AWS Cloud security
AWS Cloud Security Professional explores Amazon Web Services, it offers a scalable advanced cloud platform designed for availability and reliability. It also provides the tools that allow you to run a wide range of applications. Helping to protect the confidentiality, integrity & availability (CIA) of your systems and data is of the Mazer importance.
The AWS infrastructure has been designed to be one of the most flexible and safe cloud platform available until now. AWS is designed to provide a salable, highly flexible platform that allows clients to deploy different apps and store data securely.
AWS Cloud Security professional training is more focused on enhancing the base and rapid deployment capabilities of Amazon web services to build a solid foundation for individuals who are new to the cloud computing platform and AWS. The candidate will learn how he/she, as an AWS client, can have the Safest cloud solution possible for a variety of implementation.
This course digs into the flexibility and agility needed to plant & deploy the most appropriate security & access controls for every business function in the AWS environment by deploying varying degrees of restrictive access to environments based on data sensitivity.
Through on-screen demos and detailed instruction takes you through the critical facets of AWS’s best preparations and services in the areas of common shared security and compliance, Identity and Access Management, infrastructural protection; data security; and event management & monitoring to ensure that your AWS environment remains secure.
REAL LIFE CASE STUDIES
INDUSTRY DRIVEN CERTIFICATION
STUDENT LEARNING KIT
Cloud Computing Definitions, Cloud Computing Roles ( like cloud service customer, cloud service provider, cloud service partner, cloud
Key Cloud Computing Characteristics ( on-demand self-service, broad network access, multi-tenancy, rapid elasticity and scalability, resource pooling, measured service)
Building Block Technologies ( virtualization, storage, networking, databases, orchestration)
Cloud Computing Activities ,Cloud Service Capabilities ( application
capability types, platform capability types, infrastructure capability types)
Cloud Service Categories ( Software as a Service (SaaS), Infrastructure as a Service (IaaS),Platform as a Service (PaaS)) Cloud Deployment Models (public, private,hybrid, community)
Cloud Shared Considerations (interoperability, portability, reversibility,
availability, security, privacy, resiliency,performance, governance, maintenance and versioning, service levels and Service Level Agreements (SLA), auditability, regulatory)
Impact of Related Technologies ( machine learning, artificial intelligence, blockchain, Internet of Things (IoT), containers, quantum computing)
Cloud Secure Data Lifecycle ,Cloud based Disaster Recovery (DR) and Business Continuity (BC) planning, Cost Benefit Analysis ,Functional Security Requirements ( portability, interoperability, vendor lock-in)
Security Considerations for Different Cloud Categories (Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))
Verification Against Criteria ( International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27017, Payment Card Industry Data Security Standard (PCI DSS))
System/subsystem Product Certifications ( Common Criteria (CC), Federal Information Processing Standard (FIPS) 140-2)
Understanding Users and Credentials, explores users and credentials as well as the account root user. In addition, you’ll learn to configure user accounts and credentials; learn about password policies; and review Identity and Access Management (IAM) best practices
NACLs and Security Groups, covers network access control lists (NACLs)and security groups with a focus on understanding security zoning, network segmentation, and best Practices for network security in the cloud.
Ingress/Egress Points Overview
AWS Direct Connect
VPC Peering Connections
Demo: Ingress/Egress Points
Security Features Overview
Network Access Control Lists
VPC Flow Log
Shared Responsibility Security Model
Hypervisor and Keypairs
Security Group Function and Best Practices
Security Group Audit Script Example
Demo: AWS Config and Trusted Advisor
Introduction: Inventory And Tagging
CLI Inventory Examples
Tag Function and Best Practices
Tag Audit Script and Trusted Advisor
Key Management, explores AWS Key Management Services (KMS); how to protect EC2 key pairs; how to use encrypted EBS volumes; how to work with Server-Side Encryption (SSE) in S3; and concludes with a look at AWS CloudHSM Security.
Introduction and Basics
S3 Storage Classes
Security and Access Control Introduction
S3 Object Encryption & Uploading and Object with Server Side Encryption
S3 Inventory Examples & Best Practices
AWS WAF and AWS Shield, focuses on having a working knowledge of the mechanics of and working with the AWS Web Application Firewall (WAF) and AWS Shield. The lesson explores distributed denial of service (DDoS) protection and response; the AWS WAF Advanced API; deploying malware protection best practices; and surveying layered defense in the cloud.
Cryptographic Services, covers the basics of cryptographic services; IPsec fundamentals, IPsec in AWS; and AWS Certificate Manager.
Logging and Monitoring, covers topics including visibility and reporting; security reporting and logging in AWS; activating Flow Logs and Region-based CloudTrail; AWS Auditing; Pre-Audit Tasks, and concludes with a look at additional security services offered in an AWS environment.
who should attend this training?
Cloud Security Auditors