CSA Talk May 2018

From Federal Burro of Information
Revision as of 17:52, 17 April 2018 by David (talk | contribs)
Jump to navigationJump to search

Abstract

AWS introduces many new capabilities for provisinf IT services. They do so in a software defined way and give you lots of options.

All of the services provided by AWS take se


A Grab Bag of Security Practices

  • truffle hog
  • root mfa
  • using roles to access account from a central place.
  • using peering to central manage.
    • Diagram
  • using config rules
  • IAM policy best practices.
  • Auditing and forensics.
    • the cloudtrail -> s3 -> cloudwatch trinity
    • s3 replication
    • s3 imutablity
    • Anomaly detection datadog
  • anti patterns
    • egress backhaul
  • Partners and Vendor: what can my vendor do?