SlideShare a Scribd company logo

Cloud Security (AWS)

Download as PPTX, PDF
Scott Arveseth
Scott Arveseth

Cloud security overview. Emphasis on AWS. We investigate how we can build a secure, simple web application on AWS.

Internet
1 of 41
Cloud SecurityScott Arveseth @ScottArveseth Scott.Arveseth@gmail.com
The Cloud IaaS AWS Azure Rackspace VMWare SaaS SalesForce Cloud9 Akamai AppDynamics PaaS Cloud Foundry Google App Engine Azure AWS SalesForce Software & Services Office 365 QuickBase Lynda.com Agility Scalability Resiliency High Availability Security?
Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon Web Services (AWS)  Regions Worldwide (11) o Availability Zones (2-3 per Region)  Edge Locations (50+) Behind the Cloud…
Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon Web Services (AWS)  Regions Worldwide (11) o Availability Zones (2-3 per Region)  Edge Locations (50+)
Security is a Shared Responsibility Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data SaaS Provider Yours  Your responsibility vs. Provider responsibility o Type of service o Contractual agreements  Evaluating Cloud providers o SOC I/II, ISO 27002, PCI, HIPAA o Contractual agreements o Financial limits
Security is a Shared Responsibility Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data PaaS Provider Yours Your responsibility vs. Provider responsibility o Type of service o Contractual agreements  Evaluating Cloud providers o SOC I/II, ISO 27002, PCI, HIPAA o Contractual agreements o Financial limits
Security is a Shared Responsibility Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data IaaS Provider Yours  Your responsibility vs. Provider responsibility o Type of service o Contractual agreements  Evaluating Cloud providers o SOC I/II, ISO 27002, PCI, HIPAA o Contractual agreements o Financial limits
Amazon Web Services (AWS)  IaaS: flexible & complex  AWS offers IaaS, PaaS, and SaaS solutions Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data IaaS PaaS
Evaluating Risk Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Where are the biggest risks? Data Verizon DBIR 2014 Incident Classification: Web App Attacks (35%) Extern Discovery (88%) Cyber-Espionage (22%) Extern Discovery (85%) Actions: Stolen Creds (1)(3)(3) Export Data (2)(7)(4) Source: www.verizonenterprise.com/DBIR/2014/ DevOps Users
AWS Dashboard, CLIs, APIs AWS CLI Java Python (boto) Node. js
DMZ Subnet Priv. Subnet NACL Security Groups Amazon CloudWatch AWS CloudFormation Region: US-East
Users DMZ Subnet Priv. Subnet Amazon CloudWatch AWS CloudFormation
SSH Key Admins Admins Amazon CloudWatch AWS CloudFormation MFA MFA token Admins AWS Access Key AWS CLI role AWS CLI role
Security in the Cloud  Monitor, Assess, Defend (MAD)  Monitor o Detection is important o Built on a foundation of logs  Assess / Test o Evaluate security controls o Dangerous ground when scanning your app on provider’s infrastructure  Defend o Prevent security incidents from occurring o Raise the bar Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data
Monitor (MAD)
Monitor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch  Web Application Firewall (WAF) o Bursting thresholds o OWASP Top 10 o Tuned to the application  Application, RDS logs o AuthN/Z o Security related o Anomaly detection  ELB – Log user requests o Anomaly detection
Monitor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch  S3 Access Logging o If there is sensitive information in S3 buckets (S3 access logs not part of CloudTrail)  CloudWatch o Availability & performance of EC2 instances
Monitor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch  CloudTrail – AWS account actions o Any root account activity o StopLogging / UpdateTrail o Create/DeleteVPC o CreateAccessKey o Privileged Role assignments o DeleteHostedZone o ChangeResourceRecordSet o RunInstance (dramatic change) o Public Security Group modification  IAM o AWS Access Keys o Inventory (owner) / Last recycle date Security
Monitor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch  OS / Instances o “Treat them as cattle, not pets” o One of these things is not like the others o Update FIM snapshot • New AMI • New Code o Collect Syslogs / Event logs (forensics) FIM FIM FIM FIM
Event Monitoring System  Collect & correlate logs to detect security events o Oh $4!#! principle Amazon CloudWatch
Assess (MAD)
Assess / Test  Do you like working with technology, or would you rather make license plates, do laundry, and be watched 24/7 by armed guards… o TALK WITH YOUR CLOUD PROVIDER BEFORE DOING SECURITY TESTING! o GET WRITTEN PERMISSION!
Assess / Test  Static code analysis o Secure coding practices o Plain text credentials o AWS access keys  Security architecture reviews o Dev – Sec – Ops?  Cloud Formation Templates o Review before running in production Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data
