Migrating from the data center to the cloud requires us to rethink much of what we do to secure our applications. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, you need to adapt your security architecture to meet both compliance and security threats.
In the presentation we will cover topics including:
- Minimizing attack vectors and surface area
- Perimeter assessments of your VPCs
- Internal vs. External threats
- Monitoring threats
- Re-evaluating Intrusion Detection, Activity Monitoring, and Vulnerability Assessment in AWS
Migrating from the data center to the cloud requires users to rethink much of what they do to secure their applications. CloudCheckr CTO Aaron Newman will highlight effective strategies and tools that AWS users can employ to improve their security posture. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, users need to adapt their security architecture to face both compliance and security threats. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Session sponsored by CloudCheckr.
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing's configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.
Migrating from the data center to the cloud requires users to rethink much of what they do to secure their applications. CloudCheckr COO Aaron Klein will highlight effective strategies and tools that AWS users can employ to improve their security posture. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, users need to adapt their security architecture to face both compliance and security threats. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Session sponsored by CloudCheckr.
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
In this session, we share best practices and easily-leveraged solutions for enacting autonomous systems in the face of subversion. From gag orders to warrantless searches and seizures, learn about specific tactics to protect and exercise data privacy, both for partners and customers.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
Migrating from the data center to the cloud requires users to rethink much of what they do to secure their applications. CloudCheckr CTO Aaron Newman will highlight effective strategies and tools that AWS users can employ to improve their security posture. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, users need to adapt their security architecture to face both compliance and security threats. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Session sponsored by CloudCheckr.
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing's configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.
Migrating from the data center to the cloud requires users to rethink much of what they do to secure their applications. CloudCheckr COO Aaron Klein will highlight effective strategies and tools that AWS users can employ to improve their security posture. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, users need to adapt their security architecture to face both compliance and security threats. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Session sponsored by CloudCheckr.
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
In this session, we share best practices and easily-leveraged solutions for enacting autonomous systems in the face of subversion. From gag orders to warrantless searches and seizures, learn about specific tactics to protect and exercise data privacy, both for partners and customers.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAmazon Web Services
This webinar reviews our new Remote Desktop Gateway Reference Implementation Guide which will help you deploy Remote Desktop Gateway on AWS in about an hour. Included is an overview of the reference architecture, best practices for securely accessing your Windows-based instances using the Remote Desktop Protocol (RDP) for remote administration. Also provided are AWS CloudFormation templates to help automate deployment.
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...Amazon Web Services
In this workshop, we help you understand how you can help protect your web applications from threats cost effectively by using AWS WAF and Amazon CloudFront. As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated and automated, having an effective web request filtering solution becomes key to keeping your users' data safe. We will cover common attack vectors and what you can do to mitigate them. You will learn how to leverage AWS WAF in conjunction with Amazon CloudFront to detect unwanted traffic and block it using simple configurations and automations.
Prerequisites:
Participants should have an AWS account established and available for use during the workshop.
Please bring your own laptop.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
SEC303 Automating Security in cloud Workloads with DevSecOpsAmazon Web Services
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
Learn how to use AWS X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services.
Microsoft Active Directory is the foundation for distributed networks built on Windows Server. Learn how our new Active Directory Reference Implementation Guide can help you deploy highly available AD Domain Services on AWS in about an hour.
Included will be an overview of the reference architecture, implementation guide, and Cloud Formation templates, which automate much of the process. Two scenarios are covered: one fully cloud-based and one hybrid, using AWS Direct Connect to extend an existing on-premises AD solution into the AWS Cloud.
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
In this session, we will help you use existing and recently launched services to automate configuration governance so that security is embedded in the development process. We outline four easy steps (Control, Monitor, Fix, and Audit) and demonstrate how different services can be used to meet your governance needs.
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Amazon Web Services
(Presented by Alert Logic) AWS provides multiple levels of security between the physical server and facilities up to the host operating system and virtualization layer. This session covers strategies for ensuring your applications, network, and data are secure in a highly-scalable environment.
