BEST PRACTICES TO PROTECTING AWS CLOUD RESOURCES

Size: px
Start display at page:

Download "BEST PRACTICES TO PROTECTING AWS CLOUD RESOURCES"

Transcription

1 E-Guide BEST PRACTICES TO PROTECTING AWS CLOUD RESOURCES SearchAWS

2 T here is no catch-all for securing a cloud network. Administrators should take a comprehensive approach to protect AWS cloud resources including protecting network access control, security groups and more. This e-guide, from our experts at SearchAWS.com, explores solutions to effectively secure applications and data in the AWS cloud. PAGE 2 OF 12

3 CLOUD SECURITY TOOLS THWART ATTACKS ON AWS INFRASTRUCTURE Third-party cloud security tools that preceded features such as the VPC have guarded against SSL vulnerabilities and worked behind the scenes at Web security firms in recent years. And despite their cost, AWS shops will continue to use them to supplement AWS security. Amazon Web Services (AWS) customers chose tools such as Evident.io s Evident Security Platform and Dome9 Security Ltd. s SecOps to secure workloads on the public cloud infrastructure prior to Amazon s introduction of tools that include Amazon Inspector and AWS Config Rules. In the case of Dome9 customer Nexgate, the companied relied on such tools before Virtual Private Clouds (VPCs) were enabled by default. VPCs have existed since 2009, but didn t add features like multiple IP addresses, multiple network interfaces, dedicated instances and statically routed VPN connections until later. And it wasn t until early 2013 that newly created instances were in VPCs by default. Nexgate, a firm specializing in social media security and compliance, needs PAGE 3 OF 12

4 to offer its customers a secure, and the VPC shortcomings were a problem. Dome9 SecOps closed by default stance on AWS networking intrigued Sunnyvale, Calif.-based Nexgate. What Dome9 allows us to do is set [instances] up so [their ports] are simply closed by default, said Rich Sutton, co-founder and CTO for Nexgate, which was acquired by security vendor Proofpoint last year. There s no access at all. It s an attack surface that we eliminate. When instances need to be accessed, individuals who are authorized to do so can use Dome9 to open a port for a small period of time, do the work they need to do, typically through Secure Shell, and then close the port back down when they are done. As we put systems into new regions we tend to try to fit them into VPCs, but there are still very good reasons even when you re using a VPC to take that closed-by-default stance, Sutton said. Attackers look for services they can connect to once they gain access to a system, he said. That could be a Web interface or an administrative interface. Often, administrative applications aren t necessarily implemented with the same standards and security controls a shop might have on the front-end of an application that is exposed to the Internet, Sutton said. PAGE 4 OF 12

5 It s a great safety net to know that none of those applications are even open to the Internet -- they re not detectable or connectable by attackers because of Dome9, Sutton said. This could be done inside of AWS as well, but it would be a manual process, he said. Dome9 just curtails all that, Sutton said. Dome9 s product is priced at $599 per month for 50 servers. EVIDENT.IO UNCOVERS SSL VULNERABILITIES FOR AWS SHOP More recently, another company that operates in the social media world, Jobvite, Inc., a talent acquisition firm in San Francisco, remediated against the HeartBleed and POODLE security vulnerabilities in its using Evident.io s configuration scanning tool. Jobvite, which links firms with job candidates via social media and also makes software to handle job interview scheduling and review, migrated its entire production infrastructure to AWS as of July of last year. The company had some instances running in the Elastic Ccompute Cloud (EC2) beforehand. Today it has more than 500 EC2 instances under management. Jobvite s senior director of SaaS operations Theodore Kim encountered Evident.io at AWS re:invent 2013,the year the company launched. By the spring PAGE 5 OF 12

6 of 2014, when the Heartbleed SSL vulnerability was found in some instances of Amazon s Elastic Load Balancing (ELB), Evident.io picked up on the vulnerability in Jobvite s infrastructure less than 24 hours after AWS delivered a patch and recommended SSL certificates be rotated. We then had the affected SSL certs re-keyed and re-installed on our ELBs, Kim said. Then, in October of 2014, Evident.io s product found that many of Jobvite s ELBs were also vulnerable to the POODLE attack, which Amazon first acknowledged on its website the same day Evident.io picked it up in Jobvite s environment. We removed SSLv3 protocol support from the ciphers to remediate, Kim said, a step also recommended by Evident.io. Fast forward two years from the conference where Kim first encountered Evident.io, and AWS rolled out its own security configuration scanning tools in Amazon Inspector and AWS Config Rules. Kim said he ll probably stick with the tool he knows in Evident.io, though it comes with a significant price tag of $1,000 per month for the Enterprise plan, which Jobvite uses. Pricing has not yet been set for Amazon Inspector, which is in preview, but Config Rules costs $2 per active rule per month. PAGE 6 OF 12

