SlideShare a Scribd company logo

Mitigating techniques

Richard Harvey
Richard Harvey

The document discusses various AWS security services including Identity and Access Management (IAM) for authorization, VPCs for network security, CloudTrail for auditing API calls, GuardDuty for threat detection, WAF for web application firewall, Shield for DDoS protection, Inspector for security assessments, and Secrets Manager for secrets management. It provides overviews and examples of how to configure and use these services to help secure workloads running on AWS.

Internet
1 of 39
Download to read offline
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Compliance and Security Mitigation Techniques on AWS Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Back to Basics
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Access Management (IAM) Ensure only authorized and authenticated users are able to access resources: • Define users, groups, services and roles • Protect AWS credentials • Use fine grained authorization/access control
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define access Users Groups Services Roles • Think carefully • SAML 2.0 (ADFS) • Define a management policy • Logically group users • Apply group policies • Least privilege access • Be granular • Use roles for instances and functions • Avoid using API keys in code
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting AWS credentials • Establish less-privileged Users • Enable MFA on the root account • Consider federation • Set a password policy • MFA for users and/or certain operations (s3 delete) • Avoid storing API Keys in source control • Use temporary credentials via STS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine grained access control • Establish least privilege principle • Define clear roles for users and roles • Use AWS organizations to centrally manage access
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS IAM - https://aws.amazon.com/iam/ AWS STS - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html AWS Organizations - https://aws.amazon.com/organizations/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC and Subnetting
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure protection Protect network and host level boundaries System security config and management Enforce service-level protection
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect network and host level boundaries VPC considerations: • Subnets to separate workloads • Use NACL’s to prevent access between subnets • Use route tables to deny internet access from protected subnets • Use Security groups to grant access to and from other security groups Limit what you run in public subnets: • ELB/ALB and NLB’s • Bastion hosts • Try and avoid where possible having a system directly accessible from the internet External connectivity for management: • Use VPN gateways to your on premise systems • Direct Connect
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudTrail
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enabled by default
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GuardDuty
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Genera lly a va ila ble toda y
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Instance reconisance • Port probe / accepted comm • Port scan (intra-VPC) • Bruteforce attack (IP) • Tor communications Account compromise • Malicious API call (bad IP) • Tor API call (accepted) • CloudTrail disabled • Password policy change • Instance launch unusual • Region activity unusual • Suspicious console login • Unusual ISP caller • Mutating API calls (create, update, delete) • High volume of describe calls • Unusual IAM user added
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Instance compromise • C&C activity • Malicious domain request • EC2 on threat list • Drop point IP • Malicious comms (ASIS) • Bitcoin mining • Spambot activity • Outbound SSH bruteforce • EC2 Credential Exfiltration • Unusual network port • Unusual traffic volume/direction • Unusual DNS requests • Domain generated algorithms Account reconisance • Tor API call (failed)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Automated response HTTPS CLI CloudWatch Events
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Console
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Console Detailed response • Time • IP Location • Type of action
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Pricing Pricing examples (monthly) US-East (N. VA) / Example 1 GuardDuty processes •40,000,000 events •2,000 GB of VPC Flow logs •1,000 GB of DNS Query Logs Charges = 40 x $4.00 (per 1,000,000 events) + 500 x $1.00 (first 500 GB) + 2,000 x $0.50 (next 2,000 GB) + 500 x $0.25 (over 2,500 GB) = $1,785 per month
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Automated response https://github.com/aws-samples/amazon-guardduty-hands-on
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s WAF? Web Application Firewall Choose WAF behaviors: • Allow all requests except the ones that you specify • Block all requests except the ones that you specify • Count the requests that match the properties that you specify
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF Rules • Protect your API’s and web applications • Preconfigured RuleGroups • OWASP Top 10 mitigations • Bad-bot defenses • Virtual patching against latest CVE’s
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF Examples https://github.com/aws-samples/aws-waf-sample
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Goal Suggested services Protect a web application and RESTful APIs against a DDoS attack Shield Advanced protecting an Amazon CloudFront distribution and an Application Load Balancer Protect a TCP-based application against a DDoS attack Shield Advanced protecting a Network Load Balancer attached to an Elastic IP address Protect a UDP-based game server against a DDoS attack Shield Advanced protecting an Amazon EC2 instance attached to an Elastic IP address
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Active monitoring • Network flow monitoring • Automated application (layer 7) traffic monitoring DDoS mitigations • Helps protect from common DDoS attacks, such as SYN floods and UDP reflection attacks • Access to additional DDoS mitigation capacity Standard and Advanced Standard and Advanced Advanced Advanced
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Visibility and reporting • Layer 3/4 attack notification and attack forensic reports • Layer 3/4/7 attack historical report DDoS response team support • Incident management during high severity events • Custom mitigations during attacks • Post-attack analysis Advanced Advanced Advanced Advanced Advanced
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Cost protection • Reimburse related Route 53, CloudFront, and ELB DDoS charges Price No additional cost for all AWS customers $3,000/month plus additional data transfer fees AWS WAF included at no additional cost Standard Advanced Advanced
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Threat assessment tooling at scale Automate security assessments First reports in minutes Install agent on Linux Install agent on windows https://aws.amazon.com/inspector/getting-started/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector findinds
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle • Secure secrets storage • Automatic secrets rotation without disrupting applications • Programmatic retrieval of secrets • Audit and monitor secrets usage https://aws.amazon.com/secrets-manager/getting-started/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions? Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey

