CSA Talk May 2018: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
== Abstract == | |||
AWS introduces many new capabilities for provisinf IT services. They do so in a software defined way and give you lots of options. | |||
All of the services provided by AWS take se | |||
== A Grab Bag of Security Practices == | == A Grab Bag of Security Practices == | ||
| Line 9: | Line 14: | ||
** aws-config-rules https://github.com/awslabs/aws-config-rules | ** aws-config-rules https://github.com/awslabs/aws-config-rules | ||
*** Sample implement 2 of these | *** Sample implement 2 of these | ||
* truffle hog | |||
* root mfa | * root mfa | ||
Revision as of 17:52, 17 April 2018
Abstract
AWS introduces many new capabilities for provisinf IT services. They do so in a software defined way and give you lots of options.
All of the services provided by AWS take se
A Grab Bag of Security Practices
- tools to help with securoty
- some free some not free
- cloudcheckr
- aws-config-rules https://github.com/awslabs/aws-config-rules
- Sample implement 2 of these
- truffle hog
- root mfa
- using roles to access account from a central place.
- using peering to central manage.
- Diagram
- using config rules
- IAM policy best practices.
- Auditing and forensics.
- the cloudtrail -> s3 -> cloudwatch trinity
- s3 replication
- s3 imutablity
- Anomaly detection datadog
- anti patterns
- egress backhaul
- Partners and Vendor: what can my vendor do?
