SlideShare a Scribd company logo

Aws training in bangalore

Download as PPT, PDF
A
apponix123

Get trained on AWS Essentials & Solutions Architect from Industry Expert Trainers with Placement. Word class labs.

Education
1 of 35
Cloud Security By Apponix Technologies #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
And thanks to Ilja Livenson CSA - Cloud Security Alliance "Security Guidance for Critical Areas of Focus in Cloud Computing" http://www.cloudsecurityalliance.org/guidance "Top Threats to Cloud Computing" http://www.cloudsecurityalliance.org/topthreats ENISA - European Network and Information Security Agency “Cloud Computing: Benefits, Risks and Recommendations for Information Security” http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing- risk-assessment #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
Remember these? Cloud Infrastructure (e.g. Physical/Virtual Hardware) Cloud Infrastructure (e.g. Physical/Virtual Hardware) Cloud Storage (e.g. Database) Cloud Platform (e.g. App Server) Cloud Services (e.g. Web Services) Cloud Services (e.g. Web Services) Cloud Application (e.g. SaaS) Cloud Clients (e.g. Browsers, Devices) #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
Multi-Tenancy #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
#306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
Economies of scale and Security • All kinds of security measures, are cheaper when implemented on a larger scale. E.g. filtering, patch management, hardening of virtual machine instances and hypervisors, etc) • Staff specialization & experience - Cloud providers big enough to hire specialists in dealing with specific security threats. • Timeliness of response to incidents - Updates can be rolled much more rapidly across a homogenous platform • Default VM images and software modules can be updated with the latest patches and security settings. Snapshots of virtual infrastructure (in IaaS) to be taken regularly and compared with a security baseline. "The same amount of investment in security buys better protection" #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
Cloud-based defenses can be more robust, scalable and cost-effective, but.. ....the massive concentrations of resources and data present a more attractive target to attackers
Threats – just to get us started
"It is so easy to get started" Just pick up your credit card and get started on AWS Not many questions asked ..... maybe that's a problem?
Threat #1: Abuse and Nefarious Use of Cloud Computing The problem: Cloud Computing providers (IaaS) are actively being targeted, partially because their relatively weak registration, systems facilitate anonymity, and providers’ fraud detection capabilities are limited. What have happened (so far): • IaaS offerings have hosted the Zeus botnet, InfoStealer trojan horses, and downloads for Microsoft Office and Adobe PDF exploits. • Botnets have used IaaS servers for command and control functions. • Spam continues to be a problem — as a defensive measure, entire blocks of IaaS network addresses have been publicly blacklist. What to do about it: - Stricter initial registration and validation processes. - Enhanced credit card fraud monitoring and coordination. - Comprehensive introspection of customer network traffic. - Monitoring public blacklists for one’s own network blocks.
Threat #1: Abuse and Nefarious Use of Cloud Computing
Threat #2: Insecure Interfaces and APIs The problem: Reliance on a weak set of interfaces and APIs exposes organizations to a variety of security issues related to confidentiality, integrity, availability and accountability. What have happened (so far): Anonymous access and/or reusable tokens or passwords, clear-text authentication or transmission of content, inflexible access controls or improper authorizations, limited monitoring and logging capabilities, unknown service or API dependencies. What to do about it: - Analyze the security model of cloud provider interfaces. - Ensure strong authentication and access controls are implemented in concert with encrypted transmission. - Understand the dependency chain associated with the API.
Threat #3: Malicious Insiders " If you work with a company long enough, eventually you will have access to everything, and no one will know it. "
Sharing cage... Bad neighbors....
Data loss.... • The Microsoft data loss of 2009 resulted in an estimated 800,000 smartphone users in the United States temporarily losing personal data, such as emails, address books and photos from their mobile handsets. • The computer servers holding the data were run by Microsoft. • At the time, it was described as the biggest disaster to affect the concept of cloud computing.
Threat #6: Account or Service Hijacking What to do about it: • Prohibit the sharing of account credentials between users and services. • Leverage strong two-factor authentication techniques where possible. • Employ proactive monitoring to detect unauthorized activity. • Understand cloud provider security policies and SLAs.
Security should be implemented in every layer of the cloud application architecture • Physical security is typically handled by your service provider which is an additional benefit of using the cloud. • Network and application-level security is your responsibility and you should implement the best practices as applicable to your business. • AWS Security Best Practices tells you how.
• If you need to exchange sensitive or confidential information between a browser and a web server, configure SSL on your server instance. • You’ll need a certificate from an external certification authority like VeriSign or Entrust. • The public key included in the certificate authenticates your server to the browser and serves as the basis for creating the shared session key used to encrypt the data in both directions. • Create a Virtual Private Cloud by making a few command line calls (using Amazon VPC). This will enable you to use your own logically isolated resources within the AWS cloud, and then connect those resources directly to your own datacenter using industry-standard encrypted IPSec VPN connections. • You can also setup an OpenVPN server on an Amazon EC2 instance and install the OpenVPN client on all user PCs. Protect your data in transit http://aws.amazon.com/vpc/