Recommended

Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Amazon Web Services
 
ENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSAmazon Web Services
 
Taking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksTaking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksAmazon Web Services
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)Amazon Web Services
 
Oracle Enterprise Solutions on AWS (GPSCT203) - AWS re:Invent 2018
Oracle Enterprise Solutions on AWS (GPSCT203) - AWS re:Invent 2018Oracle Enterprise Solutions on AWS (GPSCT203) - AWS re:Invent 2018
Oracle Enterprise Solutions on AWS (GPSCT203) - AWS re:Invent 2018Amazon Web Services
 
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksHow to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksAmazon Web Services
 
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018Amazon Web Services
 
Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...
Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...
Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...Amazon Web Services
 

Recommended

Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Amazon Web Services
 
ENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSAmazon Web Services
 
Taking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksTaking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksAmazon Web Services
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)Amazon Web Services
 
Oracle Enterprise Solutions on AWS (GPSCT203) - AWS re:Invent 2018
Oracle Enterprise Solutions on AWS (GPSCT203) - AWS re:Invent 2018Oracle Enterprise Solutions on AWS (GPSCT203) - AWS re:Invent 2018
Oracle Enterprise Solutions on AWS (GPSCT203) - AWS re:Invent 2018Amazon Web Services
 
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksHow to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksAmazon Web Services
 
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018Amazon Web Services
 
Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...
Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...
Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...Amazon Web Services
 
SID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CASID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CAAmazon Web Services
 
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...Amazon Web Services
 
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Amazon Web Services
 
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018Amazon Web Services
 
Perform Diagnostics on Running Instances without Affecting Availability & Rel...
Perform Diagnostics on Running Instances without Affecting Availability & Rel...Perform Diagnostics on Running Instances without Affecting Availability & Rel...
Perform Diagnostics on Running Instances without Affecting Availability & Rel...Amazon Web Services
 
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise Adoption of VMware Cloud on AWS is Accelerating in the Enterprise
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise Amazon Web Services
 
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018Amazon Web Services
 
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018Amazon Web Services
 
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...Amazon Web Services
 
AWS Storage and Edge Processing
AWS Storage and Edge ProcessingAWS Storage and Edge Processing
AWS Storage and Edge ProcessingAmazon Web Services
 
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Amazon Web Services
 
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Amazon Web Services
 
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Amazon Web Services
 
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)Amazon Web Services
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a WeekDEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a WeekAmazon Web Services
 
