Ultra Secure Data Center with
F5 Big IP on Amazon Cloud
Lahav Savir, Architect & CEO
Emind systems Ltd.
lahavs@emind.co
Emind Systems
• Cloud expert system integrator
• Dedicated Cloud Architects
• Dedicated DevOps teams
• 24x7 SLA powered by...
Advanced Consulting Partner
https://aws.amazon.com/solution-providers/si/emind-systems-ltd
Overview of
Amazon Web Services
2:46 Minutes video
AWS Intro
Architected for Enterprise
Security Requirements
“The Amazon Virtual Private Cloud
[Amazon VPC] was a unique option that
o...
Shared Responsibility for Security
& Compliance
Facilities
Physical Security
Compute Infrastructure
Storage Infrastructure...
What is secure data center ?
• Isolated
• Controlled
• Firewalled
• Secure access
– VPN
– SSL
• IDS & IPS
• Antivirus
• Au...
Emind’s best practices
Access Management
• Control the data flow
– AWS VPC
– ACL
– Routing
– Handle all in/out traffic
• Firewall
– F5 Firewall
–...
ACL & Routing in the VPC
F5 APM
Emind’s best practices
Traffic Control
• Web Applications Security
• Log in / out traffic
• Terminate encrypted connection
• Sanitize in / out pa...
Emind’s best practices
Anomalies detection
• Host-based IDS
– Detect configuration changes
– Track running processes
– Track file integrity & acc...
Emind’s best practices
Data Protection
• In-flight
– SSL encryption
– IPSec
• In-rest
– Storage level encryption
– Data base encryption
Emind’s best practices
Central log
• Need to aggregate
– VPN access logs
– Traffic audit logs
– Network IDS logs
– Host IDS logs
– Anti virus log...
Security lifecycle management
• Ongoing discovery & analysis
– Access
– Traffic
– IDS
– Anti virus
– Encryption keys
• Act...
Emind’s best practices
Contact me
lahavs@emind.co @lahavsavir
054-4321688
Upcoming SlideShare
Loading in …5
×

Build Secure Cloud Solution using F5 BIG-IP on AWS

2,223 views

Published on

Published in: Technology
  • Be the first to comment

Build Secure Cloud Solution using F5 BIG-IP on AWS

  1. 1. Ultra Secure Data Center with F5 Big IP on Amazon Cloud Lahav Savir, Architect & CEO Emind systems Ltd. lahavs@emind.co
  2. 2. Emind Systems • Cloud expert system integrator • Dedicated Cloud Architects • Dedicated DevOps teams • 24x7 SLA powered by DevOps Specialists • ~100 AWS customers • Partnerships with leading cloud vendors
  3. 3. Advanced Consulting Partner https://aws.amazon.com/solution-providers/si/emind-systems-ltd
  4. 4. Overview of Amazon Web Services 2:46 Minutes video
  5. 5. AWS Intro
  6. 6. Architected for Enterprise Security Requirements “The Amazon Virtual Private Cloud [Amazon VPC] was a unique option that offered an additional level of security and an ability to integrate with other aspects of our infrastructure.” Dr. Michael Miller, Head of HPC for R&D
  7. 7. Shared Responsibility for Security & Compliance Facilities Physical Security Compute Infrastructure Storage Infrastructure Network Infrastructure Virtualization Layer Operating System Applications Security Groups Firewalls Network Configuration Account Management + = Customer
  8. 8. What is secure data center ? • Isolated • Controlled • Firewalled • Secure access – VPN – SSL • IDS & IPS • Antivirus • Audited • User management – One time password • Data encryption • Frequent updates • Configuration analysis • Regulatory compliance • One spot for monitoring – Centralized alerts
  9. 9. Emind’s best practices
  10. 10. Access Management • Control the data flow – AWS VPC – ACL – Routing – Handle all in/out traffic • Firewall – F5 Firewall – VPC Security groups • Identity access management – One-time-password – AWS IAM with MFA – F5 Access Policy Management
  11. 11. ACL & Routing in the VPC
  12. 12. F5 APM
  13. 13. Emind’s best practices
  14. 14. Traffic Control • Web Applications Security • Log in / out traffic • Terminate encrypted connection • Sanitize in / out packets – Real-time decisions – Accept / reject connections – Rate limiting
  15. 15. Emind’s best practices
  16. 16. Anomalies detection • Host-based IDS – Detect configuration changes – Track running processes – Track file integrity & access – Resource access – Detect abnormal behaviors • OS hardening • App cleanup
  17. 17. Emind’s best practices
  18. 18. Data Protection • In-flight – SSL encryption – IPSec • In-rest – Storage level encryption – Data base encryption
  19. 19. Emind’s best practices
  20. 20. Central log • Need to aggregate – VPN access logs – Traffic audit logs – Network IDS logs – Host IDS logs – Anti virus logs • Detect patterns
  21. 21. Security lifecycle management • Ongoing discovery & analysis – Access – Traffic – IDS – Anti virus – Encryption keys • Act on analysis results • Reveal and solve settings • Make them all orchestrate together !
  22. 22. Emind’s best practices
  23. 23. Contact me lahavs@emind.co @lahavsavir 054-4321688

×