Tekirdağ Security Engineering on AWS Eğitimi

Bu Tekirdağ Security Engineering on AWS Eğitimi, AWS Bulutu’nda güvenli kalabilmek için AWS güvenlik hizmetlerinin nasıl etkin bir şekilde kullanılabileceğini göstermektedir. Bu eğitim buluttaki verileriniz ve sistemlerinizin güvenliğini arttırmak için AWS’nin önerdiği en iyi güvenlik uygulamalarına odaklanmaktadır. Eğitim, bilişim, depolama, ağ kurma ve veritabanı servisleri gibi temel AWS servislerinin güvenlik özelliklerini vurgulamaktadır. Ayrıca otomasyon, kesintisiz izleme ve kayıt ve güvenlik vakalarına müdahale için AWS servisleri ve araçlarından nasıl faydalanacağınızı da öğreneceksiniz.

Bu Tekirdağ Security Engineering on AWS Eğitimi, birçok farklı alıştırma ile yeni becerilerinizi test etmenize ve bilgilerinizi de çalışma ortamınıza uygulamanıza imkan sağlamaktadır.

We recommend that attendees of this course have the following prerequisites:

• AWS Cloud Practitioner Essentials
• AWS Security Fundamentals
• Architecting on AWS
• Working knowledge of IT security practices and infrastructure concepts
• Familiarity with cloud computing concepts

Bu Tekirdağ Security Engineering on AWS Eğitimi hedef aldığı kitle:

• Güvenlik mühendisleri
• Güvenlik mimarları
• Güvenlik işlemleri
• Bilgi güvenliği

Bu Tekirdağ Security Engineering on AWS Eğitimi ile öğrenecekleriniz:

• Assimilate and leverage the AWS shared security responsibility model
• Architect and build AWS application infrastructures that are protected against the most common security threats
• Protect data at rest and in transit with encryption
• Apply security checks and analyses in an automated and reproducible manner
• Configure authentication for resources and applications in the AWS Cloud
• Gain insight into events by capturing, monitoring, processing, and analyzing logs
• Identify and mitigate incoming threats against applications and data
• Perform security assessments to ensure that common vulnerabilities are patched and security best practices are applied

Intro

• Welcome and introductions
• Introduction to Security on AWS

Identifying entry points on AWS

• Ways to access the platform
• IAM policies
• Securing entry points
• Incident response

Lab - cross-account authentication

Security Considerations - Web Applications

• Security points in an AWS web application environment
• Analyse a three-tier application model and identify common threats
• Assess environments to improve security

Application Security

• Securing EC2 instances
• Assess vulnerabilities with Inspector
• Apply security in an automated way using Systems Manager
• Isolate a compromised instance

Lab - Assessing Security with Inspector and Systems Manager

Securing Networking Communications - Part 1

• Apply security best practices to VPC
• Implement an ELB device as a protection point
• Protect data in transit using certificates

Data Security

• Protect data at rest using encryption and access controls
• AWS services used to replicate data
• Protect archived data

Security Considerations: Hybrid Environments

• Security points outside of a VPC
• Common DoS threats

Monitoring and Collecting Logs on AWS

• Monitor events and collect logs with CloudWatch
• Use Config to monitor resources
• AWS-native services that generate and collect logs

Lab - Server Log Analysis Part 1 - collect logs

Processing Logs on AWS

• Stream and process logs for further analysis
• AWS services used to process logs from S3 buckets

Lab - Server Log Analysis Part 2 - analyse logs

Securing Networking Communications - Part 2

• Identify AWS services used to connect on-premise to AWS
• Data protection between on-premise and AWS
• Securely access VPC resources in other accounts

Out-Of-Region Protection

• Use Route 53 to isolate attacks
• Implement WAF to protect applications
• Use CloudFront to deliver content securely
• Protect applications using Shield

Account Management on AWS

• Manage multiple accounts
• Use identity providers / brokers to acquire access to AWS services

Lab - AWS Federated Authentication with ADFS

Security Considerations: Serverless Environments

• How to secure data in a serverless environment
• Use Cognito to authorize users
• Control API access with API Gateway
• Use AWS messaging services securely
• Secure Lambda functions

Lab - Monitor and Respond with Config and Lambda

Secrets Management on AWS

• Manage key and data encryption with KMS
• Describe how CloudHSM is used to generate and secure keys
• Use Secrets Manager to authenticate applications

Lab - Using KMS

Security Automation on AWS

• Deploy security-oriented AWS environments in a reproducible manner
• Provide management and control of IT services to end-users in a self-serve manner

Lab - Security Automation on AWS with Service Catalog

Threat Detection and Sensitive Data Monitoring

• Threat detection and monitoring for malicious or unauthorized behaviour
• Leverage machine learning to gain visibility into how sensitive data is being managed in the AWS Cloud