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...Amazon Web Services
 
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...Amazon Web Services
 
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Amazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 

More Related Content

What's hot

SID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CASID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CAAmazon Web Services
 
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...Amazon Web Services
 
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Amazon Web Services
 
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018Amazon Web Services
 
Perform Diagnostics on Running Instances without Affecting Availability & Rel...
Perform Diagnostics on Running Instances without Affecting Availability & Rel...Perform Diagnostics on Running Instances without Affecting Availability & Rel...
Perform Diagnostics on Running Instances without Affecting Availability & Rel...Amazon Web Services
 
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise Adoption of VMware Cloud on AWS is Accelerating in the Enterprise
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise Amazon Web Services
 
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018Amazon Web Services
 
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018Amazon Web Services
 
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...Amazon Web Services
 
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Amazon Web Services
 
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Amazon Web Services
 
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Amazon Web Services
 
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)Amazon Web Services
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a WeekDEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a WeekAmazon Web Services
 
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...Amazon Web Services
 
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...Amazon Web Services
 
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Amazon Web Services
 

What's hot (20)

SID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CASID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CA
 
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...
Optimizing Lambda@Edge for Performance and Cost Efficiency (CTD405-R2) - AWS ...
 
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
 
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018
Driving Innovation with Serverless Applications (GPSBUS212) - AWS re:Invent 2018
 
Perform Diagnostics on Running Instances without Affecting Availability & Rel...
Perform Diagnostics on Running Instances without Affecting Availability & Rel...Perform Diagnostics on Running Instances without Affecting Availability & Rel...
Perform Diagnostics on Running Instances without Affecting Availability & Rel...
 
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise Adoption of VMware Cloud on AWS is Accelerating in the Enterprise
Adoption of VMware Cloud on AWS is Accelerating in the Enterprise
 
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
 
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
 
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...
Dell EMC Data Protection Enables Simple, Secure Backup & Restore on AWS (STG3...
 
AWS Storage and Edge Processing
AWS Storage and Edge ProcessingAWS Storage and Edge Processing
AWS Storage and Edge Processing
 
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
 
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
 
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018
Infrastructure as Code: AWS Best Practices (DEV411-R3) - AWS re:Invent 2018
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
 
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)
Amazon Redshift 與 Amazon Redshift Spectrum 幫您建立現代化資料倉儲 (Level 300)
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS Services
 
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a WeekDEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
 
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...
Accelerating Application Development with Amazon Aurora (DAT312-R2) - AWS re:...
 
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...
Use Elastic Beanstalk Blue/Green Deployment to Reduce Downtime & Risk (DEV330...
 
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
 

Similar to Mitigating techniques

Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAmazon Web Services
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day OneAmazon Web Services
 
SecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDaySecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDayAmazon Web Services
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfAmazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
 

Similar to Mitigating techniques (20)

Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
How AI is disrupting the world
How AI is disrupting the world How AI is disrupting the world
How AI is disrupting the world
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day One
 
SecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDaySecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDay
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day One
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & Remediation
 
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 

More from Richard Harvey

AWS Identity Access Management
AWS Identity Access ManagementAWS Identity Access Management
AWS Identity Access ManagementRichard Harvey
 
Introducing aws deep lens
Introducing aws deep lensIntroducing aws deep lens
Introducing aws deep lensRichard Harvey
 
Amazon Container Services - Let me count the ways
Amazon Container Services - Let me count the waysAmazon Container Services - Let me count the ways
Amazon Container Services - Let me count the waysRichard Harvey
 
Amazon Container Services
Amazon Container ServicesAmazon Container Services
Amazon Container ServicesRichard Harvey
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and EncryptionRichard Harvey
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
Amazon Workspaces Master Class
Amazon Workspaces Master ClassAmazon Workspaces Master Class
Amazon Workspaces Master ClassRichard Harvey
 
Micro services and Containers
Micro services and ContainersMicro services and Containers
Micro services and ContainersRichard Harvey
 

