Cloud Security.

Slides:

Advertisements

Similar presentations

Using ArcGIS for Server in the Amazon Cloud

Advertisements

The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

AWS Simple Icons v15.9 AWS Simple Icons: Usage Guidelines Check to make sure you have the most recent set of AWS Simple Icons This version was last updated.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Launch Amazon Instance. Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity in the Amazon Web Services (AWS) cloud.

Ahsay 101.  Software company, based in Hong Kong  Founded in 1999  Sells direct to customers and through partners.

WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.

S3 Lifecycle Policies to Glacier

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.

MODULE #8 – Amazon Machine Image [AMI] AWS Administration SUVEN IT  How to create an AWS account ?  How to manage an AWS Console?  Navigating the AWS.

Clouding with Microsoft Azure

Calgary Oracle User Group

AWS BEST PRACTICES Module 3: Security in AWS July 2017.

CLOUD SECURITY Timothy Brown Director, Security & Virtualization

AWS Simple Icons v AWS Simple Icons: Usage Guidelines

Microsoft Azure Virtual Machines

THE BATTLE OF CLOUDS Openstack vs. Amazon

100% Exam Passing Guarantee & Money Back Assurance

Amazon AWS Solution Architect Associate Exam Questions PDF associate.html AWS Solution Training Exam.

Cloud Security– an overview Keke Chen

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

Amazon Storage- S3 and Glacier

Securing the Network Perimeter with ISA 2004

Infrastructure Provisioning Kenon Owens Sr

Power BI Security Best Practices

Design and Implement Cloud Data Platform Solutions

Azure IaaS 101.

Acutelearn Amazon Web Services Training Classroom Training Instructor led trainings at Acutelearn premises Corporate Training Custom tailored trainings.

Compliance and Control of AWS Resources at Scale with Cloud Custodian

Let’s get Started with Your AWS Account

9/18/2018 8:36 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Network Services, Cloud Computing, and Virtualization

Azure Infrastructure as a Service

Cloud Computing ISY143.

Amazon AWS Solution Architect Associate Exam Dumps For Full Exam Info Visit This Link:

AWS DevOps Engineer - Professional dumps.html Exam Code Exam Name.

Where can I download Aws Devops Engineer Professional Exam Study Material - Get Updated Aws Devops Engineer Professional Braindumps Dumps4downlaod.us

Amazon AWS Solution Architect Associate Exam Questions PDF associate-dumps.html AWS Solution Training.

2018 Amazon AWS DevOps Engineer Professional Dumps - DumpsProfessor

Get Amazon AWS-DevOps-Engineer-Professional Exam Real Questions - Amazon AWS-DevOps-Engineer-Professional Dumps Realexamdumps.com

Amazon AWS Certified Solutions Architect Professional Dumps For More Info About Exam Visit This Link:

Migrating Your BI Platform To Azure

Introduction to Cloud Computing

S3 Lifecycle Policies to Glacier

AWS(AMAZON WEB SERVICES - CLOUD)

S3 Lifecycle Policies to Glacier

Data Security for Microsoft Azure

AWS Boulder - Denver Meetup – January 2017

SharePoint Security for the Site Owner

In this session… Introduce what we’re talking about

Increase and Improve your PC management with Windows Intune

Deploying Your First Full Stack Application to the Cloud

Getting Started with Microsoft Azure at CSU

MS AZURE By Sauras Pandey.

Amazon AWS Certified Solutions Architect Professional solutions-architect-professional-practice-test.html.

Cloud Security AWS as an example.

Windows Azure Hybrid Architectures and Patterns

A - E Cloud Enterprise Symbols

Cloud Security AWS as an example.

Designing IIS Security (IIS – Internet Information Service)

Route web traffic using Azure CLI

Cloud and Database Security

Boston Code Camp – April 2019 Jason Haley

Setting up PostgreSQL for Production in AWS

06 | SQL Server and the Cloud

Presentation transcript:

Cloud Security

Agenda Amazon Web Services (AWS) Shared Responsibility Model Azure …. Network Security Access Controls Audit Controls

AWS Shared Responsibility Model -- hardening https://aws.amazon.com/compliance/shared-responsibility-model/

Azure Security Design and operational security https://azure.microsoft.com/en-us/support/trust-center/security/ Design and operational security -- security development lifecycle for their software. Identity and access -- MFA, AD Encryption & key management -- Azure key vault, IPSec protocol for data in transit, encryption for data at rest Penetration testing -- does themselves, has policy for you to do it Network security --Azure virtual network (own datacenter, private IP space, subnets and access control policies) Threat management --Microsoft Antimalware Monitoring, Logging and reporting Azure enables you to collect security events from Azure IaaS and PaaS. You can then use HDInsight to aggregate and analyze these events, and export them to on-premises security information and event management systems for ongoing monitoring. For applications that are deployed in Azure and virtual machines created from the Azure Virtual Machines Gallery, Azure enables a set of operating system security events by default

AWS Management Console Ways to secure? admin End users admin End users WAF corporate data center VPC subnet security group AWS Management Console Web/app EBS EC2 Web/App S3 AMI Database RDS virtual private cloud Limit attack vectors Same: Application, OS, DB (access, audit) Differ: ‘homogenous’ environment (network) Secure backups Same: encryption Differ: Volumes, Snapshots vs. physical security Internal vs. external Same: insider threat, external hackers, bots Differ: automation

Network controls Capabilities Constraints VPC Direct connect Subnets Route Tables NACLs Security Groups Monitoring IPS/IDS Human error Human error e.g. security groups wide open, enabling public IPs on ‘private’ services

Access controls Capabilities Constraints IAM STS Encryption Users, roles, groups Instance profiles STS Encryption KMS, HMS SSL Server-side vs. client-side Account specific IAM Region specific KMS Human error Human error – e.g. sharing keys, publishing access keys on github,

Audit Controls Capabilities Constraints CloudTrail Config Inspector CloudWatch + CloudTrail + Lambda AWS API only Human error – e.g. sharing keys, publishing access keys on github,

Takeaways – checklist from system perspective Define use cases Role based access control Authentication mechanism? Authorization mechanism? Audit mechanism? Encryption at rest Encryption in transit Domain boundary controls What can be automated? How can that be protected and audited?

Takeaways – checklist for evaluating service Access controls? Audit controls? Encryption of data at rest (including backups)? Encryption of data in transit? Network controls? Limits? Example of limit – S3 logging cannot be encrypted. S3 bucket name obfuscation. Route 53 DNS name hashing. SNS spam protection.