舉報 
會員
Mastering AWS Security
最新章節:
Summary
ThisbookisforallITprofessionals,systemadministratorsandsecurityanalysts,solutionarchitectsandChiefInformationSecurityOfficerswhoareresponsibleforsecuringworkloadsinAWSfortheirorganizations.ItishelpfulforallSolutionsArchitectswhowanttodesignandimplementsecurearchitectureonAWSbythefollowingsecuritybydesignprinciple.ThisbookishelpfulforpersonnelinAuditorsandProjectManagementroletounderstandhowtheycanauditAWSworkloadsandhowtheycanmanagesecurityinAWSrespectively.IfyouarelearningAWSorchampioningAWSadoptioninyourorganization,youshouldreadthisbooktobuildsecurityinallyourworkloads.YouwillbenefitfromknowingaboutsecurityfootprintofallmajorAWSservicesformultipledomains,usecases,andscenarios.
最新章節
- Summary
- Responsive component
- Detective component
- Preventive component
- Directive component
- Security perspective
品牌:中圖公司
上架時間:2021-07-02 12:45:31
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Summary 更新時間:2021-07-02 15:44:54
- Responsive component
- Detective component
- Preventive component
- Directive component
- Security perspective
- AWS CAF
- Monitoring logging and auditing
- Application security
- Security of servers
- Data security
- VPC
- IAM security best practices
- Shared security responsibility model
- AWS Security Best Practices
- Summary
- AWS Security Audit Checklist
- AWS Service Catalog
- AWS Trusted Advisor
- AWS Config use cases
- AWS Config
- AWS Artifact
- Auditing in AWS
- AWS CloudTrail best practices
- Security at Scale with AWS Logging
- AWS CloudTrail use cases
- AWS CloudTrail benefits
- AWS CloudTrail concepts
- AWS CloudTrail
- Lifecycle of CloudWatch Logs
- CloudWatch Logs limits
- CloudWatch Logs concepts
- AWS CloudWatch Logs
- Amazon VPC Flow Logs
- Amazon RDS Logs
- Amazon CloudFront Access Logs
- ELB Logs
- Amazon S3 Access Logs
- AWS detailed billing reports
- AWS Config
- AWS CloudTrail
- Best practices
- AWS native security logging capabilities
- Logging in AWS
- Logging and Auditing in AWS
- Summary
- Best practices for monitoring EC2 instances
- Manual monitoring tools
- Automated monitoring tools
- Monitoring Amazon EC2
- Log Monitoring
- Alarms
- Events
- Dashboards
- Metrics
- AWS CloudWatch components
- Features and benefits
- AWS CloudWatch
- Monitoring in AWS
- Summary
- Amazon API Gateway
- Amazon Cognito
- Signing AWS API requests
- Working with AWS WAF
- Benefits of AWS WAF
- AWS Web Application Firewall (WAF)
- Securing Applications in AWS
- Summary
- AWS Shield Advanced
- AWS Shield Standard
- AWS Shield features
- AWS Shield benefits
- AWS Shield
- Amazon Inspector components
- Amazon Inspector features and benefits
- Amazon Inspector
- Testing security
- Building Threat Protection Layers
- Elastic Load Balancing Security
- Intrusion Detection and Prevention Systems
- Secure your infrastructure
- Protecting your instance from malware
- Managing OS-level access to Amazon EC2 instances
- IAM roles for EC2 instances
- EC2 Security
- EC2 Security best practices
- Securing Servers in AWS
- Summary
- Data security
- Data discovery and classification
- Amazon Macie
- Enable transparent data encryption for Oracle databases
- Protect private keys for an issuing certificate authority
- Offload SSL/TLS processing for web servers
- AWS CloudHSM use cases
- Easy To manage
- Pay as you go model
- Generate and use encryption keys using HSMs
- CloudHSM features
- AWS CloudHSM
- Key Management Infrastructure (KMI)
- Auditing CMK usage
- Key policies
- Data keys
- Customer master key (CMK)
- KMS components
- Secure and compliant
- Integration with AWS services
- Centralized Key Management
- Fully managed
- KMS benefits
- AWS KMS
- Amazon EMR