7 The Heartbleed and POODLE vulnerabilities were the most critical ones found by Evident.io, but Kim said the tool also frequently informs Jobvite s change management system. So, in the scenario of introducing a new host, Evident.io can flag whether it s running a default Access Control List (ACL). Evident.io immediately finds this and says, This is running a default ACL. You shouldn t do this, Kim said. That is something that can be missed, especially when you re running hundreds of systems. PAGE 7 OF 12

8 APPLY THESE NETWORK SECURITY MEASURES TO DEFEND AN AWS CLOUD Securing applications and data in the AWS cloud is a multifaceted process that includes multiple services and controls. There are a few important network security measures that enterprises must follow when designing an AWS environment, including security groups, subnets and virtual private clouds. SECURITY GROUPS Security groups are virtual firewalls that control inbound and outbound traffic to a variety of Amazon Web Services (AWS) resources, including VMs, load balancers and Relational Database Services. A security group is a set of rules on inbound and outbound traffic. For example, to allow a Secure Socket Shell (SSH) connection to a server, a security group on the instance would need a rule allowing inbound and outbound TCP traffic on Port 22. Because most administrators don t want to give anyone the ability to connect via SSH to their servers, security group rules include a specification of allowed source addresses for inbound traffic and destinations for outbound traffic. PAGE 8 OF 12

9 AWS security groups determine access at a network s protocol layers. It s best to minimize the number of open ports to only those needed to support applications running on the servers. In fully automated configurations, when an admin shouldn t have to log in to an instance, even Port 22 can be blocked. SUBNETS AND NETWORK ACCESS CONTROL LISTS Subnets are logically distinct subsections of larger networks. In AWS, a subnet is managed as a range of IP addresses and resources located within a single availability zone -- the functional equivalent of a data center. Limiting routes to gateways further controls access to subnets; IP traffic can pass between any two devices within the subnet and can pass to devices outside the subnet if a gateway is available. If a subnet has a route to an Internet gateway, it is considered a public subnet. When traffic routes to a virtual private gateway, it is considered a VPN-only subnet. Network access control lists (NACLs) provide more granular control. NA- CLs are firewalls that function similar to AWS security groups, but apply to subnets -- not individual virtual devices. NACLs allow and deny rules. Unlike subnets, which are stateful and allow return traffic automatically, NACLs are stateless and must have rules set to explicitly allow return traffic. The NACL PAGE 9 OF 12

10 rules of a subnet apply to all instances in the subnet. Subnets are used to create logical layers, such as DMZ-hosting Internet-accessible Web servers, services subnets that run microservices and data services layers that contain database servers. Subnets and NACLs help to minimize the type of traffic in each layer. For example, traffic from the services subnet to the data subnet might be restricted to TCP traffic on ports the database server uses. Because NACLs and security groups provide similar protections, there are times when both could be used to meet the same requirements. If, for example, an enterprise has a small number of application and database servers, a set of security groups might be easier to manage and just as effective as using security groups with NACLs. With NACLs, if someone mistakenly misconfigures an instance in a subnet, the NACL rules will apply traffic to and from that instance. VIRTUAL PRIVATE CLOUDS Another important network security measure in AWS is the use of virtual private clouds (VPCs). One of the most obvious differences between deploying infrastructure for infrastructure as a service (IaaS) and an on-premises data center is that IaaS customers all share the same physical infrastructure. Enterprise customers often require networking abstractions and controls that apply PAGE 10 OF 12

11 to all resources, including subnets and machine instances. A VPC is a virtual network within a single AWS account that can span multiple availability zones. VPCs can include multiple subnets and an Internet gateway. The default subnet associated with a VPC has a route to the Internet gateway, but other subnets can be private with no Internet access. VPCs can connect to on-premises infrastructure using an IPsec VPN. A virtual gateway is used on the VPC and a physical device is located at the on-premises data center. The combination of security groups, subnets, NACLs and VPCs create the building blocks for network security measures in AWS. Security groups function at the level of single machine instances. Network control lists provide a way to define more granular, traffic-control rules at the subnet level. Virtual private clouds enable a logical network that spans availability zones and contains multiple subnets. And it supports the extension of an on-premises network into the cloud using a VPN. PAGE 11 OF 12

12 FREE RESOURCES FOR TECHNOLOGY PROFESSIONALS TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts. WHAT MAKES TECHTARGET UNIQUE? TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers all to create compelling and actionable information for enterprise IT professionals across all industries and markets. PAGE 12 OF 12

AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER?

AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER? E-Guide AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER? SearchSecurity A pplication development teams often prioritize timely delivery of software above all other concerns

More information

TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS

TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS E-Guide TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS SearchSDN T here is some confusion surrounding as there is no one definition. In this exclusive guide, you ll find ten to help you better understand

More information

E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY

E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY P aranoia has crept into many organizations due to the cloud computing approach, and how it feels insecure with your data stored

More information

AUTHENTICATION AND AUTHORIZATION: TWO SECURITY ESSENTIALS THAT WORK TOGETHER

AUTHENTICATION AND AUTHORIZATION: TWO SECURITY ESSENTIALS THAT WORK TOGETHER E-Guide AUTHENTICATION AND AUTHORIZATION: TWO SECURITY ESSENTIALS THAT WORK TOGETHER SearchSecurity E ffective IT security today demands that users be both authenticated and authorized. But even those

More information

VMware vsphere Beginner s Guide

VMware vsphere Beginner s Guide The latest version of VMware s virtualization platform, vsphere 5, builds on the already solid foundation of. With the growth of cloud computing and the move from ESX to ESXi, it s imperative for IT pros

More information

SUPPLEMENTARY DEFENSES FOR ENDPOINT SECURITY

SUPPLEMENTARY DEFENSES FOR ENDPOINT SECURITY E-Guide SUPPLEMENTARY DEFENSES FOR ENDPOINT SECURITY SearchSecurity L earn how network access control, data loss prevention (DLP) and robust data destruction can secure endpoints and protect enterprise

More information

SSL Certificate Management: Common Mistakes and How to Avoid Them

SSL Certificate Management: Common Mistakes and How to Avoid Them Common Mistakes and How to Avoid Them Common Mistakes and Errors are bound to occur when SSL certificate management is handled manually. Learn how to avoid these common mistakes. How to Avoid Them By:

More information

NETWORK-BASED CONTROLS: SECURING THE INTERNET OF THINGS

NETWORK-BASED CONTROLS: SECURING THE INTERNET OF THINGS E-Guide NETWORK-BASED CONTROLS: SECURING THE INTERNET OF THINGS SearchSecurity D evices may not connect to enterprise access systems or inventory and patching mechanisms. This expert eguide explains how

More information

KNOW THE FEATURES OF WINDOWS SERVER 2012 R2

KNOW THE FEATURES OF WINDOWS SERVER 2012 R2 E-Guide KNOW THE FEATURES OF WINDOWS SERVER 2012 R2 SearchWindows Server T hinking of upgrading to Windows Server 2012 R2? In this eguide learn about five new features. From managing the cloud faster to

More information

Best Practices for the Hybrid Cloud

Best Practices for the Hybrid Cloud Best Practices for the Hybrid Cloud Private clouds have been a popular topic amongst IT managers in the past year, but IT organizations that build private clouds need the peak computing power of a public

More information

Server Hardware for Virtualization: Exploring the Options

Server Hardware for Virtualization: Exploring the Options Server Virtualization: Exploring the Options As virtualization moves toward the private cloud, server hardware will also have to evolve. Soon, when you talk about hardware for virtualization, you ll mean

More information

WHAT NETWORK VIRTUALIZATION TECHNOLOGY CAN DO FOR YOUR NETWORK TODAY

WHAT NETWORK VIRTUALIZATION TECHNOLOGY CAN DO FOR YOUR NETWORK TODAY E-Guide WHAT NETWORK VIRTUALIZATION TECHNOLOGY CAN DO FOR YOUR NETWORK TODAY SearchSDN : S oftware-defined networking (SDN) and network technologies are being combined to fundamentally change our approach

More information

E-Guide WHAT WINDOWS 10 ADOPTION MEANS FOR IT

E-Guide WHAT WINDOWS 10 ADOPTION MEANS FOR IT E-Guide WHAT WINDOWS 10 ADOPTION MEANS FOR IT E nterprise adoption of Windows 10 isn t likely to follow the same pattern as for Windows 7, and that s a good thing, writes columnist Brian Madden. And even

