AWS Data User Group Bangalore and Cloudnloud Tech Communtiy Meetup - May 2023

Transcript

1. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

   Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Fortifying Security in AWS Cloud: Security Services and Best Practises By- Sankalp Sandeep Paranjpe AWS Cloud Captain

2. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

   Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Cloud Clubs are student-led user groups for university-level students and independent learners. AWS Cloud Club Captains are student leaders who will form and launch Cloud Clubs with our help and support. Cloud Club Captains take on the responsibility to grow their club membership, host events, and support local initiatives. AWS Cloud Clubs

3. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

   Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. whoami Sankalp Sandeep Paranjpe AWS Cloud Captain

4. © 2022, Amazon Web Services, Inc. or its affiliates. ©

   2022, Amazon Web Services, Inc. or its affiliates. Cybersecurity and its need The Shared Responsibility Model in AWS AWS Security, identity, and Compliance Services Hands-on demo Incident Response AWS Security – Best Practices Session Agenda

5. Cybersecurity is the practice of deploying people, processes, and technologies

   to protect organizations, their critical systems, and sensitive information from cyber attacks. These cyber-attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. We have two teams in Cybersecurity: Red Team and Blue Team. Red Team: identifies, attacks, and exploits potential weaknesses within the organization’s cyber defense. Blue Team: is on the defensive side, ie. They defend the cyber attack. © 2022, Amazon Web Services, Inc. or its affiliates. Cybersecurity 6

6. © 2022, Amazon Web Services, Inc. or its affiliates. Cybersecurity

   6

7. © 2022, Amazon Web Services, Inc. or its affiliates. Common

   terminologies which we will be using in this session - Vulnerability A vulnerability is a weakness in hardware or a software that can be exploited. Threat a threat is anything that could exploit a vulnerability Risk Risk is the probability of a security incident occurring Sensative info Usernames, passwords, secret keys, secrets, config files, 7 Service Entities Events, Incidents and Logs IT Infrastucture Services provided by Cloud Service provider. Attacker, Victim, Organization, Service Provider Security events occurring are called events. These are recorded as logs Servers, Storage and Networking Capabilities

8. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

   Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. What is the need for cybersecurity? Different types of Cyber attacks - Phishing, Malware, DOS/DDOS, Man in the middle attack, Zero-day vulnerability etc.

9. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

   Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. CIA Triad

10. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. On AWS AWS CloudHSM provides hardware security modules (HSMs) that can securely store a variety of cryptographic keys. AWS Key Management Service (KMS) provides tools for generating encryption keys. AWS KMS also interacts with many other AWS services to encrypt their service-specific data. AWS Encryption SDK provides a client-side encryption library for implementing encryption and decryption operations on all types of data. Amazon DynamoDB Encryption Client provides a client-side encryption library for encrypting data tables before sending them to a database service, such as Amazon DynamoDB. AWS Secrets Manager provides encryption and rotation of encrypted secrets used with AWS- supported databases AWS Shield, Shield Advanced AWS WAF - Web Application Firewall AWS IAM - Identity and Access Management

11. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. The Shared Responsibility Model In AWS

12. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. The Shared Responsibility Model In AWS

13. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates.

14. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS IAM Securely manage identities and access to AWS services and resources Set and manage guardrails and fine-grained access controls for your workforce and workloads. Manage identities across single AWS accounts or centrally connect identities to multiple AWS accounts. Create granular permissions based on user attributes—such as department, job role, and team name—by using attribute-based access control. Continually analyze access to right-size permissions on the journey to least privilege.

15. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS IAM

16. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Shield Standard AWS Shield Advanced AWS Web Application Firewall – WAF Free Service – Protects from Layer 3 Attacks Protects from SYN Floods – DDoS attacks Optional DDOS mitigation service 24/7 access to the AWS DDoS response team Protects from web app attacks Monitors HTTP, and HTTPS requests and block malicious requests. Protect from SQL Injection and Cross-site scripting Pre-configured rule groups for OWASP top 10, CVE, IP reputation List, Anonymous list, etc. Infrastructure Protection

17. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS GuardDuty

18. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. How it works? CloudTrail Event Logs – Unusual API calls. VPC Flow logs – unusual internal traffic, unusual IP Address. DNS Logs – Compromised EC2 Instances.

19. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. What can GuardDuty detect?

20. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Automated Security Assessments. Maintains Vulnerability Database. Only for EC2 Instances and container infrastructure. Reduce mean time to resolve (MTTR) vulnerabilities with automation. Vulnerability management with a fully managed and highly scalable service. AWS Inspector

21. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates.

22. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS CloudTrail AWS CloudTrail is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.

23. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Macie Strengthen your data security posture: Discover sensitive data across your S3 environment to increase visibility and automated remediation of data security risks. Discover sensitive data for compliance: Schedule data analysis to certify that sensitive data is discovered and protected. Protect sensitive data during migration: During data ingestion, determine if sensitive data has been appropriately protected. Increase visibility for business-critical data: Automatically and continually monitor all your sensitive data stored in S3 buckets.

24. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Macie

25. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Security Hub AWS Security Hub is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation.

26. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Audit Manager

27. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Directory Services

28. © 2022, Amazon Web Services, Inc. or its affiliates. ©

    2022, Amazon Web Services, Inc. or its affiliates. AWS Disaster Recovery

29. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Introduction to Security Operations

30. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Incident Response Incident response refers to an organization’s processes and technologies for detecting and responding to – cyber threats, security breaches cyberattacks. The goal of Incident Response: To prevent cyberattacks

31. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates.

32. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Incident Response Phases 1. Preparation 2. Detection and Analysis 3. Containment 4. Eradication 5. Recovery 6. Post-Event Activity

33. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Preparation Define the vision, mission, and scope of incident response. Obtaining Management Approval and funding Assess the organizational structure, and security policies and develop an Incident response plan. Developing procedures and building IR Team. Prioritize assets and infrastructure

34. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Detection and Analysis Incident Recording Incident Triage Incident analysis Incident Classification Incident Prioritization

35. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Containment Disabling the compromised service or system Changing passwords or disabling Accounts Gathering of evidence Forensic Analysis of Evidence

36. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Eradication and recovery Eradication of the root cause of the incident. Implement protection tools and techniques such as Firewalls etc. System Recovery after the eradication of incidents.

37. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Incident Response on AWS

38. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Incident Response : Flow of Events

39. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. Correlating security findings of Security Hub and Event Bridge

40. © 2022, Amazon Web Services, Inc. or its affiliates. ©

    2022, Amazon Web Services, Inc. or its affiliates.

41. © 2022, Amazon Web Services, Inc. or its affiliates. ©

    2022, Amazon Web Services, Inc. or its affiliates.

42. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates. AWS Security Best Practices Checklist By: Bour Abdelhadi, Security Engineer, Amazon

43. © 2022, Amazon Web Services, Inc. or its affiliates. ©

    2022, Amazon Web Services, Inc. or its affiliates. AWS Security - Best Practises Secure your credentials Secure your Applications Backup a lot and test your recovery resources before you need them Understand the AWS Shared Responsibility Model Do not use root account credentials for day-to-day interactions with AWS! Activate multi-factor authentication (MFA) on the AWS account root user and any users with interactive access to AWS Identity and Access Management (IAM) Audit IAM users and their policies frequently Monitor your account and its resources Enable logs

44. UPDATE this Presentation Header IN SLIDE MASTER © 2022, Amazon

    Web Services, Inc. or its affiliates. Thank you! © 2022, Amazon Web Services, Inc. or its affiliates. Let's Connect: https://www.linkedin.com/in/sankalp-s- paranjpe/https://twitter.com/SankalpParanjpe