ingress gke-core-cluster-ff4e79b9- IPranges:0.0.0.0/0 tcp:6379 Allow 1000 defauh node a74eb6db5042d11eaa7da4201Oa9401 3 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node aa008540f011711eaa7da42010a94013 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node aaB62aOOdebee11 e9b7d94201Oa9400e Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node ab 6b5697051911eaa7da4201Oa94013 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node allow-all Ingress Apply to all IPranges: 34.87.109.203/32, all Allow 1000 defauh 16 more ... allow.<fanone-ip-address Ingress simalpi IPranges: 0.0.0.0/0 tcp:5432 Allow 1000 defauh
DMZ or Demilitarized Zone ● a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually a larger network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled. The DMZ functions as a small, isolated network positioned between the Internet and the private network. ● ● ●
Bastion Host ● a system identified by the firewall administrator as a critical strong point in the network security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software. ●
Bastion Host Placement ● requires two firewalls, with bastion hosts sitting between the first "outside world" firewall, and an inside firewall. in a DMZ, often smaller networks do not have multiple firewalls, so if only one firewall exists in a network, bastion hosts are commonly placed outside the firewall. ●
Bastion Host Placement ● requires two firewalls, with bastion hosts sitting between the first "outside world" firewall, and an inside firewall. in a DMZ, often smaller networks do not have multiple firewalls, so if only one firewall exists in a network, bastion hosts are commonly placed outside the firewall. ●
Bastion !Host l11elrnal lOJ.48.0.3 l11el rnal lOJ.48.0.4 InternBJ 10.14{1.0.5 External Machine SSH
, .1 , ,, I I I II I ,.I , i i n "1111 1111 I, •••4 •n 1. ., .., .. t,.•.. ',. ' .,. ,. , . ..,. Iii ..... '11 .. " ' " ' " .,.., S. SIH .Y r .. .. - -····----·----• Bastion !Host - - - - - - • - -- - -• • • • •• •• -r In ernal 10.:11.48.0.3 l11el mal 10.:11.48.0.4 lntemB.1 10.148-0.5 External Machine IVPN
Thank You! www.gits.id @gitscreative
e e e e iOS Developer e Android Developer e Flutter Back End Developer Developer e e Front End Developer UI / UX Designer Product Owner Quality Assurance
Alone We are smart, together We are brilliant THANK YOU ! Quote by Steve Anderson
Stay Connected @IDDevOps http://www.devopsindonesia.com @devopsindonesia @DevOpsIndonesia @IDDevOps
https://t.me/IDDevOpshttps://t.me/IDDevOpsBDG SCAN ME!

Recommended

How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
Positive Hack Days
 
Aircrack
AircrackAircrack
Aircrack
MuhammadHanzalah6
 
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактамиМобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Positive Hack Days
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
Ahmad Yar
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
Pavel Odintsov
 
BGP Security (Mum presentation 2016)
BGP Security (Mum presentation 2016) BGP Security (Mum presentation 2016)
BGP Security (Mum presentation 2016)
Rofiq Fauzi
 
IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?
RIPE NCC
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacks
dkaya
 

Recommended

How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
Positive Hack Days
 
Aircrack
AircrackAircrack
Aircrack
MuhammadHanzalah6
 
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактамиМобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Positive Hack Days
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
Ahmad Yar
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
Pavel Odintsov
 
BGP Security (Mum presentation 2016)
BGP Security (Mum presentation 2016) BGP Security (Mum presentation 2016)
BGP Security (Mum presentation 2016)
Rofiq Fauzi
 
IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?
RIPE NCC
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacks
dkaya
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
KishoreTs3
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
barcamp.my
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotik
Aldi Nor Fahrudin
 
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
Rofiq Fauzi
 
Week14
Week14Week14
Week14
The university of Aizu
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
Rofiq Fauzi
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
Suraj Bohara
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
Narudom Roongsiriwong, CISSP
 
Presentation 14all
Presentation 14allPresentation 14all
Presentation 14all
guestaa4c059
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and Radius
Dashamir Hoxha
 