More information

10 Cloud Storage Concepts to Master

10 Cloud Storage Concepts to Master 10 Cloud Storage Concepts to Master Cloud hype has given way to a certain amount of confusion, particularly around the terms used to describe the technology itself. This E-Guide defines "cloud washing"

More information

PREVENTING PRIVILEGE CREEP

PREVENTING PRIVILEGE CREEP E-Guide PREVENTING PRIVILEGE CREEP SearchSecurity Mike Cobb The security principle of least privilege is the practice of limiting permissions to the minimal level that will allow users to perform their

More information

Desktop Virtualization: What Windows Managers Should Know

Desktop Virtualization: What Windows Managers Should Know One of the biggest jobs for any Windows shop is managing client workstations. Using desktop virtualization can help make that job a little bit easier. This e-guide, from SearchVirtualDesktop.com, can help

More information

ADDRESSING TODAY S VULNERABILITIES

ADDRESSING TODAY S VULNERABILITIES E-Guide ADDRESSING TODAY S VULNERABILITIES SearchSecurity E ven if your firm has no legal or contractual obligation to perform them, authenticated scans should be an essential part of your security program.

More information

LESSONS LEARNED FROM AN OFFICE 365 MIGRATION

LESSONS LEARNED FROM AN OFFICE 365 MIGRATION E-Guide LESSONS LEARNED FROM AN OFFICE 365 MIGRATION SearchExchange Office 365. O ffice 365 s take time and careful research, but even then, some mistakes are inevitable. Find out what one expert learned

More information

25 Best Practice Tips for architecting Amazon VPC

25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC Amazon VPC is one of the most important feature introduced by AWS. We have been using AWS from 2008 and

More information

Requirements for virtualizing Exchange Server 2010

Requirements for virtualizing Exchange Server 2010 Requirements for Exchange : Hardware Microsoft Exchange Server is one of the most mission-critical IT services for many enterprises. Yet while isn t difficult, it must be done properly to ensure success.

More information

Identify and Eliminate Oracle Database Bottlenecks

Identify and Eliminate Oracle Database Bottlenecks Identify and Eliminate Oracle Database Bottlenecks Improving database performance isn t just about optimizing your queries. Oftentimes the infrastructure that surrounds it can inhibit or enhance Oracle

More information

Utilizing Windows Server 2012 without the GUI Key workarounds for avoiding the Modern UI

Utilizing Windows Server 2012 without the GUI Key workarounds for avoiding the Modern UI Utilizing Windows Server 2012 Key workarounds for avoiding the Modern UI Even though the graphical user interface (GUI) Microsoft introduced in Windows Server 2012 has its benefits, IT admins are reluctant

More information

SDN Technologies Primer: Revolution or Evolution in Architecture?

SDN Technologies Primer: Revolution or Evolution in Architecture? There is no single, clear definition of softwaredefined networking (SDN), but there are two sets of beliefs centralized control and management of packet forwarding vs. a distributed architecture. This

More information

Evaluating the Security of Software Defined Networking

Evaluating the Security of Software Defined Networking Evaluating the Security of Software Defined Networking This expert e-guide explores the latest challenges in network security. Get tips for evaluating network security virtualization and explore the security

More information

E-Guide BENEFITS AND DRAWBACKS OF SSD, CACHING, AND PCIE BASED SSD

E-Guide BENEFITS AND DRAWBACKS OF SSD, CACHING, AND PCIE BASED SSD E-Guide BENEFITS AND DRAWBACKS OF SSD, CACHING, AND PCIE BASED SSD A modern trend in IT infrastructures reveals that more and more companies are installing solid-state storage and caching. Additionally,

More information

BRING SPEAR PHISHING PROTECTION TO THE MASSES

BRING SPEAR PHISHING PROTECTION TO THE MASSES E-Guide BRING SPEAR PHISHING PROTECTION TO THE MASSES SearchSecurity phishing. I n this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put

More information

MANAGING ENDPOINTS WITH DEFENSE- IN-DEPTH

MANAGING ENDPOINTS WITH DEFENSE- IN-DEPTH E-Guide MANAGING ENDPOINTS WITH DEFENSE- IN-DEPTH SearchSecurity L earn how to implement appropriate security controls for endpoint management. PAGE 2 OF 7 MANAGING ENDPOINTS WITH DEFENSE-IN-DEPTH Mike