- Amazon DynamoDB
- Amazon RDS
- Amazon S3
- Securing data in transit
- Amazon EMR
- Amazon DynamoDB
- Amazon Glacier
- Amazon RDS
- Encryption
- Backup
- Replication
- Amazon EBS
- Client-Side encryption
- Server-Side encryption
- Replication
- Versioning
- Permissions
- Amazon S3
- Securing data at rest
- Envelope encryption
- Encryption and decryption fundamentals
- Chapter overview
- Data Security in AWS
- Summary
- Monitoring a VPC
- Tagging in VPC
- Using Elastic IP instead of public IP
- Using VPC peering
- IAM your VPC
- Favor security groups over NACLs
- Creating VPCs for different use cases
- Keep most resources in the private subnet
- Follow the least privilege principle
- Tier your subnets
- Design for region expansion
- Leave the default VPC alone
- Unique IP address range
- Choose the highest CIDR block
- Plan your VPC before you create it
- VPC best practices
- VPC limits
- Connecting internal user with AWS VPC
- Connecting AWS VPC with other AWS VPC
- Connecting user network to AWS VPC
- VPC connectivity options
- Creating VPC
- VPC access control
- VPC flow logs
- Network access control list
- Security groups
- VPC security
- Disaster recovery
- Extending corporate network in AWS Cloud
- Hosting web applications in the AWS Cloud that are connected with your data center
- Creating branch office and business unit networks
- Hosting multi-tier web application
- Hosting a public facing website
- VPC use cases
- Simple
- Secure
- Multiple connectivity options
- VPC features and benefits
- VPC peering
- Network Address Translation (NAT)
- VPC endpoints
- Elastic IP addresses
- Internet Gateway
- Route tables
- Elastic Network Interfaces (ENI)
- Subnets
- VPC components
- Chapter overview
- AWS Virtual Private Cloud
- Summary
- IAM best practices
- IAM limitations
- AWS credentials
- Passwords Policy
- Access Advisor
- IAM Policy Validator
- IAM Policy Simulator
- Creating a new policy
- Condition
- Resource
- Action
- Principal
- Effect
- Statement
- Policy
- Permissions
- IAM Authorization
- The account root user
- AWS Security Token Service
- Temporary security credentials
- Delegation
- Identity Provider and Federation
- Role for Web Identity Provider
- Role for cross-account access
- AWS SAML role
- AWS service role
- IAM roles
- IAM groups
- IAM user
- IAM Authentication
- IAM HTTPS API
- AWS SDKs
- AWS command line tools
- AWS Management Console
- Temporary credentials
- Identity Federation
- Granular permissions
- AWS account shared access
- Security
- IAM features and tools
- Chapter overview
- AWS Identity and Access Management
- Summary
- AWS Marketplace
- AWS Partner Network
- AWS blogs
- AWS YouTube channel
- AWS case studies
- AWS whitepapers
- AWS documentation
- AWS Security resources
- Penetration testing
- AWS Artifact
- AWS Config
- AWS CloudWatch
- AWS CloudTrail
- AWS Web Application Firewall (WAF)
- AWS Shield
- AWS Key Management System (KMS)
- AWS Virtual Private Cloud
- AWS Identity and Access Management
- AWS Security services
- AWS Config security checks
- AWS Trusted Advisor security checks
- Security logs
- Secure HTTPS access points
- Individual user accounts
- AWS credentials
- AWS account
- AWS account security features
- Customer security responsibilities
- Credentials policy
- AWS access
- Network monitoring and protection
- Transmission protection
- Secure access points
- Secure network architecture
- Network security
- Communication
- Business continuity management
- Storage device decommissioning
- Physical and environmental security
- AWS Security responsibilities
- Shared responsibility model for abstracted services
- Shared responsibility model for container services
