Cloud Security Best Practices and Understanding of Cloud Security Components.

What is Cloud Security?

Cloud Security is a collection of security measures designed to protect and prevent from hacker to the cloud-hosted infrastructure, applications, and data from any type of cyberattacks.

What are the 5 main pillars of Cloud Security?

1. IAM(Identity Access Management)
2. Data Security/Encryption
3. Network Security
4. Compliance and Governance
5. Security Incident Response and Data Recovery

What are the Different layers of cloud?

1. Cloud Controller
2. Storage
3. Node
4. Cluster

What are 4 main Services of the Cloud?

1. Infrastructure as a service (IaaS)
2. Platform as a service (PaaS)
3. Software as a service (SaaS)
4. Serverless computing.

What is AWS Guardduty?

Its an Automated Threat Detection service that will be always continues running and monitors our aws account and detects and malicious activities by using machine learning(ML), and it corelates all the events mainly from cloud watch and cloud trail and alert the users. which normally not supposed to happen,Also Acts very similar to as SIEM for AWS.

What is AWS EC2?

A Web Services that provides secure resizable compute capacity incloud (Cloud VM`s)

What is AWS LoadBalancer?

Aws LoadBalancer helps us to distribute the network traffic. Suppose if any 1 services is getting huge request and response and then by using ALB we can distribute the load into multiple services.

What is AWS Dynamo DB?

AWS Dynamo DB is an Serverless,NOSQL fully Managed Database service.

What is AWS IAM?

AWS IAM is an service where you can control the access to all your AWS resources.

What is AWS Macie?

AWS Macie is an services that discovers and protects the sensitive data stored at the S3 buckets and also alerts when there is an encryption happening in the Bucket and if any public resource accessed or shared outside the cloud

What is AWS Config?

This service Records and Continously evalutes our AWS resource Ultizations.

What is S3(Simple Storage Service)

Its an Storage place and used to store or retrive any amount of data at any time from anywhere.

What is AWS CloudTrail?

CloudTrails is a services which tracks all the activity in our AWS environment all user actions, api call events, AWS Account based activities and helps to identify any unusually activity in the AWS environment.

What is AWS Cloudwatch?

Cloudwatch is an similar services which gives the complete details of event occurred such as which EC2? what service? Source IP? Dest IP? etc

What is AWS Inspector?

AWS Inspector is an Automated Vulnerability Mangament service that performs continues scans of the AWS workloads for software vulnerabilites and any unexpected network exposures

What is AWS Security Hub?

Security hub is services where it collects all the data from all the services, instances, servers, and gives us the overall security posture rating. how much secured are these endpoints will be shown in dashboards

What is AWS Secrets Manager?

A Place where we store and retrieve sensitive information such as DB credentials, certificates, tokens, APIkeys etc

What is AWS API_Gateway?

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.

Also api gateways are the controls where we can implement sevaral security controls such as ratelimit, MFA`s, authenication controls etc and make API`s more Cybersafe.

The API_Gateways acts very similar to use Loadbalancer and WAF.

How API_Gateway Works?

An API gateway follows

1. Accepts API requests from a client
2. Processes them based on defined policies
3. Directs them to the appropriate services
4. Combines the responses for a simplified user experience.

What is AWS Lambda?

Aws Lambda is an serverless event-driven compute services that lets you to Run code for virtually any type of application.

What is Cloud Cost Optimization?

In AWS you need to paid only for those services which you USE. and Every services in AWS are chargeable and Cost optimization is a process of finding the unwanted, unused to remove from the account in order to bring down the billing rate or price.

What are AWS Security Groups?

A AWS Security Groups is a set of rules that controls the traffic that is allowed to reach and leave the resources. All the Inbound and outbound traffic are been setup in the SecurityGroups.

We can restrict the access to the malicious suspected IP`s by blacklisting them in the rules.

How to Create an API gateway?

1. You need to use Lambda function using AWS Lambda console.
2. Open the API Gateway console .
3. Choose Create API.
4. Under HTTP API, choose Build.
5. Choose Add integration, and then choose an AWS Lambda function or enter an HTTP endpoint.
6. Choose Review and create.
7. When you invoke Http/Lambda API, API gateway routes the request to lambda function and runs and return the response to api gateway and then to the users
8. Setup the Http Endpoints and enable IAM controls,Enable logging, configure ratelimit, and enable WAF.

Now the API_gateway is complete and have a regular scan and check on the services.

What are the best practice for securing AWS EC2?

1. Regularly keep updating and patching your EC2 instances.
2. Use Proper Security_Groups to control Inbound and outbound Traffic.
3. Its not suggested to use Open sources github`s sources.
4. Enable MFA for administrative access.
5. Encrypt data at rest and in transit by using KMS.
6. Implement Strong password for SSH.
7. Use Proper access controls by using AWS_IAM.
8. Monitor and Analyze logs for all the ec2 security events.
9. Enabled Automated Backups for safety and disaster recoveries.
10. Restrict Public access via ACL and VPC.
11. Have a practice of regular scan for vulnerabilities
12. Regularly have a look into AWS_Security consoles like guardduty, security_Hub, AWS_Cloudwatch Etc.

The Security Challenge that i had came across in the AWS?

In My Experience once i had came across a situation where our account was vulnerable to burte_force attacks on the login page.

To overcome this we implemented several security controls in place such as IP Whitelisting, Rate Limiting, WAF Implementations and also we used cloud front to distribute the load across multiple Servers and Implemented Server logging and monitoring in AWS,

This was like we had implemented centralized logging using cloud watch logs and lambda functions to S3 and then from S3 to forwarded the logs to Elastic Search. where we visualize the observed data in dashbroads.

How DDOS Can be prevented in AWS?

There are several ways to prevent DOS and DDOS attacks on the AWS

1. Implementation of proper WAF Controls
2. Shield By default services of AWS
3. Routing the S3 traffic
4. Implementing the proper API_gateways
5. Using CloudFront
6. Using proper ELB(Elastic Loadbalancer) and VPC (Virtual Private Cloud)Services

How will you confirmed that your EC2 is compromised?

When the EC2 is compromised usually will be getting huge alerts from guardduty on port probing, SSHing from untrusted Ip`s, unwanted services running,memory utlization and performance issues and all these can be cross verified by cloudwatch or cloudtrails recorded events.

Memory and performance are the major hints to detect the compromise of the any EC2 Instances.

How Data can be secured when its in transit?

We have to use KMS services, By-default S3 has been enabled by KMS,

Also we have to use latest TLS`s 1.3 and an Good Multi Factor authentication

all the data which are in movement should be kept under VPC`s and those VPC`s should not to be exposed to public Network`s.

Suggestions are most welcomed,

Please write a mail to Akash.venky091@gmail.com, Also you can follow me here for more updates on Security, Ethical hacking at Akash Venky or contact me @ https://www.linkedin.com/in/akash-h-c-4a4090a7/