More information

SECURITY MONITORING: BE EVERYWHERE AT ONCE

SECURITY MONITORING: BE EVERYWHERE AT ONCE E-Guide SECURITY MONITORING: BE EVERYWHERE AT ONCE SearchNetworking P ervasive security improves on defense in depth by layering security according to risk and assigning it specifically to each critical

More information

Getting Started with AWS Security

Getting Started with AWS Security Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move

More information

MyIGW Main. Oregon. MyVPC /16. MySecurityGroup / us-west-2b. Type Port Source SSH /0 HTTP

MyIGW Main. Oregon. MyVPC /16. MySecurityGroup / us-west-2b. Type Port Source SSH /0 HTTP MyIGW Main Oregon MyVPC 10.0.0.0/16 10.0.1.0/24 10.0.1.0 -- us-west-2a MySecurityGroup 10.0.2.0/24 10.0.2.0 -- us-west-2b MyWebServer1 MyDBServer DMZ MyInternetRouteTable 0.0.0.0/0 IGW Type Port Source

More information

An introduction to the VDI landscape

An introduction to the VDI landscape The : An Virtual desktop infrastructures are quickly gaining popularity in the IT industry as end users are now able to connect to their desktops from any location, at any time. This e-guide, from SearchVirtualDesktop.com,

More information

Solid State Storage: Trends, Pricing Concerns, and Predictions for the Future

Solid State Storage: Trends, Pricing Concerns, and Predictions for the Future Solid State Storage: Trends, Pricing Concerns, and Predictions for the Future Solid state storage is ready for prime time, or so the latest awareness and usage statistics would indicate. Moreover, a recent

More information

25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles

25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles 25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC Amazon VPC is one of the most important feature introduced by AWS. We have been using AWS from 2008 and

More information

BUYING SERVER HARDWARE FOR A SCALABLE VIRTUAL INFRASTRUCTURE

BUYING SERVER HARDWARE FOR A SCALABLE VIRTUAL INFRASTRUCTURE E-Guide BUYING SERVER HARDWARE FOR A SCALABLE VIRTUAL INFRASTRUCTURE SearchServer Virtualization P art 1 of this series explores how trends in buying server hardware have been influenced by the scale-up

More information

Storage Virtualization Explained

Storage Virtualization Explained Storage Virtualization Explained In order to understand the benefits of storage virtualization, it is important to understand how it works. In this e-guide, brought to you by SearchServerVirtualization.com,

More information

E-Guide DATABASE DESIGN HAS EVERYTHING TO DO WITH PERFORMANCE

E-Guide DATABASE DESIGN HAS EVERYTHING TO DO WITH PERFORMANCE E-Guide DATABASE DESIGN HAS EVERYTHING TO DO WITH PERFORMANCE D atabase performance can be sensitive to the adjustments you make to design. In this e-guide, discover the affects database performance data

More information

Amazon Web Services Hands- On VPC

Amazon Web Services Hands- On VPC Amazon Web Services Hands- On VPC Copyright 2011-2015, Amazon Web Services, All Rights Reserved Page 1 Table of Contents Overview... 3 Create a VPC... 3 VPC Object Walkthrough... 6 Your VPCs... 6 Subnets...

More information

lab Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC V1.01 AWS Certified Solutions Architect Associate lab title

lab Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC V1.01 AWS Certified Solutions Architect Associate lab title lab lab title Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC V1.01 Course title AWS Certified Solutions Architect Associate Table of Contents Contents Table of Contents...

More information

Disaster recovery planning for health care data and HIPAA compliance regulations

Disaster recovery planning for health care data and HIPAA compliance regulations Disaster recovery care data and HIPAA compliance regulations Disaster recovery care Disaster recovery planning takes on special importance in health care organizations dealing with patients and care delivery.

More information

Disaster Recovery Planning: Weighing your customer s options

Disaster Recovery Planning: Weighing your customer s options Disaster Recovery Planning: Weighing your Even though backing up data and developing a plan to restore it isn't the first step in business continuity planning (BCP), it's still a cornerstone. Without a

More information

Hackproof Your Cloud Responding to 2016 Threats

Hackproof Your Cloud Responding to 2016 Threats Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving

More information

Understanding the Value behind Enterprise Application-Aware Firewalls

Understanding the Value behind Enterprise Application-Aware Firewalls Value behind Enterprise Application-Aware Firewalls Value behind Enterprise Firewalls have remained largely unchanged since their emergence 25 years ago, but with Web 2.0 technologies surfacing, organizations

More information

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC Building a Modular and Scalable Virtual Network Architecture with Amazon VPC Quick Start Reference Deployment Santiago Cardenas Solutions Architect, AWS Quick Start Reference Team August 2016 (revisions)

More information

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions SAA-C01 AWS Solutions Architect Associate Exam Summary Syllabus Questions Table of Contents Introduction to SAA-C01 Exam on AWS Solutions Architect Associate... 2 AWS SAA-C01 Certification Details:...