In this session, you receive practical guidance for implementing scalable web application security in the AWS cloud, including:
-Common techniques and tools used to provide security for auto-scaling web applications including Chef/Puppet, AWS CloudFormation, and Elastic Load Balancing.
-Using auto-scaling groups and requirements for management APIs in automatically deploying web security infrastructure.
-Common scaling triggers and mechanisms by which web application security infrastructure must scale to operate in lockstep with elastic web server farms.
-Approach for deploying application security controls embedded directly into web applications, and considerations for PaaS cloud environments.
This session is designed for an advanced audience with strong understanding of IP networking, web application security fundamentals, and experience in managing security infrastructure in a public cloud environment; however, the information covered is also of interest to intermediate attendees that set technology strategy and formulate requirements for cloud security controls.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
(ARC401) Cloud First: New Architecture for New InfrastructureAmazon Web Services
What do companies with internal platforms have to change to succeed in the cloud? The five pillars at the heart of IT solutions in the cloud are automation, fault tolerance, horizontal scalability, security, and cost-effectiveness. This talk discusses tools that facilitate the development and automate the deployment of secure, highly available microservices. The tools were developed using AWS CloudFormation, AWS SDKs, AWS CLI, Amazon RDS, and various open-source software such as Docker. The talk provides concrete examples of how these tools can help developers and architects move from beginning/intermediate AWS practitioners to cloud deployment experts.
February 2016 Webinar Series - Introducing VPC Support for AWS LambdaAmazon Web Services
You can now access resources within a Virtual Private Cloud (VPC) using AWS Lambda.
In this webinar, we will show how you can enable your AWS Lambda functions to access resources in a VPC. We will walk through the configuration details on how to set up this functionality, and we will demonstrate two sample scenarios. We will also discuss best practices of how to use AWS Lambda in a VPC and sample application designs.
Learning Objectives:
Learn how to access resources in a VPC with AWS Lambda
Who Should Attend:
Developers
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Amazon RDS allows customers to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. Amazon RDS provides you six familiar database engines to choose from, including Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB. In this session we will take a closer look at the capabilities of RDS and all the different options available. We will do a deep dive into how RDS works and how Aurora differs from the rest of the engines.
AWS re:Invent 2016: Amazon CloudWatch Logs and AWS Lambda: A Match Made in He...Amazon Web Services
In this session, we cover three common scenarios that include Amazon CloudWatch Logs and AWS Lambda. First, you learn how to build an Elasticsearch cluster from historical data using Amazon S3, Lambda, and CloudWatch Logs. Next, you learn how to add details to CloudWatch alarm notifications using Amazon SNS and Lambda. Finally, we show you how to bring Elastic Load Balancing logs to CloudWatch Logs using S3 bucket triggers from Lambda.
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...Amazon Web Services
AWS IAM and Amazon VPC offer powerful tools that help you adhere to the principle of least privilege in your resource permissions and network security settings. This workshop will start with the fundamentals of IAM and VPC security techniques and will give you hands-on experience in writing, testing, applying, troubleshooting, and auditing progressively more tightly scoped IAM policies. You will also get experience building and monitoring VPC security groups that grant only the access required to perform tasks.
Migrating from the data center to the cloud requires us to rethink much of what we do to secure our applications. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, you need to adapt your security architecture to meet both compliance and security threats. In the presentation we will cover topics including: - Minimize attack vectors and surface area - Perimeter assessments of your VPCs - Internal vs. External threats - Monitoring threats - Re-evaluating Intrusion Detection, Activity Monitoring, and Vulnerability Assessment in AWS
The population growth rate is the rate at which the number of individuals in a population increases in a given time period as a fraction of the initial population
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAmazon Web Services
This webinar reviews our new Remote Desktop Gateway Reference Implementation Guide which will help you deploy Remote Desktop Gateway on AWS in about an hour. Included is an overview of the reference architecture, best practices for securely accessing your Windows-based instances using the Remote Desktop Protocol (RDP) for remote administration. Also provided are AWS CloudFormation templates to help automate deployment.