• If you are concerned about storing sensitive and confidential data in the cloud, you should encrypt the data (individual files) before uploading it to the cloud. • For example, encrypt the data using any open source or commercial PGP-based tools before storing it as Amazon S3 objects and decrypt it after download. Protect your data at rest
• On Amazon EC2, file encryption depends on the operating system. • Amazon EC2 instances running Windows can use the built-in Encrypting File System (EFS) feature. This feature will handle the encryption and decryption of files and folders automatically and make the process transparent to the users. • If you need a full encrypted volume, consider using the open- source TrueCrypt product; this will integrate very well with NTFS-formatted EBS volumes. • Amazon EC2 instances running Linux can mount EBS volumes using encrypted file systems using variety of approaches (EncFS6, Loop-AES7, dm-crypt8, TrueCrypt9). Protect your data at rest (cont.)
• Regardless of which approach you choose, encrypting files and volumes in Amazon EC2 helps protect files and log data so that only the users and processes on the server can see the data in clear text, but anything or anyone outside the server see only encrypted data. Protect your data at rest (cont.)
• No matter which operating system or technology you choose, encrypting data at rest presents a challenge: managing the keys used to encrypt the data. • If you lose the keys, you will lose your data forever and if your keys become compromised, the data may be at risk. • Therefore, be sure to study the key management capabilities of any products you choose and establish a procedure that minimizes the risk of losing keys. Protect your data at rest (cont.)
Protect your data at rest (cont.) • Besides protecting your data from eavesdropping, also consider how to protect it from disaster. • Take periodic snapshots of Amazon EBS volumes to ensure it is highly durable and available. Snapshots are incremental in nature and stored on Amazon S3 (separate geo-location) and can be restored back with a few clicks or command line calls.
• AWS supplies two types of security credentials: AWS access keys and X.509 certificates. • Your AWS access key has two parts: your access key ID and your secret access key. • When using the REST or Query API, you have to use your secret access key to calculate a signature to include in your request for authentication. • To prevent in-flight tampering, all requests should be sent over HTTPS. Protect your AWS credentials
• If your Amazon Machine Image (AMI) is running processes that need to communicate with other AWS web services (for polling the Amazon SQS queue or for reading objects from Amazon S3, for example), one common design mistake is embedding the AWS credentials in the AMI. • Instead of embedding the credentials, they should be passed in as arguments during launch and encrypted before being sent over the wire. Protect your AWS credentials (cont)
Protect your AWS credentials (cont) • If your secret access key becomes compromised, you should obtain a new one by rotating to a new access key ID. • As a good practice, it is recommended that you incorporate a key rotation mechanism into your application architecture so that you can use it on a regular basis or occasionally (when disgruntled employee leaves the company) to ensure compromised keys can’t last forever.
• Alternately, you can use X.509 certificates for authentication to certain AWS services. • The certificate file contains your public key in a base64-encoded DER certificate body. • A separate file contains the corresponding base64-encoded PKCS#8 private key. Protect your AWS credentials (cont)
• Every Amazon EC2 instance is protected by one or more security groups, named sets of rules that specify which ingress (i.e., incoming) network traffic should be delivered to your instance. • You can specify TCP and UDP ports, ICMP types and codes, and source addresses. • Security groups give you basic firewall-like protection for running instances. Secure your Application (cont.)
Over time, errors in software are discovered and require patches to fix. You should ensure the following basic guidelines to maximize security of your application: • Regularly download patches from the vendor's web site and update your AMIs • Redeploy instances from the new AMIs and test your applications to ensure the patches don't break anything. Ensure that the latest AMI is deployed across all instances Secure your Application (cont.)
• Invest in test scripts so that you can run security checks periodically and automate the process • Ensure that the third-party software is configured to the most secure settings • Never run your processes as root or Administrator login unless absolutely necessary Secure your Application (cont.)
Secure your Application (cont.) • All the standard security practices pre-cloud era like adopting good coding practices, isolating sensitive data are still applicable and should be implemented. • In retrospect, the cloud abstracts the complexity of the physical security from you and gives you the control through tools and features so that you can secure your application.
Summary • Cloud services gives economy of scale = The same amount of investment in security buys better protection • But the massive concentrations of resources and data present a more attractive target to attackers • Cloud providers need to guard against theft or denial of service attacks by users. • Users need to be protected against one another. • And users need to be protected against their cloud providers • The old problems didn't go away, they just got a little bigger
Aws training in bangalore