Security onion
Security onionSecurity onion
Security onion
Kaustubh Padwad
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
n|u - The Open Security Community
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
Harshit Varshney
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
Lancope, Inc.
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
Open Knowledge Nepal
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
Michael Boman
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
承翰 蔡
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
Fools your enemy with MikroTik
Fools your enemy with MikroTikFools your enemy with MikroTik
Fools your enemy with MikroTik
Didiet Kusumadihardja
 
VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALL
Moin Islam
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
 

More Related Content

What's hot

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
KishoreTs3
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
barcamp.my
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotik
Aldi Nor Fahrudin
 
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
Rofiq Fauzi
 
Week14
Week14Week14
Week14
The university of Aizu
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
Rofiq Fauzi
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
Suraj Bohara
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
Narudom Roongsiriwong, CISSP
 
Presentation 14all
Presentation 14allPresentation 14all
Presentation 14all
guestaa4c059
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and Radius
Dashamir Hoxha
 
Security onion
Security onionSecurity onion
Security onion
Kaustubh Padwad
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
n|u - The Open Security Community
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
Harshit Varshney
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
Lancope, Inc.
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
Open Knowledge Nepal
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
Michael Boman
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
承翰 蔡
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
Fools your enemy with MikroTik
Fools your enemy with MikroTikFools your enemy with MikroTik
Fools your enemy with MikroTik
Didiet Kusumadihardja
 

What's hot (20)

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotik
 
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
 
Week14
Week14Week14
Week14
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Presentation 14all
Presentation 14allPresentation 14all
Presentation 14all
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and Radius
 
Security onion
Security onionSecurity onion
Security onion
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
 
Fools your enemy with MikroTik
Fools your enemy with MikroTikFools your enemy with MikroTik
Fools your enemy with MikroTik
 

Similar to Shape your remote connection to your GCE instance

VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALL
Moin Islam
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
 
Week13
Week13Week13
Week13
yasuhiroki
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
9921103075
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
Bob Killen
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
DAVID RAUDALES
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-in
Kai Jokiniemi
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
Rajesh Porwal
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-in
Sakari Hoisko
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
ssuser530a07
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
MLG College of Learning, Inc
 
Platform configuration on CloudHub 2.0 | MuleSoft Mysore Meetup #29
Platform configuration on CloudHub 2.0 | MuleSoft Mysore Meetup #29Platform configuration on CloudHub 2.0 | MuleSoft Mysore Meetup #29
Platform configuration on CloudHub 2.0 | MuleSoft Mysore Meetup #29
MysoreMuleSoftMeetup
 
Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
phanleson
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
Siva Rama Krishna Chunduru
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
Joseph Holbrook, Chief Learning Officer (CLO)
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
ssuserfb92ae
 
Amazon VPC Best Practices 2016
Amazon VPC Best Practices 2016Amazon VPC Best Practices 2016
Amazon VPC Best Practices 2016
AWSBulgaria
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan Naydenov
Bogdan Naydenov
 
Lessson 2
Lessson 2Lessson 2
Lessson 2
MLG College of Learning, Inc
 
IRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private Networks
IRJET Journal
 

Similar to Shape your remote connection to your GCE instance (20)

VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALL
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
Week13
Week13Week13
Week13
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-in
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-in
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
Platform configuration on CloudHub 2.0 | MuleSoft Mysore Meetup #29
Platform configuration on CloudHub 2.0 | MuleSoft Mysore Meetup #29Platform configuration on CloudHub 2.0 | MuleSoft Mysore Meetup #29
Platform configuration on CloudHub 2.0 | MuleSoft Mysore Meetup #29
 
Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
Amazon VPC Best Practices 2016
Amazon VPC Best Practices 2016Amazon VPC Best Practices 2016
Amazon VPC Best Practices 2016
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan Naydenov
 
Lessson 2
Lessson 2Lessson 2
Lessson 2
 
IRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private Networks
 

More from DevOps Indonesia

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8s
DevOps Indonesia
 
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
DevOps Indonesia
 
Securing DevOps Lifecycle
Securing DevOps LifecycleSecuring DevOps Lifecycle
Securing DevOps Lifecycle
DevOps Indonesia
 
