12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Slides:

Advertisements

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Advertisements

Driving Factors Security Risk Mgt Controls Compliance.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Guide to Network Defense and Countermeasures Second Edition

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Payment Card Industry (PCI) Data Security Standard

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

5205 – IT Service Delivery and Support

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Course 201 – Administration, Content Inspection and SSL VPN

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

Module 14: Configuring Server Security Compliance

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Chapter 6 of the Executive Guide manual Technology.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Chapter 12 Operating System Security Strategies The 2010 Australian Signals Directorate (ASD) lists the “Top 35 Mitigation Strategies” Over 85% of.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.

Introduction to Information Security

Defense in Depth. 1.A well-structured defense architecture treats security of the network like an onion. When you peel away the outermost layer, many.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

Cyber Security for the Smart Grid™ N-Dimension Solutions Lemnos Interoperability Demo August 2011.

Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Chapter 12 Operating System Security. Possible for a system to be compromised during the installation process before it can install the latest patches.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

Stop Those Prying Eyes Getting to Your Data

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

Security+ All-In-One Edition Chapter 1 – General Security Concepts

VIRTUALIZATION & CLOUD COMPUTING

Securing the Network Perimeter with ISA 2004

CompTIA Security+ Study Guide (SY0-401)

I have many checklists: how do I get started with cyber security?

Unit 27: Network Operating Systems

Server-to-Client Remote Access and DirectAccess

Modern DevOps and security

IS4680 Security Auditing for Compliance

Identity & Access Management

How to Mitigate the Consequences What are the Countermeasures?

Designing IIS Security (IIS – Internet Information Service)

6. Application Software Security

IT Management Services Infrastructure Services

Presentation transcript:

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Step 1: Know your responsibility Cloud providers are responsible for some parts of the infrastructure stack. The other parts of the security stack is your responsibility. You are usually responsible for Application Security, Policies and configuration, machine images etc.

Step 2. Protect your Network Use Defense in Depth and services like: Virtual Private Clouds Network ACLs Routing rules Proxy Servers NAT Firewalls Application Host Network

Step 3: Protect your Machine Images Be sure your harden your images first Turn off insecure ports and services Change default passwords. Install AV Software Consider using a Baseline

Step 4: Protect your Data at Rest Know the different Cloud storage mechanisms and their Security implications. De-Identify when possible Understand the choices of Encryption primitives like key strength and Ciphers types. Don’t forget Secure Archival and Disposal of Data.

Step 5: Protect your Data in Transit Use secure application protocols whenever possible. TLS SSH RDP Securely Tunnel traffic when not possible: IPSEC SSL VPN SSH Use a Key Management System

Step 6: Protect and Patch your Instances Define and Categorize Cloud based assets Watch out for Zero Days Classify Risk Patch Affected Systems Use a Configuration Management System

Step 7: Protect Access to your Instances Create Individual User accounts Use Role based Access Grant Least privilege based on Business Need Enable Multi-Factor Authentication for Privileged Users Audit all User Activity Federate all User Access through a Directory Service

Step 8: Protect your Applications Implement AAA (Authentication, Authorization and Auditing). Familiarize yourself with the OWASP Top 10 Application Security Flaws. Follow Secure Development Best Practices.

Step 9: Audit and Monitor your Cloud Gather monitoring data at a secure and separate Network Establish baselines Monitor all layers and Protocols Deploy the IDS behind the Network firewall Fine tune alert levels Use redundant alerting channels

Step 10: Validate your Protection Test Network, Infrastructure and Applications separately for Security Vulnerabilities periodically Check for Input validation, session manipulation, authentication and information leakage Use 3 rd Party Tools where possible

Step 11: Automate Everything Use a Configuration Management System Employ Continuous Integration and Delivery. Automated Provisioning helps: Documentation BCP/DR Planning Change Management Treat Infrastructure as Code.

Step 12: Update your Security Policy Define security scope and boundaries Select proper risk Assessment Methodology. Align policies to Contractual Obligations Choose a suitable Security control framework

Step 13 ? There is no magic bullet! Some things are easier and some are harder in the Cloud Conventional security and compliance concepts still apply in the cloud. The 12 Steps will get your started on your continuous security improvement cycle

Resources         effective-devops/ effective-devops/ 

Thank You Vishnu Vettrivel Principal Engineering xpatterns.com linkedin.com/ company/atigeo