Recommended

Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure securityZabeel Institute
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSShane Peden
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesAhmad Khan
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Alert Logic
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriOWASP Delhi
 

Recommended

Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure securityZabeel Institute
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSShane Peden
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesAhmad Khan
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Alert Logic
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriOWASP Delhi
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
AWS Security
AWS Security AWS Security
AWS Security Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-securitykartikaryan4
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0CSA Argentina
 
Beginners guide to aws security monitoring
Beginners guide to aws security monitoringBeginners guide to aws security monitoring
Beginners guide to aws security monitoringrahuldesh
 
Denver AWS Users' Group Meetup - May 2020
Denver AWS Users' Group Meetup - May 2020Denver AWS Users' Group Meetup - May 2020
Denver AWS Users' Group Meetup - May 2020David McDaniel
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...Amazon Web Services
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 

More Related Content

What's hot

Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-securitykartikaryan4
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0CSA Argentina
 
Beginners guide to aws security monitoring
Beginners guide to aws security monitoringBeginners guide to aws security monitoring
Beginners guide to aws security monitoringrahuldesh
 
Denver AWS Users' Group Meetup - May 2020
Denver AWS Users' Group Meetup - May 2020Denver AWS Users' Group Meetup - May 2020
Denver AWS Users' Group Meetup - May 2020David McDaniel
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...Amazon Web Services
 

What's hot (20)

Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
 
AWS Security
AWS Security AWS Security
AWS Security
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-security
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0
 
Beginners guide to aws security monitoring
Beginners guide to aws security monitoringBeginners guide to aws security monitoring
Beginners guide to aws security monitoring
 
Denver AWS Users' Group Meetup - May 2020
Denver AWS Users' Group Meetup - May 2020Denver AWS Users' Group Meetup - May 2020
Denver AWS Users' Group Meetup - May 2020
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
 

Similar to Aws training in bangalore

Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Adnene Guabtni
 
Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesAmazon Web Services
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Shivananda Rai
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitAmazon Web Services
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Amazon Web Services
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multipleKiran Kumar
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security SuperheroAmazon Web Services
 

Similar to Aws training in bangalore (20)

Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web Services
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 

More from apponix123

AWS Training in Bangalore, AWS Solutions Architect Courses
AWS Training in Bangalore, AWS Solutions Architect CoursesAWS Training in Bangalore, AWS Solutions Architect Courses
AWS Training in Bangalore, AWS Solutions Architect Coursesapponix123
 
Digital Marketing Training Institute in Bangalore
Digital Marketing Training Institute in BangaloreDigital Marketing Training Institute in Bangalore
Digital Marketing Training Institute in Bangaloreapponix123
 