Assess / Test  IAM o Roles • Responsibility o Users / Instances with privileged roles o Separation of duties  EC2 AMIs that are in use  Security Group Configuration  Trusted Advisor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch Security
Assess: Trusted Advisor
Defense (MAD)
Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Defense  Contractual agreements  Vendor attestations  Resilient architecture o Decoupled o Auto-Scaling o Multi-AZ o Secure o Automation o Snapshots/backups • EBS, RDS, S3 Users AWS CloudFormation Amazon CloudWatch Priv. Subnet
Defense  Encryption: Amazon Key Management Service (KMS) o Centralized key management (CloudTrail) o Encrypt Elastic Block Storage (EBS) without impacting performance o Encrypt credentials or other sensitive data http://aws.amazon.com/kms/ Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch
Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Defense  Web Application Firewall (WAF) o Tune and re-tune it o Block malicious traffic o Turn on rate limiting to save $  Evaluate WAF effectiveness by reviewing HTTP request logs Amazon CloudWatch
Defense  Use Your Identity Provider o AssumeRoleWithSAML() o Does anyone have time to manage two IdPs?  Limit creation of AWS Access Keys o DevOps – temporary access keys o Applications – EC2 instance roles o Permanent – least privilege • Rotate keys regularly • Scour code and configs Source: http://docs.aws.amazon.com/STS/latest/UsingSTS/STSMgmtConsole-SAML.html Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data
Defense  AWS Access Keys Anyone? o “When I got to GitHub, I checked … and sure enough it [had] my API keys…crap!” o “I reverted the last few commits, and deleted all traces from GitHub … within about 5 minutes.” o “When I woke up the next morning I had four emails from Amazon AWS and a missed phone call … something about 140 servers running on my AWS account.” o “Boom! A $2375 bill” o “Amazon was kind enough to drop the charges this time!” Source: http://www.devfactor.net/2014/12/30/2375-amazon-mistake/ IAM
Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Defense  MFA on AWS root and highly privileged accounts  Separation of Duties & Least Privilege o IAM, VPC Privileges, Route53, etc. o Access to backups and snapshots need special protection  CodeSpaces o “Code Spaces will not be able to operate beyond this point” o “upon seeing us make the attempted recovery of the account [attacker] proceeded to randomly delete artifacts” o “[attacker deleted] all EBS snapshots, S3 buckets, all AMI's, some EBS instances and several machine instances” Source: http://www.darkreading.com/attacks-breaches/code-hosting-service-shuts-down-after-cyber-attack/d/d- id/1278743 IAM
Defense: Incident Response  Investigate without tipping off the attacker  Automate your response, assume the attacker has automated his
Defense  OS / AMI o Use trusted, securely configured AMIs - Update Often (patching) o AWS Marketplace has DISA STIG compliant AMIs o If FIM tests fail: investigate, new instance, isolate old (SG) o Auto-scaling will use the AMI(s) you configure – make sure it’s the right one o SSH Keys / Admin Passwords o Bastion o Prod and non-prod o Managed in your custom AMIs Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch FIM FIM FIM FIM
Defense  NACLs o IPv4 o Stateless o Inbound/Outbound o Soft Limit of 20/20 per subnet o Block 22, 3389, etc. o (Don’t lose hope yet) Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch NACL
Defense  Security Groups o IPv4 o Stateful o Inbound/Outbound o Apply to an instance or group of instances (across AZ) o AWS limits on the number of security groups and rules per security group Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch Security Groups
Defense: Security Groups Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch Source (in) Protocol Port(s) Comment 0.0.0.0/0 TCP 80 HTTP 0.0.0.0/0 TCP 443 HTTPS 0.0.0.0/0 ICMP N/A Ping Default Deny Dest (out) Protocol Port(s) Comment SG_WAF TCP 8080 WAFs Default Deny X
Defense: Security Groups Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch Source (in) Protocol Port(s) Comment BAST_SG ANY All Admin SG_IN_ELB TCP 8888 Internal Default Deny Dest (out) Protocol Port(s) Comment SG_DB TCP 1433 Default Deny
Defense  Bastion Host o Leave it off (Stopped) until you need it Amazon CloudWatch AWS CloudFormation
Cloud Nirvana Do you need admin access to production? o AWS or Bastion o Automation -> APIs, CloudFormationTemplates, Logs
Additional Resources  AWS Security Whitepapers o http://aws.amazon.com/whitepapers/  Re:Invent 2014 - Building a DDoS Resilient Architecture with AWS o https://www.youtube.com/watch?v=OT2y3DzMEmQ  AWS Key Management System o http://aws.amazon.com/kms/  RDS Logging o http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html  AWS QwikLABS o https://run.qwiklab.com/