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Indonesia
 
Secure your Application with Google cloud armor
Secure your Application with Google cloud armorSecure your Application with Google cloud armor
Secure your Application with Google cloud armor
DevOps Indonesia
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Indonesia
 
Operate Containers with AWS Copilot
Operate Containers with AWS CopilotOperate Containers with AWS Copilot
Operate Containers with AWS Copilot
DevOps Indonesia
 
Continuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusContinuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barus
DevOps Indonesia
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps Indonesia
 
Securing Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsSecuring Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB Credentials
DevOps Indonesia
 
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia
 
The Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsThe Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOps
DevOps Indonesia
 
API Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingAPI Security Webinar - Credential Stuffing
API Security Webinar - Credential Stuffing
DevOps Indonesia
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIs
DevOps Indonesia
 
API Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoAPI Security Webinar - Hendra Tanto
API Security Webinar - Hendra Tanto
DevOps Indonesia
 
API Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingAPI Security Webinar : Credential Stuffing
API Security Webinar : Credential Stuffing
DevOps Indonesia
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIs
DevOps Indonesia
 

More from DevOps Indonesia (20)

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8s
 
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcement
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
 
Securing DevOps Lifecycle
Securing DevOps LifecycleSecuring DevOps Lifecycle
Securing DevOps Lifecycle
 
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - Announcement
 
Secure your Application with Google cloud armor
Secure your Application with Google cloud armorSecure your Application with Google cloud armor
Secure your Application with Google cloud armor
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
 
Operate Containers with AWS Copilot
Operate Containers with AWS CopilotOperate Containers with AWS Copilot
Operate Containers with AWS Copilot
 
Continuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusContinuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barus
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
 
Securing Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsSecuring Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB Credentials
 
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - Announcement
 
The Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsThe Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOps
 
API Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingAPI Security Webinar - Credential Stuffing
API Security Webinar - Credential Stuffing
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIs
 
API Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoAPI Security Webinar - Hendra Tanto
API Security Webinar - Hendra Tanto
 
API Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingAPI Security Webinar : Credential Stuffing
API Security Webinar : Credential Stuffing
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIs
 

Recently uploaded

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 

Recently uploaded (20)

