AWS Security principle Flashcards
Physical Security
Fire detection and suppresion Power Climate and Temperature Management Storage Device Decommissioning
Business Continuity Management
Business unit checking for Avalaibility Incident Response Company Wide Executive Review Communication
Network Security
Secure Network Architecture Secure Access Points Transmission Protection Amazon Corporate Segregation Fault Tolerant Design Network Monitoring and Protection
AWS Access
Account Review and audit
Background Checks
Credential Policy
Secure Design Principle
Change Management
- Software
- Infrastructure
Why trust AWS ?
Compliance Programs Iso27001 (International data) PCIDSS HIPAA (MEDICAL DATA) Check compliance page for local
Define Familiar Security in AWS ?
Visibility Auditability Controllability Agility Automation Scale
What to use for visibility in AWS ?
AWS config - allow to discover entire assets
What to use for Auditability in AWS ?
Comply with polices and regulations
AWS CloudTrail
Record API call
What to use for data controllability in AWS ?
AWS KMS and AWS CloudHSM
Kind of same service but
AWS KMS - Multi-TENANT (Underline hardware is shared)
AWS CloudHSM - Dedicated security hardware (much more expensive) Compliace FIPS 140-2
What to use for agility in AWS ?
AWS CloudFromation
AWS Elastic Beanstalk
Update EC2, Download security patches to varous EC2
Massive update and changes tools
What to use for repeatability in AWS ?
AWS OpsWorks
AWS CodeDeploy
What to use for scale of AWS
Every customer gets the same AWS security foundations
Fortune 500 quality services
Other kind of services in AWS related to security ?
AWS IAM (Identification Management) AWS CloudWatch (monitoring) AWS Trusted Advisor (Get professional advice from machine or human to get more secure)
