CSA Talk May 2018: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
== A Grab Bag of Security Practices == | == A Grab Bag of Security Practices == | ||
* tools to help with securoty | |||
** some free some not free | |||
** cloudcheckr | |||
** aws-config-rules https://github.com/awslabs/aws-config-rules | |||
*** Sample implement 2 of these | |||
* root mfa | * root mfa | ||
* using roles to access account from a | * using roles to access account from a central place. | ||
* using peering to central manage | * using peering to central manage. | ||
** Diagram | |||
* using config rules | * using config rules | ||
* IAM policy best practices. | * IAM policy best practices. | ||
* Auditing and forensics. | * Auditing and forensics. | ||
** the cloudtrail -> s3 -> cloudwatch trinity | ** the cloudtrail -> s3 -> cloudwatch trinity | ||
| Line 14: | Line 22: | ||
** s3 imutablity | ** s3 imutablity | ||
** Anomaly detection datadog | ** Anomaly detection datadog | ||
* anti patterns | * anti patterns | ||
** egress backhaul | ** egress backhaul | ||
* Partners and Vendor: what can my vendor do? | * Partners and Vendor: what can my vendor do? | ||
Revision as of 17:50, 17 April 2018
Sca
A Grab Bag of Security Practices
- tools to help with securoty
- some free some not free
- cloudcheckr
- aws-config-rules https://github.com/awslabs/aws-config-rules
- Sample implement 2 of these
- root mfa
- using roles to access account from a central place.
- using peering to central manage.
- Diagram
- using config rules
- IAM policy best practices.
- Auditing and forensics.
- the cloudtrail -> s3 -> cloudwatch trinity
- s3 replication
- s3 imutablity
- Anomaly detection datadog
- anti patterns
- egress backhaul
- Partners and Vendor: what can my vendor do?
