SlideShare a Scribd company logo

Denver AWS Users' Group Meetup - May 2020

David McDaniel
David McDaniel

Denver AWS Users' Group May 2020 Cloud Security 101: AWS Tools and Services

Technology
1 of 14
Download to read offline
AWS Users’ Group May 2020! David “Mac” McDaniel Director, Cloud Professional Services -- Qwinix Technologies mac@qwinix.io david@mobile-360.com LinkedIn: https://www.linkedin.com/in/davidbmcdaniel Twitter: @ServerlessJava, @DenverAWSUG
Agenda for Tonight ● Communication Items ● Upcoming Meetups ● Resources ● Tonight’s Topic: AWS Security 101: AWS Tools and Services
Communication Items Slack Channel: https://DenverAWSUsersGroup.slack.com, email me at david@mobile-360.com for an invite. We now have our own Twitter handle: @DenverAWSUG. Please follow and we’ll post updates and surveys there as well! We are now listed on AWS UG site: https://aws.amazon.com/usergroups/americas/ Announcements: Please email me announcements at least the day before the Meetup!
Tools: ● IAM Policy Generator ● IAM Security Assessment tool AWS Updates -- All about Security ● CloudTrail simplifies ● AWS SSO zero-down cert rotation ● WorkMail flows using Lambda ● Enhanced DirectConnect monitoring ● Enhanced Macie w/reduced pricing ● Fraud Detector - catching fraud faster
Main Topic! AWS Security 101: AWS Tools and Services
What is Cloud Security? Cloud security is the protection of data stored online via cloud computing platforms from theft, leakage, and deletion.
Security Categories Identity & Access Mgt Detective Controls Infrastructure Protection Data Protection Audit Controls ??
Categories of Security Tools Identity and Access Management: Managing authentication and authorization to resources Detective Controls: Identify existing vulnerabilities and activities Infrastructure Protection: Defends against DDos, malicious web traffic Data Protection: Auto discover sensitive data, encryption key management Audit Controls: Secured audit logs Network Security: Firewalls, IDS/IPS, private connectivity
Identity and Access Management IAM best practices for security: ● Complex passwords - passwords are the weakest link ● Least-privilege permission model ● Password rotation on regular schedule ● MFA/2FA: ○ Best: Hardware token like Ubikey supporting FIDO2 standard ○ Good: Mobile-phone based Authenticator application ○ Bad: SMS-based OTC (One-Time Codes) ● SSO Integration - AD, Okta, Ping, many choices - fewer passwords means less reuse - #1 problem ● Access Analyzer - Helps maintain least privilege permission model
Detective Controls These are services that notify and sometimes prevent threats as they occur. AWS Security Hub: Aggregated security findings from services and partner applications. Automate handling of security incidents. Amazon GuardDuty: Continuous threat and anomaly detection using ML across Cloud Trail, VPC flow logs, DNS logs. Amazon Inspector: Automatic assess applications for exposure, vulnerabilities and deviations from best practices. Unintended network accessibility, remote root, etc. Amazon Detective: Uses ML to help conduct faster and more efficient investigations.
Infrastructure Protection AWS Shield: Advanced, managed DDoS infrastructure protecting your infrastructure AWS WAF (Web Application Firewall): Content-level filtering for things like SQL Injections, MITM or replay attacks. Implements OWASP Top 10 and other rules Automates responses such as permanent or temporary IP banning. AWS Firewall Manager: Centrally manage AWS WAF and AWS Managed WAF Rules. Still distributed infrastructure, but makes managing much easier. DirectConnect & Site-to-site VPN: Provides private connectivity between your site or datacenter and AWS, preventing traffic from ever hitting the public internet.
Data Protection Amazon Macie: Discover and protect sensitive data in S3. Helps meet compliance regulations such as HIPAA, GDPR, CCPA etc. AWS KMS: Manage encryption keys, enable auto-rotation and termination. AWS Certificate Manager: Free SSL/TLS encryption keys for some AWS services (LBs, CloudFront, API GW, etc) but not EC2 directly. Both public and private key management. AWS Secrets Manager: Secure, scalable secret management, with auto-update/rotation including sync to RDS.
Summary All of these tools are a great place to start. No single tool or provider will get you everything you may need. During the Covid-19 pandemic, there has been a large increase in the attacks of home networks because of the weaker security. Tools exist to hack ISP’s routers and sometimes even install viruses. Employee’s personal computers should never be granted access to corporate resources as you don’t have control over what is installed and who has access. Implement second network within home for work computers with higher level of security measures. Remember that, sadly, people are the weakest link in security. We all need to help people be better!
Questions?