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...Amazon Web Services
In this workshop, we help you understand how you can help protect your web applications from threats cost effectively by using AWS WAF and Amazon CloudFront. As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated and automated, having an effective web request filtering solution becomes key to keeping your users' data safe. We will cover common attack vectors and what you can do to mitigate them. You will learn how to leverage AWS WAF in conjunction with Amazon CloudFront to detect unwanted traffic and block it using simple configurations and automations.
Prerequisites:
Participants should have an AWS account established and available for use during the workshop.
Please bring your own laptop.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
SEC303 Automating Security in cloud Workloads with DevSecOpsAmazon Web Services
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
Learn how to use AWS X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services.
Microsoft Active Directory is the foundation for distributed networks built on Windows Server. Learn how our new Active Directory Reference Implementation Guide can help you deploy highly available AD Domain Services on AWS in about an hour.
Included will be an overview of the reference architecture, implementation guide, and Cloud Formation templates, which automate much of the process. Two scenarios are covered: one fully cloud-based and one hybrid, using AWS Direct Connect to extend an existing on-premises AD solution into the AWS Cloud.
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
In this session, we will help you use existing and recently launched services to automate configuration governance so that security is embedded in the development process. We outline four easy steps (Control, Monitor, Fix, and Audit) and demonstrate how different services can be used to meet your governance needs.
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Amazon Web Services
(Presented by Alert Logic) AWS provides multiple levels of security between the physical server and facilities up to the host operating system and virtualization layer. This session covers strategies for ensuring your applications, network, and data are secure in a highly-scalable environment.
In this session, you receive practical guidance for implementing scalable web application security in the AWS cloud, including:
-Common techniques and tools used to provide security for auto-scaling web applications including Chef/Puppet, AWS CloudFormation, and Elastic Load Balancing.
-Using auto-scaling groups and requirements for management APIs in automatically deploying web security infrastructure.
-Common scaling triggers and mechanisms by which web application security infrastructure must scale to operate in lockstep with elastic web server farms.
-Approach for deploying application security controls embedded directly into web applications, and considerations for PaaS cloud environments.
This session is designed for an advanced audience with strong understanding of IP networking, web application security fundamentals, and experience in managing security infrastructure in a public cloud environment; however, the information covered is also of interest to intermediate attendees that set technology strategy and formulate requirements for cloud security controls.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
(ARC401) Cloud First: New Architecture for New InfrastructureAmazon Web Services
What do companies with internal platforms have to change to succeed in the cloud? The five pillars at the heart of IT solutions in the cloud are automation, fault tolerance, horizontal scalability, security, and cost-effectiveness. This talk discusses tools that facilitate the development and automate the deployment of secure, highly available microservices. The tools were developed using AWS CloudFormation, AWS SDKs, AWS CLI, Amazon RDS, and various open-source software such as Docker. The talk provides concrete examples of how these tools can help developers and architects move from beginning/intermediate AWS practitioners to cloud deployment experts.
February 2016 Webinar Series - Introducing VPC Support for AWS LambdaAmazon Web Services
You can now access resources within a Virtual Private Cloud (VPC) using AWS Lambda.
In this webinar, we will show how you can enable your AWS Lambda functions to access resources in a VPC. We will walk through the configuration details on how to set up this functionality, and we will demonstrate two sample scenarios. We will also discuss best practices of how to use AWS Lambda in a VPC and sample application designs.
Learning Objectives:
Learn how to access resources in a VPC with AWS Lambda
Who Should Attend:
Developers
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Amazon RDS allows customers to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. Amazon RDS provides you six familiar database engines to choose from, including Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB. In this session we will take a closer look at the capabilities of RDS and all the different options available. We will do a deep dive into how RDS works and how Aurora differs from the rest of the engines.