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 

Shape your remote connection to your GCE instance

  • 1. DEVOPS INDONESIA By : Mr. Didiet Agus P DevOps Community in Indonesia Bandung,29 November 2019 Shape your remote connection to your GCE Instance
  • 2. Secure your remote connection to your GCE Instance
  • 3. About Me ● DevOps Engineer PT. Gits Indonesia Member of openSUSE Project, openSUSE-Id, KLAS, Kubernetes-Id etc Cloud Enthusiast Contact me : ● ● ● – didiet@gits.id pambudiono@opensuse.org–
  • 4. Background ● Web services are still under development and aren't ready to be exposed to external users because they're feature incomplete or haven't yet been configured with HTTPS. ● An instance might be providing services designed to be consumed only by other instances in the project. ● Instances should only be reached through dedicated interconnect options from company offices or data centers.
  • 5. Two Kind of GCE Instance : ● With External IP addresses – With Public IP Address Accessible from internet– ● Without External IP addresses – No Public IP Address Not accessible from internet–
  • 6. Connecting services on machine with external IP address ● Firewall Bastion host and SSH forwarding VPN HTTPS and SSL Multi Factor Authentication ● ● ● ●
  • 7. Connecting services on machine without external IP address ● Bastion host and SSH forwarding VPN HTTPS and SSL proxy load balancers ● ●
  • 8. Firewall ● First line of defense to restrict who can reach the instance. By creating firewall rules, we can restrict all traffic to a target machine Firewalls aren't a standalone solution. Restricting traffic to specific source IPs doesn't protect sensitive information, such as login credentials, commands that create or destroy resources or files, or logs. In addition, firewalls aren't always the appropriate solution. For example, firewalls aren't ideal for development environments that don't have static IP addresses, such as roaming laptops. ● ● ●
  • 9. VPC (Virtual Private Cloud) Network ● A Virtual Private Cloud network is a virtual version of a physical network, like a data center network. It provides connectivity for Compute Engine virtual machine (VM) instances, Kubernetes Engine clusters, App Engine Flex instances, and other resources in the project. ●
  • 10. VPC Specifications ● Traffic to and from instances can be controlled with network firewall rules. Resources within a VPC network can communicate with one another using internal (private) IPv4 addresses, subject to applicable network firewall rules. VPC networks can be connected to other VPC networks in different projects or organizations by using VPC Network Peering. VPC networks can be securely connected in hybrid environments using Cloud VPN or Cloud Interconnect. VPC networks only support IPv4 unicast traffic ● ● ● ●
  • 11. tz g: VPC network Firewall rules ClCREATE FIREWALL RULE C REFRESH 8 DELETE VPC networks Firewall rulescontrol incomingor outgoingtraffic to aninstance. Bydefault. incoming traffic fromoutsideyour network isblocked. Learn more Note:App Enginefirewalls aremanaged here.External IPaddresses -- ) ¢ Firewall rules - F1ter resources Columns • -> !>Cl •101• <I Routes Name Type Targets filters Protocols I ports Action Priority NetwOf'k .... VPC network peering a4195e3f4fa0011e9b41d4201Oa94003 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node SharedVPC a4246f323014311eaa7da 4201Oa94013 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node Serverless VPC access a4701d3Ba053611eaa7da4201Oa94013 Ingress gke-core-cluster-ff4e79b9- IPranges:0.0.0.0/0 tcp:6379 Allow 1000 defauh Packet mirroring node a5fdc3f971Obi11eaa5e54201Oa94001 Ingress gke-core-cluster-ff4e79b9- IPranges:0.0.0.0/0 tcp:6379 Allow 1000 defauh node a74eb6db5042d11eaa7da4201Oa9401 3 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node aa008540f011711eaa7da42010a94013 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node aaB62aOOdebee11 e9b7d94201Oa9400e Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node ab 6b5697051911eaa7da4201Oa94013 Ingress gke-core-cluster-ff4e79b9- IPranges: 0.0.0.0/0 tcp:6379 Allow 1000 defauh node allow-all Ingress Apply to all IPranges: 34.87.109.203/32, all Allow 1000 defauh 16 more ... allow.<fanone-ip-address Ingress simalpi IPranges: 0.0.0.0/0 tcp:5432 Allow 1000 defauh
  • 12. DMZ or Demilitarized Zone ● a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually a larger network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled. The DMZ functions as a small, isolated network positioned between the Internet and the private network. ● ● ●
  • 13. Bastion Host ● a system identified by the firewall administrator as a critical strong point in the network security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software. ●
  • 14. Bastion Host Placement ● requires two firewalls, with bastion hosts sitting between the first "outside world" firewall, and an inside firewall. in a DMZ, often smaller networks do not have multiple firewalls, so if only one firewall exists in a network, bastion hosts are commonly placed outside the firewall. ●
  • 15. Bastion Host Placement ● requires two firewalls, with bastion hosts sitting between the first "outside world" firewall, and an inside firewall. in a DMZ, often smaller networks do not have multiple firewalls, so if only one firewall exists in a network, bastion hosts are commonly placed outside the firewall. ●
  • 17. , .1 , ,, I I I II I ,.I , i i n "1111 1111 I, •••4 •n 1. ., .., .. t,.•.. ',. ' .,. ,. , . ..,. Iii ..... '11 .. " ' " ' " .,.., S. SIH .Y r .. .. - -····----·----• Bastion !Host - - - - - - • - -- - -• • • • •• •• -r In ernal 10.:11.48.0.3 l11el mal 10.:11.48.0.4 lntemB.1 10.148-0.5 External Machine IVPN
  • 19. e e e e iOS Developer e Android Developer e Flutter Back End Developer Developer e e Front End Developer UI / UX Designer Product Owner Quality Assurance
  • 20. Alone We are smart, together We are brilliant THANK YOU ! Quote by Steve Anderson