Recommended

Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 

Recommended

Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
Amazon Web Services
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
Amazon Web Services
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
Amazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
Teri Radichel
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
Amazon Web Services
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
CloudFormation Best Practices
CloudFormation Best PracticesCloudFormation Best Practices
CloudFormation Best Practices
Amazon Web Services
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
Amazon Web Services
 
Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
Amazon Web Services
 
App Development Evolution: What has changed?
App Development Evolution: What has changed? App Development Evolution: What has changed?
App Development Evolution: What has changed?
Dev_Events
 

More Related Content

What's hot

AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
Amazon Web Services
 

What's hot (20)

AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
CloudFormation Best Practices
CloudFormation Best PracticesCloudFormation Best Practices
CloudFormation Best Practices
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 

Viewers also liked

Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
Amazon Web Services
 
Cloud 101: Hands-on Heroku & AWS
Cloud 101: Hands-on Heroku & AWSCloud 101: Hands-on Heroku & AWS
Cloud 101: Hands-on Heroku & AWS
Amine Sadry
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web Services
Dayanand Shanmugham
 
(ENT311) Public IaaS Provider Bake-off: AWS vs Azure | AWS re:Invent 2014
(ENT311) Public IaaS Provider Bake-off: AWS vs Azure | AWS re:Invent 2014(ENT311) Public IaaS Provider Bake-off: AWS vs Azure | AWS re:Invent 2014
(ENT311) Public IaaS Provider Bake-off: AWS vs Azure | AWS re:Invent 2014
Amazon Web Services
 
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingMicrosoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Ilyas F ☁☁☁
 

Viewers also liked (15)

Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
Coding Apps in the Cloud to reduce costs up to 90% - September 2016 Webinar S...
 
App Development Evolution: What has changed?
App Development Evolution: What has changed? App Development Evolution: What has changed?
App Development Evolution: What has changed?
 