AWS re:Invent 2016: Amazon CloudWatch Logs and AWS Lambda: A Match Made in He...Amazon Web Services
In this session, we cover three common scenarios that include Amazon CloudWatch Logs and AWS Lambda. First, you learn how to build an Elasticsearch cluster from historical data using Amazon S3, Lambda, and CloudWatch Logs. Next, you learn how to add details to CloudWatch alarm notifications using Amazon SNS and Lambda. Finally, we show you how to bring Elastic Load Balancing logs to CloudWatch Logs using S3 bucket triggers from Lambda.
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...Amazon Web Services
AWS IAM and Amazon VPC offer powerful tools that help you adhere to the principle of least privilege in your resource permissions and network security settings. This workshop will start with the fundamentals of IAM and VPC security techniques and will give you hands-on experience in writing, testing, applying, troubleshooting, and auditing progressively more tightly scoped IAM policies. You will also get experience building and monitoring VPC security groups that grant only the access required to perform tasks.
Migrating from the data center to the cloud requires us to rethink much of what we do to secure our applications. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, you need to adapt your security architecture to meet both compliance and security threats. In the presentation we will cover topics including: - Minimize attack vectors and surface area - Perimeter assessments of your VPCs - Internal vs. External threats - Monitoring threats - Re-evaluating Intrusion Detection, Activity Monitoring, and Vulnerability Assessment in AWS
The population growth rate is the rate at which the number of individuals in a population increases in a given time period as a fraction of the initial population
Data driven literary analysis: an unsupervised approach to text analysis and ...Serena Peruzzo
Unsupervised document classification addresses the problem of assigning categories to documents without the use of a training set or predefined categories. This is useful to enhance information retrieval, the basic assumption being that similar contents are also relevant to the same query. A similar assumption is made in literature to define literary genres and sub-genres, where works which share specific conventions in terms of form and content are described by the same genre.
The talk gives an overview of document clustering and its challenges, with a focus on dimensionality reduction and how to address it with topic modelling techniques like LDA (Latent Dirichlet Allocation). Using Shakespeare’s body of work as a case study, the talk describes how to use nltk, sklearn and gensim to process and analyse theatrical works with the final goal of testing whether document clustering yields to the same classification given by literature experts.
Deck as presented at PyData Amsterdam 2016
In addition to running databases in Amazon EC2, AWS customers can choose among a variety of managed database services. These services save effort, save time, and unlock new capabilities and economies. In this session, we make it easy to understand how they differ, what they have in common, and how to choose one or more. We explain the fundamentals of Amazon DynamoDB, a fully managed NoSQL database service; Amazon RDS, a relational database service in the cloud; Amazon ElastiCache, a fast, in-memory caching service in the cloud; and Amazon Redshift, a fully managed, petabyte-scale data-warehouse solution that can be surprisingly economical. We will cover how each service might help support your application, how much each service costs, and how to get started.
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)Amazon Web Services
CloudCheckr Co-Founders Aaron Newman and Aaron Klein will highlight effective strategies and tools that AWS users can employ to improve their security posture. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Session sponsored by CloudCheckr.
AWS Competency Partner
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
We constantly hear about huge hacks in the media, with companies losing millions of dollars in an instant. While this problem is large for the enterprise side of the world, it is even more detrimental when it comes to the fedspace. CloudCheckr Co-Founder & CEO Aaron Newman will highlight effective strategies and tools that AWS users can employ to improve their security posture. Often times the biggest threat to security is the human, Aaron will go through ways to work around this and how you can shore up security to avoid these errors. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Learn More: https://aws.amazon.com/government-education/
Migrating from the data center to the cloud requires us to rethink much of what we do to secure our applications. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, you need to adapt your security architecture to meet both compliance and security threats.
In the presentation we will cover topics including:
- Minimize attack vectors and surface area
- Perimeter assessments of your VPCs
- Internal vs. External threats
- Monitoring threats
- Re-evaluating Intrusion Detection, Activity Monitoring, and Vulnerability Assessment in AWS
Talking about modern cloud architectures. AWS being the key component. The sides show how cloud solutions can be incorporated for different businesses. Different components of a cloud are explained in detail. With pictorial representations o the architecture.
An in-depth guide to VDI infrastructure delivering the best desktop/BYOD experience for your developers and other external knowledge workers. We will compare Amazon Workspaces with classic approaches to solving this challenge, and share best-practices for securing and managing a real-world production environment.
Speaker: Brett Looney, Solutions Architect, Amazon Web Services
Security in the cloud Workshop HSTC 2014Akash Mahajan
A broad overview of what it takes to be secure. This is more of an introduction where we introduce the basic terms around Cloud Computing and how do we go about securing our information assets(Data, Applications and Infrastructure)
The workshop was fun because all the slides were paired with real world examples of security breaches and attacks.
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Amazon Web Services
To arm you with best practices from day one, this session presents field-tested and reusable designs that’ll set you up for long-term success in the AWS cloud. From account creation and access configuration, through security considerations and VPC design, to the use of VPC peering, ELBs and Internet Gateways, we’ll walk you through the common infrastructure elements and recommended design patterns that lead to AWS cloud adoption success.
This session will start with an overview of the AWS security & compliance programs that enable financial services institutions to create secure workloads as they move to the cloud. We will dive into Financial Services Institutions (FSI) specific security considerations and regional regulations that may need to be considered.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
AWS Summit 2014 Perth - Breakout 3
The AWS Cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
Presenter: James Bromberger, Solutions Architect, Amazon Web Services
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and understand how to benefit from controls from the rich compliance and accreditation programs maintained by AWS. Speaker: Stephen Quigg, Solutions Architect, Amazon Web Services
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
This session will review how AWS allows FinTech’s across APAC to innovate at pace while maintaining the high level of security expected by the financial services community. We will review security domains including Infrastructure Security, Data Protection, Logging & Monitoring, Identity & Access Management and Intrusion Detection.
Similar to Hack proof your aws cloud cloudcheckr_040416 (20)
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
2. Changing Your Perspective
Moving to the Cloud = rethinking your perimeter security
How do I secure my business applications in AWS?
Rethink how you perform most security tasks:
• Network-based IPS/IDS
• Network scanning
• Penetration tests
• Vulnerability assessments
Focus on securing cloud workloads…
…not on securing the cloud
3. In the Traditional Data Center
Setting Up Perimeter Security:
• Setting up your infrastructure
• Setting up access points to the internet
• Configuring firewall, IDS, IPS, etc. at the access points
Auditing Your Perimeter Security:
• Gather set of IP Address blocks to poke at
• Do a port scan (using tools such as Nmap)
• Determine which ports are open on the target
• Try various exploits on the open ports.
• Sniff lots of packets
• Dig around to make sure no back doors into the network
• Wireless access points, secondary T1 lines, DSL connections
• VPN access from some other network
4. AWS: What’s Different?
The idea of physical security morphs as
infrastructure becomes virtualized by AWS APIs.
In a new world of ephemeral, auto-scaling infrastructure,
you need to adapt your security architecture to meet
both compliance and security threats.
Physical assets secured at the AWS availability zone
Must guard the AWS API
IAM Access is your new physical security
5. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge Locations
Network
Security
Inventory
& Config
Customer Applications & Content
You get to define
your controls IN
the Cloud
AWS takes care of
the security OF
the Cloud
You
AWS and You Share Responsibility for Security
Data
Security
Access
Control
6. Minimizing Attack Vectors
Principles don’t change
• Reduce your surface area!
• Defense-in-depth
Some attack vectors don’t change
• Application level
• user-privilege escalation, web app vulns, XSS
• Operating system vulnerabilities
• Database vulnerabilities
Some attack vectors change
• Homogeneous environment
• Polymorphic targets/mapping
• Reduced network sniffing
Security
Hardening
Configure and
manage user
privileges
Remove
unused user
accounts
Close unused
open network
ports
Enforce
password
complexity &
policies
Remove
unwanted
services
Patch all
known
vulnerabilities
7. Give me your network block
• Nmap
• Port scans
• Ping sweeps
• Etc…
Perimeter Assessments In the Cloud
How do I assess the perimeter of my cloud?
Let me see your configuration
• List of publicly-accessible
resources
• Security groups (Amazon
EC2-Classic, Amazon EC2-
VPC, Redshift, RDS, etc…)
• Routing tables, Network
ACL
• VPC, subnets
• Amazon S3 buckets and
permissions
• IAM policies
OLD
WORLD
NEW
WORLD
8. Virtual Private Clouds
Default VPC is created in every region
• VPCs are wide open by default
VPC is composed of:
• Internet and VPN gateways – connect to the rest
of the world
• 1+ subnet(s)
• Routing table – how to move traffic around the
VPC
• Network ACLs – a firewall but stateless
• Security groups – host-based firewall stateful
• Resources – Amazon EC2, RDS, Redshift,
ElastiCache
9.
10. Network Security in a VPC
Network ACLs (NACLs)
• Virtual firewalls assigned to VPC/Subnets
• Network ACLs are stateless; responses to allowed inbound
traffic are subject to the rules for outbound traffic (and vice versa).
• Rules evaluated numerical ascending – DENY can be overridden by
ALLOW
• Watch for INEFFECTIVE rules
Security Groups
• Host-based firewalls assigned to instances
• Stateful – responses to allowed inbound traffic are not subjected
to the rules for outbound traffic
• Rules are cumulative – DENY always overrides ALLOW
• Assigning wrong security group to an instance exposes the entire VPC
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-
security.html
11. Complex Connections to Amazon EC2
Amazon EC2 instance can be
run inside VPCs
•Legacy capability to run
outside VPCs
•Instance ID: i-001bac39
•Friendly name (implemented
as a tag): ISS-V2-API1
Amazon EC2 instance can be
given 1 or more private IP
addresses
•For example: 172.12.6.186
•This generates a DNS name
ip-172-12-6-186.us-west-
2.compute.internal
Amazon EC2 instance can be
given 1 or more public IP
addresses
•For example: 52.24.201.167
•This generates a DNS name
ec2-52-24-201-167.us-west-
2.compute.amazonaws.com
Amazon EC2 instance can be
attached to an Elastic IP
address (EIP)
•For example:
107.20.135.132
12. Running VA in Cloud Environments
How do I run Vulnerability Assessments?
Gather the list of
public IPs and EIPs of
all resources
Do I need to scan the
private IP addresses
and instances?
Scanning an AMI
Spin up a new
instance, run a scan on
the new instance
Mark everything based
on this AMI as
“scanned”
What about when an
instance “drifts” from
original AMI?
Someone can
reconfigure settings,
install new software
In an elastic, ephemeral, auto scaling environment
clouds can have tens of thousands of instances
13. Patching Strategies for AWS
“No Patch” Strategy
• Stay away from patching live systems
• Focus on patching templates/AMIs
• Deliver patches by redeploying workloads
• Dependent on adopting pure cloud architectures
Look at AWS OS Templates
• Patched by Amazon
Systematic Workload Reprovisioning
• Based on high-assurance repositories
• Effective battling Advanced Persistent Threats
14. What are we missing?
Don’t assume attacks only happen against Amazon EC2
Over 30 different AWS services
• Many have unique access control systems
You will have 100s of AWS accounts
We need a complete inventory
• All publicly-accessible endpoints and resources
Security breaches can happen with a single weak link
15. AWS Relational Database Service
Location
• Within a VPC or not, multi-AZ or not
Security options
• DB security groups (if not in a VPC) or Amazon EC2-VPC security groups
• Select a non-default database port
Only port RDS listens on is the database port
• Shutdown on all other ports (publicly, I’m sure AWS team can access the OS)
Publicly accessible option
• Not a good idea, but if you do this
• Make sure you use security groups to restrict source IP address
• Make sure you have latest patches applied
Secure your database snapshots
• Keys to the kingdom if someone can get a copy
• Brute-force passwords, restore to their own account
16. S3 (Simple Storage Service)
Up to 1000 buckets in an account
• Unlimited number of objects (billions is not uncommon)
Location
• Within a region, across multi-AZs, not housed in a VPC
• Can’t sit between client and storage
Security
• Access control through IAM policies, bucket policies, ACLs, and query string authentication
• Server-side Encryption, HTTPS support
• Server-access logs (does not integrate with CloudTrail)
Don’t grant FULL_CONTROL, WRITE_ACP, WRITE bucket permissions to Everyone EVER!!!