Recommended

AWS Security
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
Mark Nunnikhoven
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to Security
Security Innovation
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-security
kartikaryan4
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
 

Recommended

AWS Security
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
Mark Nunnikhoven
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to Security
Security Innovation
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-security
kartikaryan4
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
AWS Security
AWS SecurityAWS Security
AWS Security
Vijayendra Bhati
 
Austin CSS Slalom Presentation
Austin CSS Slalom PresentationAustin CSS Slalom Presentation
Austin CSS Slalom Presentation
Alert Logic
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
Alert Logic
 
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
Alert Logic
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
Alert Logic
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
Alert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and Compliance
Gaurav "GP" Pal
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
Security Innovation
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
Amazon Web Services
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
Alert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
LalitMohanSharma8
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
Amazon Web Services
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
Alert Logic
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the Cloud
Alert Logic
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
Amazon Web Services
 
Beginners guide to aws security monitoring
Beginners guide to aws security monitoringBeginners guide to aws security monitoring
Beginners guide to aws security monitoring
rahuldesh
 
AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9
Amazon Web Services
 

More Related Content

What's hot

How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
Amazon Web Services
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
Amazon Web Services
 

What's hot (20)

AWS Security
AWS SecurityAWS Security
AWS Security
 
Austin CSS Slalom Presentation
Austin CSS Slalom PresentationAustin CSS Slalom Presentation
Austin CSS Slalom Presentation
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and Compliance
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the Cloud
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
 

Similar to Denver AWS Users' Group Meetup - May 2020

Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
Amazon Web Services
 
Cloud computing & Security presentation
Cloud computing & Security presentationCloud computing & Security presentation
Cloud computing & Security presentation
Parveen Yadav
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Amazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
Amazon Web Services
 

Similar to Denver AWS Users' Group Meetup - May 2020 (20)

Beginners guide to aws security monitoring
Beginners guide to aws security monitoringBeginners guide to aws security monitoring
Beginners guide to aws security monitoring
 
AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
Cloud computing & Security presentation
Cloud computing & Security presentationCloud computing & Security presentation
Cloud computing & Security presentation
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017
 
Understanding AWS Security
Understanding AWS Security Understanding AWS Security
Understanding AWS Security
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
AWS Summit Singapore - Next Generation Security
AWS Summit Singapore - Next Generation SecurityAWS Summit Singapore - Next Generation Security
AWS Summit Singapore - Next Generation Security
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWS
 

More from David McDaniel

More from David McDaniel (15)

January 2020 - re:Invent reCap slides - Denver Amazon Web Services Users' Group
January 2020 - re:Invent reCap slides - Denver Amazon Web Services Users' GroupJanuary 2020 - re:Invent reCap slides - Denver Amazon Web Services Users' Group
January 2020 - re:Invent reCap slides - Denver Amazon Web Services Users' Group
 
Denver AWS Meetup - March 2019 slides
Denver AWS Meetup - March 2019 slidesDenver AWS Meetup - March 2019 slides
Denver AWS Meetup - March 2019 slides
 
Denver AWS Meetup - February 2019
Denver AWS Meetup - February 2019Denver AWS Meetup - February 2019
Denver AWS Meetup - February 2019
 
Denver AWS Users' Group Meetup - October 2018
Denver AWS Users' Group Meetup - October 2018Denver AWS Users' Group Meetup - October 2018
Denver AWS Users' Group Meetup - October 2018
 
Denver AWS Meetup -- August 2018
Denver AWS Meetup -- August 2018Denver AWS Meetup -- August 2018
Denver AWS Meetup -- August 2018
 
Denver AWS Users' Group Meeting - July 2018 Slides - Cloud Optimization
Denver AWS Users' Group Meeting - July 2018 Slides - Cloud OptimizationDenver AWS Users' Group Meeting - July 2018 Slides - Cloud Optimization
Denver AWS Users' Group Meeting - July 2018 Slides - Cloud Optimization
 
Denver AWS Users' Group Meeting - July 2018 Slides
Denver AWS Users' Group Meeting - July 2018 SlidesDenver AWS Users' Group Meeting - July 2018 Slides
Denver AWS Users' Group Meeting - July 2018 Slides
 
Denver AWS Users' Group Meeting - May 2018 Slides
Denver AWS Users' Group Meeting - May 2018 SlidesDenver AWS Users' Group Meeting - May 2018 Slides
Denver AWS Users' Group Meeting - May 2018 Slides
 
Denver AWS Users' Group meeting - September 2017
Denver AWS Users' Group meeting - September 2017Denver AWS Users' Group meeting - September 2017
Denver AWS Users' Group meeting - September 2017
 
July 2017 Meeting of the Denver AWS Users' Group
July 2017 Meeting of the Denver AWS Users' GroupJuly 2017 Meeting of the Denver AWS Users' Group
July 2017 Meeting of the Denver AWS Users' Group
 
June 2017 Denver AWS Users' Group intro slides
June 2017 Denver AWS Users' Group intro slidesJune 2017 Denver AWS Users' Group intro slides
June 2017 Denver AWS Users' Group intro slides
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
May 2017
May 2017May 2017
May 2017
 