- Shared responsibility model for infrastructure services
- AWS shared security responsibility model
- Chapter overview
- Overview of Security in AWS
- Questions
- Piracy
- Errata
- Downloading the color images of this book
- Customer support
- Readers feedback
- Conventions
- Who this book is for
- What you need for this book
- What this book covers
- Preface
- Customer Feedback
- why subscribe
- www.PacktPub.com
- About the Reviewers
- About the Author
- Credits
- Mastering AWS Security
- Copyright
- Title Page
- coverpage
- coverpage
- Title Page
- Copyright
- Mastering AWS Security
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- why subscribe
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Readers feedback
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- Overview of Security in AWS
- Chapter overview
- AWS shared security responsibility model
- Shared responsibility model for infrastructure services
- Shared responsibility model for container services
- Shared responsibility model for abstracted services
- AWS Security responsibilities
- Physical and environmental security
- Storage device decommissioning
- Business continuity management
- Communication
- Network security
- Secure network architecture
- Secure access points
- Transmission protection
- Network monitoring and protection
- AWS access
- Credentials policy
- Customer security responsibilities
- AWS account security features
- AWS account
- AWS credentials
- Individual user accounts
- Secure HTTPS access points
- Security logs
- AWS Trusted Advisor security checks
- AWS Config security checks
- AWS Security services
- AWS Identity and Access Management
- AWS Virtual Private Cloud
- AWS Key Management System (KMS)
- AWS Shield
- AWS Web Application Firewall (WAF)
- AWS CloudTrail
- AWS CloudWatch
- AWS Config
- AWS Artifact
- Penetration testing
- AWS Security resources
- AWS documentation
- AWS whitepapers
- AWS case studies
- AWS YouTube channel
- AWS blogs
- AWS Partner Network
- AWS Marketplace
- Summary
- AWS Identity and Access Management
- Chapter overview
- IAM features and tools
- Security
- AWS account shared access
- Granular permissions
- Identity Federation
- Temporary credentials
- AWS Management Console
- AWS command line tools
- AWS SDKs
- IAM HTTPS API
- IAM Authentication
- IAM user
- IAM groups
- IAM roles
- AWS service role
- AWS SAML role
- Role for cross-account access
- Role for Web Identity Provider
- Identity Provider and Federation
- Delegation
- Temporary security credentials
- AWS Security Token Service
- The account root user
- IAM Authorization
- Permissions
- Policy
- Statement
- Effect
- Principal
- Action
- Resource
- Condition
- Creating a new policy
- IAM Policy Simulator
- IAM Policy Validator
- Access Advisor
- Passwords Policy
- AWS credentials
- IAM limitations
- IAM best practices
- Summary
- AWS Virtual Private Cloud
- Chapter overview
- VPC components
- Subnets
- Elastic Network Interfaces (ENI)
- Route tables
- Internet Gateway
- Elastic IP addresses
- VPC endpoints
- Network Address Translation (NAT)
- VPC peering
- VPC features and benefits
- Multiple connectivity options
- Secure
- Simple
- VPC use cases
- Hosting a public facing website
- Hosting multi-tier web application
- Creating branch office and business unit networks
- Hosting web applications in the AWS Cloud that are connected with your data center
- Extending corporate network in AWS Cloud
- Disaster recovery
- VPC security
- Security groups
- Network access control list
- VPC flow logs
- VPC access control
- Creating VPC
- VPC connectivity options
- Connecting user network to AWS VPC
- Connecting AWS VPC with other AWS VPC