Web design-traiing-in-bangalore
Web design-traiing-in-bangaloreWeb design-traiing-in-bangalore
Web design-traiing-in-bangaloreapponix123
 
Web design training in bangalore
Web design training in bangaloreWeb design training in bangalore
Web design training in bangaloreapponix123
 
web designing and development training in bangalore
web designing and development training in bangaloreweb designing and development training in bangalore
web designing and development training in bangaloreapponix123
 
Academic projects-in-bangalore
Academic projects-in-bangaloreAcademic projects-in-bangalore
Academic projects-in-bangaloreapponix123
 
Vmware Training in Bangalore | Certification
Vmware Training in Bangalore | CertificationVmware Training in Bangalore | Certification
Vmware Training in Bangalore | Certificationapponix123
 

More from apponix123 (18)

Aws
AwsAws
Aws
 
Python
PythonPython
Python
 
Aws
AwsAws
Aws
 
Python
Python Python
Python
 
Aws
Aws Aws
Aws
 
Python
PythonPython
Python
 
Aws
AwsAws
Aws
 
Python
PythonPython
Python
 
Aws
AwsAws
Aws
 
AWS Training in Bangalore, AWS Solutions Architect Courses
AWS Training in Bangalore, AWS Solutions Architect CoursesAWS Training in Bangalore, AWS Solutions Architect Courses
AWS Training in Bangalore, AWS Solutions Architect Courses
 
Digital Marketing Training Institute in Bangalore
Digital Marketing Training Institute in BangaloreDigital Marketing Training Institute in Bangalore
Digital Marketing Training Institute in Bangalore
 
Azure ppt
Azure pptAzure ppt
Azure ppt
 
Web design-traiing-in-bangalore
Web design-traiing-in-bangaloreWeb design-traiing-in-bangalore
Web design-traiing-in-bangalore
 
Web design training in bangalore
Web design training in bangaloreWeb design training in bangalore
Web design training in bangalore
 
web designing and development training in bangalore
web designing and development training in bangaloreweb designing and development training in bangalore
web designing and development training in bangalore
 
Academic projects-in-bangalore
Academic projects-in-bangaloreAcademic projects-in-bangalore
Academic projects-in-bangalore
 
Assem4
Assem4Assem4
Assem4
 
Vmware Training in Bangalore | Certification
Vmware Training in Bangalore | CertificationVmware Training in Bangalore | Certification
Vmware Training in Bangalore | Certification
 

Recently uploaded

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 

Recently uploaded (20)

