Security in Media & Entertainment

Introduction

Google Cloud HTTP(S) load balancing is deployed at the edge of Google’s network in Google points of presence (POP) around the world. User traffic directed to an HTTP(S) load balancer enters the POP closest to the user and is then load balanced over Google’s global network to the closest backend that has sufficient capacity available.

Cloud Armor is Google’s distributed denial of service and web application firewall (WAF) detection system. Cloud Armor is tightly coupled with the Google Cloud HTTP Load Balancer and safeguards applications of Google Cloud customers from attacks from the internet. reCAPTCHA Enterprise is a service that protects your site from spam and abuse, building on the existing reCAPTCHA API which uses advanced risk analysis techniques to tell humans and bots apart. Cloud Armor Bot Management provides an end-to-end solution integrating reCAPTCHA Enterprise bot detection and scoring with enforcement by Cloud Armor at the edge of the network to protect downstream applications.

Security Architecture

Learning Objectives

In this lab, you configure an HTTP Load Balancer with a backend, as shown in the diagram below. Then, you’ll learn to set up a reCAPTCHA session token site key and embed it in your website. You will also learn to set up redirection to reCAPTCHA Enterprise manual challenge. We will then configure a Cloud Armor bot management policy to showcase how bot detection protects your application from malicious bot traffic.

  1. How to set up a HTTP Load Balancer with appropriate health checks.
  2. How to create a reCAPTCHA WAF challenge-page site key and associated it with Cloud Armor security policy.
  3. How to create a reCAPTCHA session token site key and install it on your web pages.
  4. How to create a Cloud Armor bot management policy.
  5. How to validate that the bot management policy is handling traffic based on the rules configured.

Challenges

Prerequisites

Contributors