More information

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP Networking in AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,

More information

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd. Securing Amazon Web Services (AWS) EC2 Instances with Dome9 A Whitepaper by Dome9 Security, Ltd. Amazon Web Services (AWS) provides business flexibility for your company as you move to the cloud, but new

More information

The Technology Behind Datrium Cloud DVX

The Technology Behind Datrium Cloud DVX The Technology Behind Datrium Cloud DVX 385 Moffett Park Dr. Sunnyvale, CA 94089 844-478-8349 www.datrium.com Technical Report Public cloud as a new backup target Dedicated tape or disk based backup and

More information

A primer to SQL Server 2012

A primer to SQL Server 2012 A primer to SQL Server 2012 Many industry insiders have declared SQL Server 2012 to be the strongest version Microsoft has released in a long time. The 2012 edition offers new features geared toward enterprises

More information

AWS Integration Guide

AWS Integration Guide AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute

More information

ADOPTING FIDO SearchSecurity

ADOPTING FIDO SearchSecurity E-Guide SearchSecurity T he inability of passwords to keep online accounts secure has been recognized for quite some time, but the IT industry has struggled to establish a practical alternative. PAGE 2

More information

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm whitepaper Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm When your company s infrastructure was built on the model of a traditional on-premise data center, security was pretty

More information

Virtual Private Cloud. User Guide. Issue 21 Date HUAWEI TECHNOLOGIES CO., LTD.

Virtual Private Cloud. User Guide. Issue 21 Date HUAWEI TECHNOLOGIES CO., LTD. Issue 21 Date 2018-09-30 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any

More information

TIBCO Cloud Integration Security Overview

TIBCO Cloud Integration Security Overview TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized

More information

Configure IBM Security Identity Manager Virtual Appliance in Cloud

Configure IBM Security Identity Manager Virtual Appliance in Cloud Configure IBM Security Identity Manager Virtual Appliance in Cloud Rahul Relan rarelan3@in.ibm.com Nnaemeka Emejulu eemejulu@us.ibm.com Parag Gokhale parag.gokhale@in.ibm.com Abstract: Installing IBM Security

More information

CogniFit Technical Security Details

CogniFit Technical Security Details Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................

More information

STORAGE NETWORKING TECHNOLOGY STEPS UP TO PERFORMANCE CHALLENGES

STORAGE NETWORKING TECHNOLOGY STEPS UP TO PERFORMANCE CHALLENGES E-Guide STORAGE NETWORKING TECHNOLOGY STEPS UP TO PERFORMANCE CHALLENGES SearchStorage S torage network technology is changing and speed is the name of the game. To handle the burgeoning data growth, organizations

More information

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,

More information

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments The New Normal Unique Challenges When Monitoring Hybrid Cloud Environments The Evolving Cybersecurity Landscape Every day, the cybersecurity landscape is expanding around us. Each new device connected

More information

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions 1) A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI.

More information

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Look Who s Hiring! AWS Solution Architect   AWS Cloud TAM Look Who s Hiring! AWS Solution Architect https://www.amazon.jobs/en/jobs/362237 AWS Cloud TAM https://www.amazon.jobs/en/jobs/347275 AWS Principal Cloud Architect (Professional Services) http://www.reqcloud.com/jobs/701617/?k=wxb6e7km32j+es2yp0jy3ikrsexr

More information

How to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT

How to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT How to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT Table of Contents TABLE OF CONTENTS... 1 TEST NETWORK DIAGRAM... 2 PREPARING YOUR VPC... 3 IP addressing... 3 Virtual Private Cloud (VPC)...