More from Richard Harvey (20)

Securityhub
SecurityhubSecurityhub
Securityhub
 
Core services
Core servicesCore services
Core services
 
Amplify console
Amplify consoleAmplify console
Amplify console
 
AWS Identity Access Management
AWS Identity Access ManagementAWS Identity Access Management
AWS Identity Access Management
 
Introducing aws deep lens
Introducing aws deep lensIntroducing aws deep lens
Introducing aws deep lens
 
AI Today
AI TodayAI Today
AI Today
 
Re cap2018
Re cap2018Re cap2018
Re cap2018
 
Practical AWS Fargate
Practical AWS FargatePractical AWS Fargate
Practical AWS Fargate
 
Amazon Container Services - Let me count the ways
Amazon Container Services - Let me count the waysAmazon Container Services - Let me count the ways
Amazon Container Services - Let me count the ways
 
Amazon Container Services
Amazon Container ServicesAmazon Container Services
Amazon Container Services
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and Encryption
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
 
Lex and connect
Lex and connectLex and connect
Lex and connect
 
Amazon Workspaces Master Class
Amazon Workspaces Master ClassAmazon Workspaces Master Class
Amazon Workspaces Master Class
 
Micro services and Containers
Micro services and ContainersMicro services and Containers
Micro services and Containers
 
AWS 101 Guide
AWS 101 GuideAWS 101 Guide
AWS 101 Guide
 
About Me
About MeAbout Me
About Me
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud Architecture
 
Cloud Strategy
Cloud StrategyCloud Strategy
Cloud Strategy
 
Cloud War Stories
Cloud War StoriesCloud War Stories
Cloud War Stories
 

Recently uploaded

Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiMonica Sydney
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxResearch Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxi191686
 
Call Girls Mehdipatnam ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Mehdipatnam ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Mehdipatnam ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Mehdipatnam ( 8250092165 ) Cheap rates call girls | Get low budgetkumargunjan9515
 
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...Sareena Khatun
 
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...Sareena Khatun
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...gragchanchal546
 
一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理SS
 
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...Escortgram India
 
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New GirlfriendDubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriendkajalvid75
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 

Recently uploaded (20)

Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxResearch Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
 
Call Girls Mehdipatnam ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Mehdipatnam ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Mehdipatnam ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Mehdipatnam ( 8250092165 ) Cheap rates call girls | Get low budget
 
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
Local Call Girls in Jharsuguda 9332606886 HOT & SEXY Models beautiful and ch...
 
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
 
一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
 
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
Independent Escorts & Call Girls In Aerocity Delhi - 9758998899 - Escortgram ...
 
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New GirlfriendDubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
Dubai Call Girls First Class O525547819 Call Girls Dubai Hot New Girlfriend
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 