Cloud 101: Hands-on Heroku & AWS
Cloud 101: Hands-on Heroku & AWSCloud 101: Hands-on Heroku & AWS
Cloud 101: Hands-on Heroku & AWS
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web Services
 
Cloud service models 101
Cloud service models 101Cloud service models 101
Cloud service models 101
 
(ENT311) Public IaaS Provider Bake-off: AWS vs Azure | AWS re:Invent 2014
(ENT311) Public IaaS Provider Bake-off: AWS vs Azure | AWS re:Invent 2014(ENT311) Public IaaS Provider Bake-off: AWS vs Azure | AWS re:Invent 2014
(ENT311) Public IaaS Provider Bake-off: AWS vs Azure | AWS re:Invent 2014
 
Fortinet
FortinetFortinet
Fortinet
 
Microsoft Azure Platform-as-a-Service (PaaS)
Microsoft Azure Platform-as-a-Service (PaaS)Microsoft Azure Platform-as-a-Service (PaaS)
Microsoft Azure Platform-as-a-Service (PaaS)
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
 
Convert Your Code into a Microservice using AWS Lambda
Convert Your Code into a Microservice using AWS LambdaConvert Your Code into a Microservice using AWS Lambda
Convert Your Code into a Microservice using AWS Lambda
 
深入淺出 AWS 大數據工具
深入淺出 AWS 大數據工具深入淺出 AWS 大數據工具
深入淺出 AWS 大數據工具
 
AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)
 
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingMicrosoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
 
AWS Architecting In The Cloud
AWS Architecting In The CloudAWS Architecting In The Cloud
AWS Architecting In The Cloud
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPT
 

Similar to Cloud Security (AWS)

3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
Amazon Web Services
 
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
himanipatel524244
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Amazon Web Services
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
Amazon Web Services
 
AWSome Day Digital LATAM
AWSome Day Digital LATAMAWSome Day Digital LATAM
AWSome Day Digital LATAM
Amazon Web Services LATAM
 
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACModule 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Amazon Web Services
 

Similar to Cloud Security (AWS) (20)

3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
 
Getting Started on AWS
Getting Started on AWSGetting Started on AWS
Getting Started on AWS
 
Technical Track
Technical TrackTechnical Track
Technical Track
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
01 aws track 1
01 aws track 101 aws track 1
01 aws track 1
 
AWSome Day | Tech Track
AWSome Day | Tech TrackAWSome Day | Tech Track
AWSome Day | Tech Track
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWS
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
AWSome Day Digital LATAM
AWSome Day Digital LATAMAWSome Day Digital LATAM
AWSome Day Digital LATAM
 
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
 
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACModule 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
Staying Secure in the Cloud
Staying Secure in the CloudStaying Secure in the Cloud
Staying Secure in the Cloud
 

Recently uploaded

(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Diya Sharma
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
kojalkojal131
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Delhi Call girls
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 

Recently uploaded (20)

(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 

Cloud Security (AWS)

