CSA Talk May 2018: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:


Sca
== Abstract ==
 
AWS introduces many new capabilities for provisinf IT services. They do so in a software defined way and give you lots of options.
 
All of the services provided by AWS take se
 


== A Grab Bag of Security Practices ==
== A Grab Bag of Security Practices ==
Line 9: Line 14:
** aws-config-rules https://github.com/awslabs/aws-config-rules
** aws-config-rules https://github.com/awslabs/aws-config-rules
*** Sample implement 2 of these
*** Sample implement 2 of these
* truffle hog


* root mfa
* root mfa

Revision as of 17:52, 17 April 2018

Abstract

AWS introduces many new capabilities for provisinf IT services. They do so in a software defined way and give you lots of options.

All of the services provided by AWS take se


A Grab Bag of Security Practices

  • truffle hog
  • root mfa
  • using roles to access account from a central place.
  • using peering to central manage.
    • Diagram
  • using config rules
  • IAM policy best practices.
  • Auditing and forensics.
    • the cloudtrail -> s3 -> cloudwatch trinity
    • s3 replication
    • s3 imutablity
    • Anomaly detection datadog
  • anti patterns
    • egress backhaul
  • Partners and Vendor: what can my vendor do?