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 

Aws training in bangalore

  • 1. Cloud Security By Apponix Technologies #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
  • 2. And thanks to Ilja Livenson CSA - Cloud Security Alliance "Security Guidance for Critical Areas of Focus in Cloud Computing" http://www.cloudsecurityalliance.org/guidance "Top Threats to Cloud Computing" http://www.cloudsecurityalliance.org/topthreats ENISA - European Network and Information Security Agency “Cloud Computing: Benefits, Risks and Recommendations for Information Security” http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing- risk-assessment #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
  • 3. Remember these? Cloud Infrastructure (e.g. Physical/Virtual Hardware) Cloud Infrastructure (e.g. Physical/Virtual Hardware) Cloud Storage (e.g. Database) Cloud Platform (e.g. App Server) Cloud Services (e.g. Web Services) Cloud Services (e.g. Web Services) Cloud Application (e.g. SaaS) Cloud Clients (e.g. Browsers, Devices) #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
  • 4. Multi-Tenancy #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
  • 5. #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
  • 6. Economies of scale and Security • All kinds of security measures, are cheaper when implemented on a larger scale. E.g. filtering, patch management, hardening of virtual machine instances and hypervisors, etc) • Staff specialization & experience - Cloud providers big enough to hire specialists in dealing with specific security threats. • Timeliness of response to incidents - Updates can be rolled much more rapidly across a homogenous platform • Default VM images and software modules can be updated with the latest patches and security settings. Snapshots of virtual infrastructure (in IaaS) to be taken regularly and compared with a security baseline. "The same amount of investment in security buys better protection" #306, 10th Main, 46th Cross, 4th Block Rajajinagar, Bangalore – 560010 M: +91 8050580888
  • 7.
  • 8. Cloud-based defenses can be more robust, scalable and cost-effective, but.. ....the massive concentrations of resources and data present a more attractive target to attackers
  • 9. Threats – just to get us started
  • 10. "It is so easy to get started" Just pick up your credit card and get started on AWS Not many questions asked ..... maybe that's a problem?
  • 11. Threat #1: Abuse and Nefarious Use of Cloud Computing The problem: Cloud Computing providers (IaaS) are actively being targeted, partially because their relatively weak registration, systems facilitate anonymity, and providers’ fraud detection capabilities are limited. What have happened (so far): • IaaS offerings have hosted the Zeus botnet, InfoStealer trojan horses, and downloads for Microsoft Office and Adobe PDF exploits. • Botnets have used IaaS servers for command and control functions. • Spam continues to be a problem — as a defensive measure, entire blocks of IaaS network addresses have been publicly blacklist. What to do about it: - Stricter initial registration and validation processes. - Enhanced credit card fraud monitoring and coordination. - Comprehensive introspection of customer network traffic. - Monitoring public blacklists for one’s own network blocks.
  • 12. Threat #1: Abuse and Nefarious Use of Cloud Computing
  • 13. Threat #2: Insecure Interfaces and APIs The problem: Reliance on a weak set of interfaces and APIs exposes organizations to a variety of security issues related to confidentiality, integrity, availability and accountability. What have happened (so far): Anonymous access and/or reusable tokens or passwords, clear-text authentication or transmission of content, inflexible access controls or improper authorizations, limited monitoring and logging capabilities, unknown service or API dependencies. What to do about it: - Analyze the security model of cloud provider interfaces. - Ensure strong authentication and access controls are implemented in concert with encrypted transmission. - Understand the dependency chain associated with the API.
  • 14. Threat #3: Malicious Insiders " If you work with a company long enough, eventually you will have access to everything, and no one will know it. "
  • 16. Data loss.... • The Microsoft data loss of 2009 resulted in an estimated 800,000 smartphone users in the United States temporarily losing personal data, such as emails, address books and photos from their mobile handsets. • The computer servers holding the data were run by Microsoft. • At the time, it was described as the biggest disaster to affect the concept of cloud computing.
  • 17. Threat #6: Account or Service Hijacking What to do about it: • Prohibit the sharing of account credentials between users and services. • Leverage strong two-factor authentication techniques where possible. • Employ proactive monitoring to detect unauthorized activity. • Understand cloud provider security policies and SLAs.
  • 18.
  • 19. Security should be implemented in every layer of the cloud application architecture • Physical security is typically handled by your service provider which is an additional benefit of using the cloud. • Network and application-level security is your responsibility and you should implement the best practices as applicable to your business. • AWS Security Best Practices tells you how.
  • 20. • If you need to exchange sensitive or confidential information between a browser and a web server, configure SSL on your server instance. • You’ll need a certificate from an external certification authority like VeriSign or Entrust. • The public key included in the certificate authenticates your server to the browser and serves as the basis for creating the shared session key used to encrypt the data in both directions. • Create a Virtual Private Cloud by making a few command line calls (using Amazon VPC). This will enable you to use your own logically isolated resources within the AWS cloud, and then connect those resources directly to your own datacenter using industry-standard encrypted IPSec VPN connections. • You can also setup an OpenVPN server on an Amazon EC2 instance and install the OpenVPN client on all user PCs. Protect your data in transit http://aws.amazon.com/vpc/