  • 2. The Cloud IaaS AWS Azure Rackspace VMWare SaaS SalesForce Cloud9 Akamai AppDynamics PaaS Cloud Foundry Google App Engine Azure AWS SalesForce Software & Services Office 365 QuickBase Lynda.com Agility Scalability Resiliency High Availability Security?
  • 3. Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon Web Services (AWS)  Regions Worldwide (11) o Availability Zones (2-3 per Region)  Edge Locations (50+) Behind the Cloud…
  • 4. Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon Web Services (AWS)  Regions Worldwide (11) o Availability Zones (2-3 per Region)  Edge Locations (50+)
  • 5. Security is a Shared Responsibility Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data SaaS Provider Yours  Your responsibility vs. Provider responsibility o Type of service o Contractual agreements  Evaluating Cloud providers o SOC I/II, ISO 27002, PCI, HIPAA o Contractual agreements o Financial limits
  • 6. Security is a Shared Responsibility Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data PaaS Provider Yours Your responsibility vs. Provider responsibility o Type of service o Contractual agreements  Evaluating Cloud providers o SOC I/II, ISO 27002, PCI, HIPAA o Contractual agreements o Financial limits
  • 7. Security is a Shared Responsibility Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data IaaS Provider Yours  Your responsibility vs. Provider responsibility o Type of service o Contractual agreements  Evaluating Cloud providers o SOC I/II, ISO 27002, PCI, HIPAA o Contractual agreements o Financial limits
  • 8. Amazon Web Services (AWS)  IaaS: flexible & complex  AWS offers IaaS, PaaS, and SaaS solutions Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data IaaS PaaS
  • 9. Evaluating Risk Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Where are the biggest risks? Data Verizon DBIR 2014 Incident Classification: Web App Attacks (35%) Extern Discovery (88%) Cyber-Espionage (22%) Extern Discovery (85%) Actions: Stolen Creds (1)(3)(3) Export Data (2)(7)(4) Source: www.verizonenterprise.com/DBIR/2014/ DevOps Users
  • 10. AWS Dashboard, CLIs, APIs AWS CLI Java Python (boto) Node. js
  • 11. DMZ Subnet Priv. Subnet NACL Security Groups Amazon CloudWatch AWS CloudFormation Region: US-East
  • 14. Security in the Cloud  Monitor, Assess, Defend (MAD)  Monitor o Detection is important o Built on a foundation of logs  Assess / Test o Evaluate security controls o Dangerous ground when scanning your app on provider’s infrastructure  Defend o Prevent security incidents from occurring o Raise the bar Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data
  • 16. Monitor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch  Web Application Firewall (WAF) o Bursting thresholds o OWASP Top 10 o Tuned to the application  Application, RDS logs o AuthN/Z o Security related o Anomaly detection  ELB – Log user requests o Anomaly detection
  • 17. Monitor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch  S3 Access Logging o If there is sensitive information in S3 buckets (S3 access logs not part of CloudTrail)  CloudWatch o Availability & performance of EC2 instances
  • 18. Monitor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch  CloudTrail – AWS account actions o Any root account activity o StopLogging / UpdateTrail o Create/DeleteVPC o CreateAccessKey o Privileged Role assignments o DeleteHostedZone o ChangeResourceRecordSet o RunInstance (dramatic change) o Public Security Group modification  IAM o AWS Access Keys o Inventory (owner) / Last recycle date Security
  • 19. Monitor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch  OS / Instances o “Treat them as cattle, not pets” o One of these things is not like the others o Update FIM snapshot • New AMI • New Code o Collect Syslogs / Event logs (forensics) FIM FIM FIM FIM
  • 20. Event Monitoring System  Collect & correlate logs to detect security events o Oh $4!#! principle Amazon CloudWatch
  • 22. Assess / Test  Do you like working with technology, or would you rather make license plates, do laundry, and be watched 24/7 by armed guards… o TALK WITH YOUR CLOUD PROVIDER BEFORE DOING SECURITY TESTING! o GET WRITTEN PERMISSION!
  • 23. Assess / Test  Static code analysis o Secure coding practices o Plain text credentials o AWS access keys  Security architecture reviews o Dev – Sec – Ops?  Cloud Formation Templates o Review before running in production Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data
  • 24. Assess / Test  IAM o Roles • Responsibility o Users / Instances with privileged roles o Separation of duties  EC2 AMIs that are in use  Security Group Configuration  Trusted Advisor Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch Security