Mitigating techniques

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Compliance and Security Mitigation Techniques on AWS Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Back to Basics
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Access Management (IAM) Ensure only authorized and authenticated users are able to access resources: • Define users, groups, services and roles • Protect AWS credentials • Use fine grained authorization/access control
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define access Users Groups Services Roles • Think carefully • SAML 2.0 (ADFS) • Define a management policy • Logically group users • Apply group policies • Least privilege access • Be granular • Use roles for instances and functions • Avoid using API keys in code
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting AWS credentials • Establish less-privileged Users • Enable MFA on the root account • Consider federation • Set a password policy • MFA for users and/or certain operations (s3 delete) • Avoid storing API Keys in source control • Use temporary credentials via STS
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine grained access control • Establish least privilege principle • Define clear roles for users and roles • Use AWS organizations to centrally manage access
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS IAM - https://aws.amazon.com/iam/ AWS STS - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html AWS Organizations - https://aws.amazon.com/organizations/
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC and Subnetting
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure protection Protect network and host level boundaries System security config and management Enforce service-level protection
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect network and host level boundaries VPC considerations: • Subnets to separate workloads • Use NACL’s to prevent access between subnets • Use route tables to deny internet access from protected subnets • Use Security groups to grant access to and from other security groups Limit what you run in public subnets: • ELB/ALB and NLB’s • Bastion hosts • Try and avoid where possible having a system directly accessible from the internet External connectivity for management: • Use VPN gateways to your on premise systems • Direct Connect
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudTrail
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enabled by default
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GuardDuty
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Genera lly a va ila ble toda y
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Instance reconisance • Port probe / accepted comm • Port scan (intra-VPC) • Bruteforce attack (IP) • Tor communications Account compromise • Malicious API call (bad IP) • Tor API call (accepted) • CloudTrail disabled • Password policy change • Instance launch unusual • Region activity unusual • Suspicious console login • Unusual ISP caller • Mutating API calls (create, update, delete) • High volume of describe calls • Unusual IAM user added
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Instance compromise • C&C activity • Malicious domain request • EC2 on threat list • Drop point IP • Malicious comms (ASIS) • Bitcoin mining • Spambot activity • Outbound SSH bruteforce • EC2 Credential Exfiltration • Unusual network port • Unusual traffic volume/direction • Unusual DNS requests • Domain generated algorithms Account reconisance • Tor API call (failed)
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Automated response HTTPS CLI CloudWatch Events
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Console
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Console Detailed response • Time • IP Location • Type of action
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Pricing Pricing examples (monthly) US-East (N. VA) / Example 1 GuardDuty processes •40,000,000 events •2,000 GB of VPC Flow logs •1,000 GB of DNS Query Logs Charges = 40 x $4.00 (per 1,000,000 events) + 500 x $1.00 (first 500 GB) + 2,000 x $0.50 (next 2,000 GB) + 500 x $0.25 (over 2,500 GB) = $1,785 per month
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Automated response https://github.com/aws-samples/amazon-guardduty-hands-on
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s WAF? Web Application Firewall Choose WAF behaviors: • Allow all requests except the ones that you specify • Block all requests except the ones that you specify • Count the requests that match the properties that you specify
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF Rules • Protect your API’s and web applications • Preconfigured RuleGroups • OWASP Top 10 mitigations • Bad-bot defenses • Virtual patching against latest CVE’s
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF Examples https://github.com/aws-samples/aws-waf-sample
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Goal Suggested services Protect a web application and RESTful APIs against a DDoS attack Shield Advanced protecting an Amazon CloudFront distribution and an Application Load Balancer Protect a TCP-based application against a DDoS attack Shield Advanced protecting a Network Load Balancer attached to an Elastic IP address Protect a UDP-based game server against a DDoS attack Shield Advanced protecting an Amazon EC2 instance attached to an Elastic IP address
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Active monitoring • Network flow monitoring • Automated application (layer 7) traffic monitoring DDoS mitigations • Helps protect from common DDoS attacks, such as SYN floods and UDP reflection attacks • Access to additional DDoS mitigation capacity Standard and Advanced Standard and Advanced Advanced Advanced
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Visibility and reporting • Layer 3/4 attack notification and attack forensic reports • Layer 3/4/7 attack historical report DDoS response team support • Incident management during high severity events • Custom mitigations during attacks • Post-attack analysis Advanced Advanced Advanced Advanced Advanced
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Cost protection • Reimburse related Route 53, CloudFront, and ELB DDoS charges Price No additional cost for all AWS customers $3,000/month plus additional data transfer fees AWS WAF included at no additional cost Standard Advanced Advanced
  • 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Threat assessment tooling at scale Automate security assessments First reports in minutes Install agent on Linux Install agent on windows https://aws.amazon.com/inspector/getting-started/
  • 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector findinds
  • 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
  • 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle • Secure secrets storage • Automatic secrets rotation without disrupting applications • Programmatic retrieval of secrets • Audit and monitor secrets usage https://aws.amazon.com/secrets-manager/getting-started/
  • 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
  • 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
  • 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions? Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey
  • 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey