Security, Identity, and Compliance
1.AWS Artifact
2.AWS Certificate Manager (ACM)
3.AWS CloudHSM
4.Amazon Cognito
5.Amazon Detective
6.Amazon GuardDuty
7.AWS Identity and Access Management (IAM)
8.Amazon Inspector
9.AWS License Manager
10.Amazon Macie
11.AWS Shield
12.AWS WAF
a. AWS Directory Services
b. AWS Audit manager
c. AWS Key Management Service (AWS KMS)
d. Penetration testing
AWS Artifact
AWS Artifact is a web service that enables you to download AWS security and compliance documents such as ISO certifications and SOC reports.
you get access to AWS Artifact Reports and AWS Artifact Agreements
________________________________________________________________________________________
AWS Certificate Manager (ACM)
is a service that lets you easily provision, manage, and deploy public and
private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates
for use with AWS services and your internal connected resources.
SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks.
________________________________________________________________________________________
AWS CloudHSM
AWS CloudHSM is a cloud-based "hardware security module"(HSM) that enables
you to easily generate and use your own encryption keys on the AWS Cloud.
________________________________________________________________________________________
Amazon Cognito
Amazon Cognito lets you add user sign-up, sign-in, and access control
to your web and mobile apps quickly and easily.
________________________________________________________________________________________
Amazon Detective
Amazon Detective makes it easy to analyze, investigate, and quickly
identify the root cause of "security findings or suspicious activities"
Detective automatically collects log data from your AWS resources.
It then uses machine learning, statistical analysis, and
graph theory to generate visualizations that help you to conduct
faster and more efficient security investigations.
________________________________________________________________________________________
Amazon GuardDuty :
"Intelligent threat detection" service. Continuous security monitoring service.
Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your "AWS environment".
________________________________________________________________________________________
AWS Identity and Access Management (IAM)
is a web service for securely controlling access to AWS services.
With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.
________________________________________________________________________________________
AWS inspector
Amazon Inspector is a security vulnerability assessment service that helps
improve the security and compliance of your AWS resources.
Inspector automatically assesses applications for vulnerabilities
or deviations from best practices and then produces a detailed list of security findings prioritized by level of severity.
________________________________________________________________________________________
Amazon Macie
is a fully managed data security and data privacy service.
Macie uses machine learning and pattern matching to help you discover,monitor,
and protect your sensitive data including "personal identifiable information (PII)"
such as names, addresses,in Amazon S3.
________________________________________________________________________________________
AWS Shield
AWS provides protection against DDoS attacks
AWS Shield Standard- is automatically included at no extra cost beyond what you already pay for AWS WAF and your other AWS services.
AWS Shield Advanced- AWS Shield Advanced provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones.
________________________________________________________________________________________
AWS WAF
is a web application firewall that lets you "monitor web requests" that are
forwarded to Amazon CloudFront distributions or an Application Load Balancer.
You can also use AWS WAF to block or allow requests based on conditions that you specify, such as the IP addresses that requests originate from or values in the requests.
________________________________________________________________________________________
AWS Directory Services :
Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done.
AWS Directory Service provides multiple ways to set up and run Microsoft Active Directory with other AWS services such as Amazon EC2, Amazon RDS for SQL Server, FSx for Windows File Server, and AWS Single Sign-On.
________________________________________________________________________________________
AWS Audit Manager
helps you continuously audit your AWS usage to simplify how you manage
risk and compliance with regulations and industry standards.
AWS Audit Manager makes it easier to evaluate whether your policies,
procedures, and activities—also known as controls—are operating as intended.
________________________________________________________________________________________
AWS Key Management Service (AWS KMS)
is an encryption and key management service scaled for the cloud.
AWS KMS keys and functionality are used by other AWS services,
and you can use them to protect data in your own applications that use AWS.
You can create, import, rotate, disable, delete, define usage policies for, and audit the use of encryption keys used to encrypt your data.
AWS Key Management Service is integrated with most other AWS services
making it easy to encrypt the data you store
AWS KMS is integrated with AWS CloudTrail which provides you the
ability to audit who used which keys, on which resources, and when.
________________________________________________________________________________________
Penetration testing
is the practice of testing one’s own application’s security for
vulnerabilities by simulating an attack
You do not need permission to perform penetration testing against this 8 services
[Acronym to remember BALL RACE]
B eanstalk
A urora
L ambda
L ightsail
R DS
A PI Gateway
C loudFront
E C2
_________________________________________________________________________________________
In case an account is or may be compromised, AWS recommend that the following steps are taken:
Change your AWS root account password.
Change all IAM user’s passwords.
Delete or rotate all programmatic (API) access keys.
Delete any resources in your account that you did not create.
Respond to any notifications you received from AWS through the
AWS Support Center and/or contact AWS Support to open a support case.
_________________________________________________________________________________________
abuse of AWS resources
Spam: You are receiving unwanted emails from an AWS-owned IP address, or AWS resources are used to spam websites or forums.
Port scanning: Your logs show that one or more AWS-owned IP addresses are sending packets to multiple ports on your server. You also believe this is an attempt to discover unsecured ports.
Denial-of-service (DoS) attacks: Your logs show that one or more AWS-owned IP addresses are used to flood ports on your resources with packets. You also believe that this is an attempt to overwhelm or crash your server or the software running on your server.
Intrusion attempts: Your logs show that one or more AWS-owned IP addresses are used to attempt to log in to your resources.
Hosting prohibited content: You have evidence that AWS resources are used to host or distribute prohibited content, such as illegal content or copyrighted content without the consent of the copyright holder.
Distributing malware: You have evidence that AWS resources are used to distribute software that was knowingly created to compromise or cause harm to computers or machines that it's installed on.
No comments:
Post a Comment