  • 21. • If you are concerned about storing sensitive and confidential data in the cloud, you should encrypt the data (individual files) before uploading it to the cloud. • For example, encrypt the data using any open source or commercial PGP-based tools before storing it as Amazon S3 objects and decrypt it after download. Protect your data at rest
  • 22. • On Amazon EC2, file encryption depends on the operating system. • Amazon EC2 instances running Windows can use the built-in Encrypting File System (EFS) feature. This feature will handle the encryption and decryption of files and folders automatically and make the process transparent to the users. • If you need a full encrypted volume, consider using the open- source TrueCrypt product; this will integrate very well with NTFS-formatted EBS volumes. • Amazon EC2 instances running Linux can mount EBS volumes using encrypted file systems using variety of approaches (EncFS6, Loop-AES7, dm-crypt8, TrueCrypt9). Protect your data at rest (cont.)
  • 23. • Regardless of which approach you choose, encrypting files and volumes in Amazon EC2 helps protect files and log data so that only the users and processes on the server can see the data in clear text, but anything or anyone outside the server see only encrypted data. Protect your data at rest (cont.)
  • 24. • No matter which operating system or technology you choose, encrypting data at rest presents a challenge: managing the keys used to encrypt the data. • If you lose the keys, you will lose your data forever and if your keys become compromised, the data may be at risk. • Therefore, be sure to study the key management capabilities of any products you choose and establish a procedure that minimizes the risk of losing keys. Protect your data at rest (cont.)
  • 25. Protect your data at rest (cont.) • Besides protecting your data from eavesdropping, also consider how to protect it from disaster. • Take periodic snapshots of Amazon EBS volumes to ensure it is highly durable and available. Snapshots are incremental in nature and stored on Amazon S3 (separate geo-location) and can be restored back with a few clicks or command line calls.
  • 26. • AWS supplies two types of security credentials: AWS access keys and X.509 certificates. • Your AWS access key has two parts: your access key ID and your secret access key. • When using the REST or Query API, you have to use your secret access key to calculate a signature to include in your request for authentication. • To prevent in-flight tampering, all requests should be sent over HTTPS. Protect your AWS credentials
  • 27. • If your Amazon Machine Image (AMI) is running processes that need to communicate with other AWS web services (for polling the Amazon SQS queue or for reading objects from Amazon S3, for example), one common design mistake is embedding the AWS credentials in the AMI. • Instead of embedding the credentials, they should be passed in as arguments during launch and encrypted before being sent over the wire. Protect your AWS credentials (cont)
  • 28. Protect your AWS credentials (cont) • If your secret access key becomes compromised, you should obtain a new one by rotating to a new access key ID. • As a good practice, it is recommended that you incorporate a key rotation mechanism into your application architecture so that you can use it on a regular basis or occasionally (when disgruntled employee leaves the company) to ensure compromised keys can’t last forever.
  • 29. • Alternately, you can use X.509 certificates for authentication to certain AWS services. • The certificate file contains your public key in a base64-encoded DER certificate body. • A separate file contains the corresponding base64-encoded PKCS#8 private key. Protect your AWS credentials (cont)
  • 30. • Every Amazon EC2 instance is protected by one or more security groups, named sets of rules that specify which ingress (i.e., incoming) network traffic should be delivered to your instance. • You can specify TCP and UDP ports, ICMP types and codes, and source addresses. • Security groups give you basic firewall-like protection for running instances. Secure your Application (cont.)
  • 31. Over time, errors in software are discovered and require patches to fix. You should ensure the following basic guidelines to maximize security of your application: • Regularly download patches from the vendor's web site and update your AMIs • Redeploy instances from the new AMIs and test your applications to ensure the patches don't break anything. Ensure that the latest AMI is deployed across all instances Secure your Application (cont.)
  • 32. • Invest in test scripts so that you can run security checks periodically and automate the process • Ensure that the third-party software is configured to the most secure settings • Never run your processes as root or Administrator login unless absolutely necessary Secure your Application (cont.)
  • 33. Secure your Application (cont.) • All the standard security practices pre-cloud era like adopting good coding practices, isolating sensitive data are still applicable and should be implemented. • In retrospect, the cloud abstracts the complexity of the physical security from you and gives you the control through tools and features so that you can secure your application.
  • 34. Summary • Cloud services gives economy of scale = The same amount of investment in security buys better protection • But the massive concentrations of resources and data present a more attractive target to attackers • Cloud providers need to guard against theft or denial of service attacks by users. • Users need to be protected against one another. • And users need to be protected against their cloud providers • The old problems didn't go away, they just got a little bigger

Editor's Notes

  1. OCCI