More information

Configuring AWS for Zerto Virtual Replication

Configuring AWS for Zerto Virtual Replication Configuring AWS for Zerto Virtual Replication VERSION 1 MARCH 2018 Table of Contents 1. Prerequisites... 2 1.1. AWS Prerequisites... 2 1.2. Additional AWS Resources... 3 2. AWS Workflow... 3 3. Setting

More information

Cloud Security Strategy - Adapt to Changes with Security Automation -

Cloud Security Strategy - Adapt to Changes with Security Automation - SESSION ID: CMI-F03 Cloud Security Strategy - Adapt to Changes with Security Automation - Hayato Kiriyama Security Solutions Architect Amazon Web Services Japan K.K. @hkiriyam1 Agenda New Normal of Security

More information

Check Point vsec for Microsoft Azure

Check Point vsec for Microsoft Azure Check Point vsec for Microsoft Azure Test Drive User Guide 2017 Check Point Software Technologies Ltd. All rights reserved Page 1 Learn More: checkpoint.com Content 1 INTRODUCTION... 3 2 TEST DRIVE OVERVIEW...

More information

Amazon Virtual Private Cloud. Getting Started Guide

Amazon Virtual Private Cloud. Getting Started Guide Amazon Virtual Private Cloud Getting Started Guide Amazon Virtual Private Cloud: Getting Started Guide Copyright 2017 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks

More information

Top 30 AWS VPC Interview Questions and Answers Pdf

Top 30 AWS VPC Interview Questions and Answers Pdf Top 30 AWS VPC Interview Questions and Answers Pdf Top 30 AWS VPC Interview Questions and Answers Pdf AWS Certified Solutions Architect Begins the 30 Top Funding IT Certifications. Surely, AWS Architect

More information

Creating your Virtual Data Centre

Creating your Virtual Data Centre Creating your Virtual Data Centre VPC Fundamentals and Connectivity Options Paul Burne, Senior Technical Account Manager, Enterprise Support - 28 th June 2017 2016, Amazon Web Services, Inc. or its Affiliates.

More information

Five Essential Capabilities for Airtight Cloud Security

Five Essential Capabilities for Airtight Cloud Security Five Essential Capabilities for Airtight Cloud Security SECURITY IN THE CLOUD REQUIRES NEW CAPABILITIES It is no secret; security and compliance are at the top of the list of concerns tied to cloud adoption.

More information

Securely Access Services Over AWS PrivateLink. January 2019

Securely Access Services Over AWS PrivateLink. January 2019 Securely Access Services Over AWS PrivateLink January 2019 Notices This document is provided for informational purposes only. It represents AWS s current product offerings and practices as of the date

More information

AWS EC2 & VPC CRASH COURSE WHITNEY CHAMPION

AWS EC2 & VPC CRASH COURSE WHITNEY CHAMPION AWS EC2 & VPC CRASH COURSE WHITNEY CHAMPION BEFORE WE START Prereqs AWS account SSH client Mac - Terminal, Royal TSX, Termius Windows - mremote https://mremoteng.org/download http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

More information

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS 1 P a g e CLOUD AND AWS TECHNICAL ESSENTIALS PLUS Contents Description... 2 Course Objectives... 2 Cloud computing essentials:... 2 Pre-Cloud and Need for Cloud:... 2 Cloud Computing and in-depth discussion...

More information

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014 Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014 Karthik Krishnan Page 1 of 20 Table of Contents Table of Contents... 2 Abstract... 3 What

More information

Technical Brief. Adding Zadara Storage to VMware Cloud on AWS

Technical Brief. Adding Zadara Storage to VMware Cloud on AWS Technical Brief Adding Zadara Storage to VMware Cloud on AWS Revision History Row Version Date Description 1 1.0 26 Nov 2018 Initial release 2 1.1 15 Jan 2019 Updates for VMware style guide compliance,

More information

Third Party Cloud Services Its Adoption in the New Age

Third Party Cloud Services Its Adoption in the New Age Solutions for higher performance! Third Party Cloud Services Its Adoption in the New Age 1 Introduction Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals

More information

The Emergence of SDN in WLAN

The Emergence of SDN in WLAN The Emergence of SDN in WLAN SDN is being implemented rapidly find out how SDN can benefit your wireless network. Contents architectures? Chuck Moozakis Some experts predict that the network functions

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. VPC Construction Nathan McCourtney Senior Consultant, Professional Services What is a Amazon Virtual Private Cloud (VPC)? A virtual private cloud (VPC) is a virtual network that closely

More information

Deploy the Firepower Management Center Virtual On the AWS Cloud

Deploy the Firepower Management Center Virtual On the AWS Cloud Deploy the Firepower Management Center Virtual On the AWS Cloud Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you define.

