B.Tech. in CSE with specialization in Networks and Security Application and Cloud Security Enthusiast, a bug bounty hunter EC Council Certified CEH-Practical (Passed) EC Council Certified SOC Analyst (In Progress)
The Shared Responsibility Model in AWS ◈ AWS Security, identity, and Compliance Services ◈ AWS Incident Response ◈ Use Cases ◈ AWS Security – Best Practices
centers. Each region can have many Availability Zones. Separated from each other. Connected with high bandwidth, ultra-low latency networking. 29 Regions. 93 Availability Zones. 410+ Points of Presence.
Elastic num of instances. Storing your data on Elastic Block Store Reliable Multiple locations Elastic IP Secure Firewall Config Virtual Private Cloud Performance Scaling the services using Auto Scaling group
from Layer 3,4 Attacks Protects from SYN/UDP Floods – DDoS attacks ◈ AWS Shield Advanced Optional DDOS mitigation service 24/7 access to AWS DDoS response team ◈ AWS Web Application Firewall – WAF Protects from web app attacks Monitors HTTP, and HTTPS requests and block malicious requests. Protect from SQL Injection and Cross-site scripting Pre-configured rule groups for OWASP top 10, CVE, IP reputation List, Anonymous list etc.
Access Patterns ◈ API Calls ◈ Account Usage ◈ Uses Machine Learning Model, to determine if the new activity is considered normal or abnormal ◈ Generates findings for EC2, IAM, and S3.
with the botnet command and control server ◈ Implies that the instance is compromised ◈ Cryptocurrency: EC2/BitcoinTool ◈ EC2 instance interacting with an IP Address associated with cryptocurrency activity ◈ Bitcoin Mining ◈ If the use-case is valid setup suppression rule. ◈ Discover: S3/MaliciousIPCaller S3 API to read or copy objects was invoked from a known Malicious IP address ◈ PenTest: S3/KaliLinux S3 API was invoked from kali Linux from your AWS Credentials.
◈ Only for EC2 Instances and container infrastructure. ◈ Reduce mean time to resolve (MTTR) vulnerabilities with automation. ◈ Vulnerability management with a fully managed and highly scalable service.
those keys ii) Invalidating the credentials iii) Invalidating any temporary credentials issued with the exposed keys iv) Restore the access with new credentials v) Review your AWS account
in such a scenario: i) Lock the instance down, capture metadata and detach it from any auto-scaling group. ii) Take the EBS Snapshot and add a tag as quarantine for investigation. iii) Memory Dump iv) Perform Forensic Analysis v) Terminate the instance
your Applications ◈ Backup a lot and test your recovery resources before you need them ◈ Understand the AWS Shared Responsibility Model ◈ Do not use root account credentials for day-to-day interactions with AWS! ◈ Activate multi-factor authentication (MFA) on the AWS account root user and any users with interactive access to AWS Identity and Access Management (IAM) ◈ Audit IAM users and their policies frequently ◈ Monitor your account and its resources