Create an inventory of your sensitive data
17. SQS (Simple Queuing Service)
Where does SQS live?
• Within a region, not within a VPC
• Uses a URL such as:
https://sqs.us-east-1.amazonaws.com/123456789012/MySQS
Security based on policy documents:
{
"Version": "2008-10-17",
"Id": "arn:aws:sqs:us-east-1:123456789012:MySQS/SQSDefaultPolicy",
"Statement": [
{
"Sid": "Sid1415217272568",
"Effect": "Allow", "Principal": { "AWS": "*" },
"Action": [
"SQS:ReceiveMessage", "SQS:SendMessage"
],
"Resource": "arn:aws:sqs:us-east-1:123456789012:MySQS"
},
18. SNS (Simple Notification Service)
SNS does not live inside your VPC
Permissions based on topic policies:
19. Using AWS CloudTrail
An AWS Service that records each time the AWS API is called
• Currently supports most AWS services
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/dochistory.html
Conveniently everything in AWS goes through the API
• Even actions in the Management Console go through the API
CloudTrail writes files into an Amazon S3 bucket
• Near real-time (every five minutes)
• Files are in JSON format
Get started at:
http://aws.amazon.com/cloudtrail/
20. Using CloudWatch Logs
Simple method of monitoring operating system logs
• Ship Windows event logs and syslogs to AWS CloudWatch
Types of use-case:
• Account Login Failure, Account Login Success, New local account
creation,
Excessive Login Failure (Configurable)
• Unauthorized Windows Admin Logon, Windows Account Lockout
Attempt,
Windows Computer Account Changes
• Windows Audit Policy Changes, Windows Event Log Cleared
• Non-Windows - Account Locked Out, Non-Windows - Account
Unlocked,
Changes to System or Audit log
Get started at:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuid
e/WhatIsCloudWatchLogs.html
21. Using Amazon VPC Flow Logs
An AWS service that records each time packets enter or leave a VPC
• http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html
Security team comes to you and says:
“We need logs going to instance 1-0123456 from
IP address ranges 52.205.16.0 - 52.205.31.255”
Monitor for DENY connections
• Gives you both security group and NACL denies
Announcement:
https://aws.amazon.com/about-aws/whats-new/2015/06/aws-launches-
amazon-vpc-flow-logs/
22. Tools For Configuring AWS Securely & Cost Effectively
Generic tools fall short
Purpose-built, not cloud-washed
• Make sure tools don’t fall over in the cloud
• Tools have to understand dynamic, ephemeral IPs
Need a deep understanding of AWS
• What does this means
• Context is important
• Actionable intelligence
23. Unified Cost & Security Management
Visualize deployed inventory in the cloud
What cloud users need… CloudCheckr provides…
Monitoring reports, generated and updated daily, listing all
additions, deletions, or modifications over the past 24 hours.
Comprehensive visibility & control on security, availability, cost and
usage with 350+ out-of-the-box best practice policies.
A detailed report of configured infrastructure, highlighting
and maintaining configuration records.
Detailed inventory reports designed to allow anyone from an to
obtain a complete picture of their AWS cloud deployment.
Multiple reports allowing required staff to dissect cloud costs.
Utilization reports to ensure infrastructure is running smoothly.
Maintain a cloud configuration historical record
Check best practices covering security,
availability, cost, and usage
Monitor changes in a cloud environment
Analyze usage in the cloud
Understand/Audit costs in the cloud
»
»
»
»
»
»