January 2017 - Deep dive on AWS Lambda and DevOps
January 2017 - Deep dive on AWS Lambda and DevOpsJanuary 2017 - Deep dive on AWS Lambda and DevOps
January 2017 - Deep dive on AWS Lambda and DevOps
 
October 2016
October 2016October 2016
October 2016
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Denver AWS Users' Group Meetup - May 2020

  • 1. AWS Users’ Group May 2020! David “Mac” McDaniel Director, Cloud Professional Services -- Qwinix Technologies mac@qwinix.io david@mobile-360.com LinkedIn: https://www.linkedin.com/in/davidbmcdaniel Twitter: @ServerlessJava, @DenverAWSUG
  • 2. Agenda for Tonight ● Communication Items ● Upcoming Meetups ● Resources ● Tonight’s Topic: AWS Security 101: AWS Tools and Services
  • 3. Communication Items Slack Channel: https://DenverAWSUsersGroup.slack.com, email me at david@mobile-360.com for an invite. We now have our own Twitter handle: @DenverAWSUG. Please follow and we’ll post updates and surveys there as well! We are now listed on AWS UG site: https://aws.amazon.com/usergroups/americas/ Announcements: Please email me announcements at least the day before the Meetup!
  • 4. Tools: ● IAM Policy Generator ● IAM Security Assessment tool AWS Updates -- All about Security ● CloudTrail simplifies ● AWS SSO zero-down cert rotation ● WorkMail flows using Lambda ● Enhanced DirectConnect monitoring ● Enhanced Macie w/reduced pricing ● Fraud Detector - catching fraud faster
  • 5. Main Topic! AWS Security 101: AWS Tools and Services
  • 6. What is Cloud Security? Cloud security is the protection of data stored online via cloud computing platforms from theft, leakage, and deletion.
  • 8. Categories of Security Tools Identity and Access Management: Managing authentication and authorization to resources Detective Controls: Identify existing vulnerabilities and activities Infrastructure Protection: Defends against DDos, malicious web traffic Data Protection: Auto discover sensitive data, encryption key management Audit Controls: Secured audit logs Network Security: Firewalls, IDS/IPS, private connectivity
  • 9. Identity and Access Management IAM best practices for security: ● Complex passwords - passwords are the weakest link ● Least-privilege permission model ● Password rotation on regular schedule ● MFA/2FA: ○ Best: Hardware token like Ubikey supporting FIDO2 standard ○ Good: Mobile-phone based Authenticator application ○ Bad: SMS-based OTC (One-Time Codes) ● SSO Integration - AD, Okta, Ping, many choices - fewer passwords means less reuse - #1 problem ● Access Analyzer - Helps maintain least privilege permission model
  • 10. Detective Controls These are services that notify and sometimes prevent threats as they occur. AWS Security Hub: Aggregated security findings from services and partner applications. Automate handling of security incidents. Amazon GuardDuty: Continuous threat and anomaly detection using ML across Cloud Trail, VPC flow logs, DNS logs. Amazon Inspector: Automatic assess applications for exposure, vulnerabilities and deviations from best practices. Unintended network accessibility, remote root, etc. Amazon Detective: Uses ML to help conduct faster and more efficient investigations.
  • 11. Infrastructure Protection AWS Shield: Advanced, managed DDoS infrastructure protecting your infrastructure AWS WAF (Web Application Firewall): Content-level filtering for things like SQL Injections, MITM or replay attacks. Implements OWASP Top 10 and other rules Automates responses such as permanent or temporary IP banning. AWS Firewall Manager: Centrally manage AWS WAF and AWS Managed WAF Rules. Still distributed infrastructure, but makes managing much easier. DirectConnect & Site-to-site VPN: Provides private connectivity between your site or datacenter and AWS, preventing traffic from ever hitting the public internet.
  • 12. Data Protection Amazon Macie: Discover and protect sensitive data in S3. Helps meet compliance regulations such as HIPAA, GDPR, CCPA etc. AWS KMS: Manage encryption keys, enable auto-rotation and termination. AWS Certificate Manager: Free SSL/TLS encryption keys for some AWS services (LBs, CloudFront, API GW, etc) but not EC2 directly. Both public and private key management. AWS Secrets Manager: Secure, scalable secret management, with auto-update/rotation including sync to RDS.
  • 13. Summary All of these tools are a great place to start. No single tool or provider will get you everything you may need. During the Covid-19 pandemic, there has been a large increase in the attacks of home networks because of the weaker security. Tools exist to hack ISP’s routers and sometimes even install viruses. Employee’s personal computers should never be granted access to corporate resources as you don’t have control over what is installed and who has access. Implement second network within home for work computers with higher level of security measures. Remember that, sadly, people are the weakest link in security. We all need to help people be better!