More information

Training on Amazon AWS Cloud Computing. Course Content

Training on Amazon AWS Cloud Computing. Course Content Training on Amazon AWS Cloud Computing Course Content 15 Amazon Web Services (AWS) Cloud Computing 1) Introduction to cloud computing Introduction to Cloud Computing Why Cloud Computing? Benefits of Cloud

More information

Introduction to cloud computing

Introduction to cloud computing Introduction to cloud computing History of cloud Different vendors of Cloud computing Importance of cloud computing Advantages and disadvantages of cloud computing Cloud deployment methods Private cloud

More information

NGF0502 AWS Student Slides

NGF0502 AWS Student Slides NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud

More information

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration Security: A Driving Force Behind Moving to the Cloud Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration 2017, Amazon Web Services, Inc. or its affiliates.

More information

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop Bishop Encryption and Decryption centralized Single point of contact First line of defense If working with VPC Creation and management of security groups Provides additional networking and security options

More information

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud. WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud www.cloudcheckr.com TABLE OF CONTENTS Overview 3 What Is ELB? 3 How ELB Works 4 Classic Load Balancer 5 Application

More information

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Enroll Now to Take online Course   Contact: Demo video By Chandra sir Enroll Now to Take online Course www.vlrtraining.in/register-for-aws Contact:9059868766 9985269518 Demo video By Chandra sir www.youtube.com/watch?v=8pu1who2j_k Chandra sir Class 01 https://www.youtube.com/watch?v=fccgwstm-cc

More information

Amazon Virtual Private Cloud. User Guide API Version

Amazon Virtual Private Cloud. User Guide API Version Amazon Virtual Private Cloud User Guide Amazon Web Services Amazon Virtual Private Cloud: User Guide Amazon Web Services Copyright 2012 Amazon Web Services LLC or its affiliates. All rights reserved. The

More information

Configuring Aviatrix Encryption

Configuring Aviatrix Encryption Configuring Aviatrix Encryption For AWS Direct Connect Azure Express Route Google Cloud Interconnect Last updated: October 9, 2016 Aviatrix Systems, Inc. 4555 Great America Pkwy Santa Clara CA 95054 USA

More information

Architecting for Greater Security in AWS

Architecting for Greater Security in AWS Architecting for Greater Security in AWS Jonathan Desrocher Security Solutions Architect, Amazon Web Services. Guy Tzur Director of Ops, Totango. 2015, Amazon Web Services, Inc. or its affiliates. All

More information

Deploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services

Deploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services Deploy and Secure an Internet Facing Application with the in Amazon Web In this lab, you will deploy an unsecure web application into Amazon Web (AWS), and then secure the application using the. To create

More information

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

PrepAwayExam.   High-efficient Exam Materials are the best high pass-rate Exam Dumps PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)

More information

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud The Barracuda NG Firewall can run as a virtual appliance in the Amazon cloud as a gateway device for Amazon EC2 instances in an

More information

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting

More information

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................

More information

Additional Security Services on AWS

Additional Security Services on AWS Additional Security Services on AWS Bertram Dorn Specialized Solutions Architect Security / Compliance / DataProtection AWS EMEA The Landscape The Paths Application Data Path Path Cloud Managed by Customer

More information

AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS

AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS suneys@amazon.com AWS Core Infrastructure and Services Traditional Infrastructure Amazon Web Services Security Security Firewalls ACLs

More information

Amazon Web Services Training. Training Topics:

Amazon Web Services Training. Training Topics: Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing

More information

AWS Solution Architect (AWS SA)

AWS Solution Architect (AWS SA) AWS Solution Architect (AWS SA) From Length: Approx 4-5 weeks/40+ hours Audience: Students with or without IT experience or knowledge Student Location To students from around the world Delivery Method:

More information

Configuring a Palo Alto Firewall in AWS

Configuring a Palo Alto Firewall in AWS Configuring a Palo Alto Firewall in AWS Version 1.0 10/19/2015 GRANT CARMICHAEL, MBA, CISSP, RHCA, ITIL For contact information visit Table of Contents The Network Design... 2 Step 1 Building the AWS network...

More information

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense Hosting DesktopNow in Amazon Web Services Ivanti DesktopNow powered by AppSense Contents Purpose of this Document... 3 Overview... 3 1 Non load balanced Amazon Web Services Environment... 4 Amazon Web

More information

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below

More information

Cloud Native Security. OpenShift Commons Briefing

Cloud Native Security. OpenShift Commons Briefing Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud

More information