Incident Response Flashcards
AWS AUP Categories
- No Illegal, Harmful or Offensive Use or Content
- No Security Violations
- No Network Abuse
- No Mass or unsolicited message abuse
Pre approved PT services
Amazon EC2 instances NAT Gateways Elastic Load Balancers Amazon RDS Amazon CloudFront Amazon Aurora Amazon API Gateways AWS Lambda and Lambda Edge functions Amazon Lightsail resources Amazon Elastic Beanstalk environments
Prohibited PT Services
DNS zone walking via Amazon Route 53 Hosted Zones
Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS
Port flooding
Protocol flooding
Request flooding (login request flooding, API request flooding)
How long does it take the AWS team to approve Other Simulated Events?
7 days post acknowledgement of the request
Who are the 3 Pre-approved vendors that provide DDoS Simulation?
1) Red Wolf Security
2) NCC Group
3) AWS ProServ
Components of AWS CAF Security Perspective
1) Directive controls
2) Preventive controls
3) Detective controls
4) Response
Directive Controls
establish the governance, risk, and compliance models within which the environment operates.
Preventive Controls
protect your workloads
and
mitigate threats and vulnerabilities.
Detective Controls
provide full visibility and transparency over the operation of your deployments in AWS.
Responsive Controls
drive remediation of potential deviations from your security baselines.
Cloud Security Incident domains that are the Customer’s Responsibility?
1) Service Domain
2) Infrastructure Domain
3) Application Domain
In the Incident domains in which domain is AWS API solely used for Incident response
Service Domain
Indicators of Cloud Security Events
1) Logs and Monitors
2) Billing Activity
3) Threat Intelligence
4) Partner Tools
5) AWS Outreach
6) One-time Contract
What is the AWS centralized logging solution?
Amazon Elasticsearch Service (Amazon ES)