  • 27. Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Defense  Contractual agreements  Vendor attestations  Resilient architecture o Decoupled o Auto-Scaling o Multi-AZ o Secure o Automation o Snapshots/backups • EBS, RDS, S3 Users AWS CloudFormation Amazon CloudWatch Priv. Subnet
  • 28. Defense  Encryption: Amazon Key Management Service (KMS) o Centralized key management (CloudTrail) o Encrypt Elastic Block Storage (EBS) without impacting performance o Encrypt credentials or other sensitive data http://aws.amazon.com/kms/ Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch
  • 29. Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Defense  Web Application Firewall (WAF) o Tune and re-tune it o Block malicious traffic o Turn on rate limiting to save $  Evaluate WAF effectiveness by reviewing HTTP request logs Amazon CloudWatch
  • 30. Defense  Use Your Identity Provider o AssumeRoleWithSAML() o Does anyone have time to manage two IdPs?  Limit creation of AWS Access Keys o DevOps – temporary access keys o Applications – EC2 instance roles o Permanent – least privilege • Rotate keys regularly • Scour code and configs Source: http://docs.aws.amazon.com/STS/latest/UsingSTS/STSMgmtConsole-SAML.html Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data
  • 31. Defense  AWS Access Keys Anyone? o “When I got to GitHub, I checked … and sure enough it [had] my API keys…crap!” o “I reverted the last few commits, and deleted all traces from GitHub … within about 5 minutes.” o “When I woke up the next morning I had four emails from Amazon AWS and a missed phone call … something about 140 servers running on my AWS account.” o “Boom! A $2375 bill” o “Amazon was kind enough to drop the charges this time!” Source: http://www.devfactor.net/2014/12/30/2375-amazon-mistake/ IAM
  • 32. Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Defense  MFA on AWS root and highly privileged accounts  Separation of Duties & Least Privilege o IAM, VPC Privileges, Route53, etc. o Access to backups and snapshots need special protection  CodeSpaces o “Code Spaces will not be able to operate beyond this point” o “upon seeing us make the attempted recovery of the account [attacker] proceeded to randomly delete artifacts” o “[attacker deleted] all EBS snapshots, S3 buckets, all AMI's, some EBS instances and several machine instances” Source: http://www.darkreading.com/attacks-breaches/code-hosting-service-shuts-down-after-cyber-attack/d/d- id/1278743 IAM
  • 33. Defense: Incident Response  Investigate without tipping off the attacker  Automate your response, assume the attacker has automated his
  • 34. Defense  OS / AMI o Use trusted, securely configured AMIs - Update Often (patching) o AWS Marketplace has DISA STIG compliant AMIs o If FIM tests fail: investigate, new instance, isolate old (SG) o Auto-scaling will use the AMI(s) you configure – make sure it’s the right one o SSH Keys / Admin Passwords o Bastion o Prod and non-prod o Managed in your custom AMIs Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch FIM FIM FIM FIM
  • 35. Defense  NACLs o IPv4 o Stateless o Inbound/Outbound o Soft Limit of 20/20 per subnet o Block 22, 3389, etc. o (Don’t lose hope yet) Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch NACL
  • 36. Defense  Security Groups o IPv4 o Stateful o Inbound/Outbound o Apply to an instance or group of instances (across AZ) o AWS limits on the number of security groups and rules per security group Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch Security Groups
  • 37. Defense: Security Groups Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch Source (in) Protocol Port(s) Comment 0.0.0.0/0 TCP 80 HTTP 0.0.0.0/0 TCP 443 HTTPS 0.0.0.0/0 ICMP N/A Ping Default Deny Dest (out) Protocol Port(s) Comment SG_WAF TCP 8080 WAFs Default Deny X
  • 38. Defense: Security Groups Physical Facilities Infrastructure Compute & Storage Hypervisor Virtual Network Operating System App Framework Application Data Amazon CloudWatch Source (in) Protocol Port(s) Comment BAST_SG ANY All Admin SG_IN_ELB TCP 8888 Internal Default Deny Dest (out) Protocol Port(s) Comment SG_DB TCP 1433 Default Deny
  • 39. Defense  Bastion Host o Leave it off (Stopped) until you need it Amazon CloudWatch AWS CloudFormation
  • 40. Cloud Nirvana Do you need admin access to production? o AWS or Bastion o Automation -> APIs, CloudFormationTemplates, Logs
  • 41. Additional Resources  AWS Security Whitepapers o http://aws.amazon.com/whitepapers/  Re:Invent 2014 - Building a DDoS Resilient Architecture with AWS o https://www.youtube.com/watch?v=OT2y3DzMEmQ  AWS Key Management System o http://aws.amazon.com/kms/  RDS Logging o http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html  AWS QwikLABS o https://run.qwiklab.com/