Security Considerations


Home » Courses » Networking in Public Cloud Deployments » Security Considerations

You have to be registered for this online course, or have this course selected as part of an active Expert Subscription to access all course materials.

Security Considerations

Just because you moved your applications into a public cloud doesn't mean that you don't have to worry about security - it becomes even more critical to protect your applications with the plethora of tools made available by public cloud providers.

This module describes the security basics of public cloud deployments and focuses on network security mechanisms.

1:13:20 Cloud Security Basics

The most important aspect of public cloud security is the split responsibility model: the cloud provider is responsible for infrastructure security, but you're still responsible for securing your deployment.

This section describes the basics of public cloud security, how you could evaluate the security posture of your public cloud provider, and concludes with an overview of what you could do to secure your public cloud environment.

Cloud 101 18:39 2019-06-07
Cloud Security 101 16:01 2019-06-07
Cloud Provider Evaluation 27:18 2019-06-07
Protecting Your Cloud Environment 7:56 2019-06-07
Summary 3:26 2019-06-07
Slide Deck 6.1M 2019-04-08

1:20:02 Identity and Access Management

In this section you'll learn how to set up your public cloud platform accounts and how to protect them. In addition, Cloud IAM solutions offer the possibility to use the platform accounts for your application stack as well - and we will explore security challenges and opportunities of this approach.

Section Introduction 5:51 2020-02-22
Definitions and Terms 10:02 2020-02-22
Identity and Access Management 28:04 2020-02-22
Deep Down the IAM Rabbit Holes 19:26 2020-02-22
Protecting API Keys 7:57 2020-02-22
IAM Engineering 8:42 2020-02-22
Slide Deck 15M 2019-12-18

1:01:46 Logging and Monitoring

Cloud environments offer new logging mechanisms which differ from traditional technologies. We will explore how you could use cloud storage to save the logs, and analyze them using additional cloud services, or how you could send the cloud events to external services for further analysis.

Section Introduction 3:30 2020-02-29
Definitions and Terms 5:21 2020-02-29
Logging of Cloud Events 13:34 2020-02-29
Cloud-based Log Storage and Analysis 15:46 2020-02-29
Demos and Conclusions 23:35 2020-02-29
Slide Deck 16M 2020-01-15

1:20:22 Automation and Testing

One of the biggest advantage of public cloud environments is their capability to modify any object via an API call or use infrastructure-as-code templates to deploy, modify or destroy whole application stacks, as well as monitor the compliance of actual deployment with desired state specified in the template.

This section describes how you can leverage this capability to increase the security of your deployments, and how the modern IaC and CI/CD methodologies affects traditional security testing approaches.

Section Introduction 2:39 2020-03-06
Terms and Motivation 15:53 2020-03-06
Automation Security Benefits 19:14 2020-03-06
Tools and Lab 28:13 2020-03-06
Testing and Verification 11:09 2020-03-06
Conclusions 3:14 2020-03-06
Automation and Testing Demos 7.3K 2020-01-24
Slide Deck 29M 2020-01-24

2:16:13 Public Cloud Security Considerations

In this section Matthias Luft reviewed the public cloud security groundwork detailed in Cloud Security webinar, and then dived into details needed to develop cloud security, establish zero-trust model, and interact with a cloud-native security team.

Cloud Security Recapitulation 26:10 2020-04-22
Cloud Security Caveats 12:24 2020-04-22
Cloud-Native Security Teams 20:09 2020-04-22
Cloud Network Security Models 23:04 2020-04-22
Zero-Trust Model 14:54 2020-04-22
Network Security versus Virtual Appliances 32:23 2020-04-22
Conclusions 7:09 2020-04-22
Public Cloud Security Considerations Slide Deck 79M 2020-04-21

List of Crypto Resources Mentioned in the Videos

NIST recommendations for key management
Applied Crypto Hardening
Cryptographic Key Length Recommendation
SSL Configuration Generator

Securing Your Public Cloud Deployment

You will probably want to focus your work on either AWS or Azure. Please watch the materials describing the public cloud provider you want to use during the course.

1:24:43 AWS Network Security Mechanisms

AWS offeres several layers of network security:

  • Stateful security groups applied to VM interfaces;
  • Stateless network ACLs applied to subnets;
  • Validation of source and destination IP addresses.
  • Layer-7 HTTP ACLs in Web Application Firewall
  • Rudimentary DDoS protection with AWS Shield

All these mechanisms (and the logging and mirroring functionality available with flow logs and VPC traffic mirroring) are described in this section.

Network Security 11:19 2019-06-14
Security Groups 12:53 2019-06-14
Managed Prefix Lists 10:18 2020-10-09
Network ACLs 8:41 2019-06-14
VPC Flow Logs 2:45 2019-06-14
VPC Traffic Mirroring 12:23 2020-10-09
Web Application Firewall 16:38 2020-10-09
AWS Shield 5:25 2020-10-09
Security Summary 4:21 2019-06-14
Working with Security Groups
Use Prefix Lists to Simplify Configuration of Security Groups
Working with Network ACLs
Example: Controlling Access to Instances in a Subnet
Working with Flow Logs
VPC Traffic Mirroring

New AWS Features

VPC Endpoint Policies

1:04:08 Azure Network Security Mechanisms

Azure offers numerous network security mechanisms. This section covers intra-VNet mechanisms including:

  • Network Security Groups;
  • Application Security Groups;
  • Packet capture and flow logging;
  • Monitoring tools like IP Flow Verify.

Edge security mechanisms (Azure Firewall) will be described in a separate section.

Azure Network Security Mechanisms 7:47 2020-01-04
Network Security Groups 10:03 2020-01-04
Network Security Group Examples 9:13 2020-01-04
Application Security Groups 7:02 2020-01-04
Network Security Monitoring and Troubleshooting 7:18 2020-01-04

22:45 Hands-on Demos

Network Security Groups 14:29 2019-08-24
Application Security Groups 8:16 2019-08-24

Hands-On Exercises

Secure Your Public Cloud Deployment

In this assignment you'll implement traffic filters, add web application firewall to protect your web server, log SSH traffic to your SSH bastion host and create multiple users with different privilege levels.

Hands-on assignment: Secure Your Public Cloud Deployment 2.3K 2020-04-22
Submit your homework
Overview: Submitting Hands-On Exercise Solutions

More Information

Related Presentations

Continuous Cloud Security Monitoring
You started this section on %started% Mark completed