- Connecting internal user with AWS VPC
- VPC limits
- VPC best practices
- Plan your VPC before you create it
- Choose the highest CIDR block
- Unique IP address range
- Leave the default VPC alone
- Design for region expansion
- Tier your subnets
- Follow the least privilege principle
- Keep most resources in the private subnet
- Creating VPCs for different use cases
- Favor security groups over NACLs
- IAM your VPC
- Using VPC peering
- Using Elastic IP instead of public IP
- Tagging in VPC
- Monitoring a VPC
- Summary
- Data Security in AWS
- Chapter overview
- Encryption and decryption fundamentals
- Envelope encryption
- Securing data at rest
- Amazon S3
- Permissions
- Versioning
- Replication
- Server-Side encryption
- Client-Side encryption
- Amazon EBS
- Replication
- Backup
- Encryption
- Amazon RDS
- Amazon Glacier
- Amazon DynamoDB
- Amazon EMR
- Securing data in transit
- Amazon S3
- Amazon RDS
- Amazon DynamoDB
- Amazon EMR
- AWS KMS
- KMS benefits
- Fully managed
- Centralized Key Management
- Integration with AWS services
- Secure and compliant
- KMS components
- Customer master key (CMK)
- Data keys
- Key policies
- Auditing CMK usage
- Key Management Infrastructure (KMI)
- AWS CloudHSM
- CloudHSM features
- Generate and use encryption keys using HSMs
- Pay as you go model
- Easy To manage
- AWS CloudHSM use cases
- Offload SSL/TLS processing for web servers
- Protect private keys for an issuing certificate authority
- Enable transparent data encryption for Oracle databases
- Amazon Macie
- Data discovery and classification
- Data security
- Summary
- Securing Servers in AWS
- EC2 Security best practices
- EC2 Security
- IAM roles for EC2 instances
- Managing OS-level access to Amazon EC2 instances
- Protecting your instance from malware
- Secure your infrastructure
- Intrusion Detection and Prevention Systems
- Elastic Load Balancing Security
- Building Threat Protection Layers
- Testing security
- Amazon Inspector
- Amazon Inspector features and benefits
- Amazon Inspector components
- AWS Shield
- AWS Shield benefits
- AWS Shield features
- AWS Shield Standard
- AWS Shield Advanced
- Summary
- Securing Applications in AWS
- AWS Web Application Firewall (WAF)
- Benefits of AWS WAF
- Working with AWS WAF
- Signing AWS API requests
- Amazon Cognito
- Amazon API Gateway
- Summary
- Monitoring in AWS
- AWS CloudWatch
- Features and benefits
- AWS CloudWatch components
- Metrics
- Dashboards
- Events
- Alarms
- Log Monitoring
- Monitoring Amazon EC2
- Automated monitoring tools
- Manual monitoring tools
- Best practices for monitoring EC2 instances
- Summary
- Logging and Auditing in AWS
- Logging in AWS
- AWS native security logging capabilities
- Best practices
- AWS CloudTrail
- AWS Config
- AWS detailed billing reports
- Amazon S3 Access Logs
- ELB Logs
- Amazon CloudFront Access Logs
- Amazon RDS Logs
- Amazon VPC Flow Logs
- AWS CloudWatch Logs
- CloudWatch Logs concepts
- CloudWatch Logs limits
- Lifecycle of CloudWatch Logs
- AWS CloudTrail
- AWS CloudTrail concepts
- AWS CloudTrail benefits
- AWS CloudTrail use cases
- Security at Scale with AWS Logging
- AWS CloudTrail best practices
- Auditing in AWS
- AWS Artifact
- AWS Config
- AWS Config use cases
- AWS Trusted Advisor
- AWS Service Catalog
- AWS Security Audit Checklist
- Summary
- AWS Security Best Practices
- Shared security responsibility model
- IAM security best practices
- VPC
- Data security
- Security of servers
- Application security
- Monitoring logging and auditing
- AWS CAF
- Security perspective
- Directive component
- Preventive component
- Detective component
- Responsive component
- Summary 更新時間:2021-07-02 15:44:54
