Cloud Security
About
In this module, students will learn about the security of public and private Cloud Solution Providers (CSP), commonly used DevOps tools, attacks, and security tools.
Syllabus Summary
Cloud Security
Subjects Covered:
- Cloud as a concept: ecosystem, service providers, managed services, DevOps
- Experiment with IaaS, PaaS, FaaS, (SaaS) and S3 through Amazon Web Services
- AWS security: IAM, role-based access, key management services, Virtual Private Cloud, security groups
- Working with a CASB for visibility and security
- Cloud VPNs, Zero trust solutions and Identity providers
- Using the AWS CLI for deploying cloud configurations Terraform and other IaC: motivation, development life-cycle, security implications
- Common attacks: S3 open buckets, exposed credentials, open ports, shared secrets, missing updates, etc.
- Log analysis using Cloudwatch, CloudTrail and a managed Elasticsearch
- Cloud log management in SIEM solutions
- Using CloudCustodian for limiting developer accounts and misconfigurations
- Group exercise: Threat hunting in the cloud
Category: Specialized Training