1. Learning
  2. Courses
  3. Cloud Security Practises and Skills
  1. Back to course listing

CloudTechPro

Cloud Security Practises and Skills

Enquire Now
Save Course Compare

Course Information

Schedules
  • Anytime
Registration period
Year-round Recruitment
Price
-
Course Level
Short Course
Study Mode
Online
Duration
3 Hour(s)
Language
Cantonese, English
Location
-
7 views

Course Overview

Introduction

This Lab is to demonstrate the use of selected AWS security services with an arrangement according to a Security Framework echoing lecture’s contents. NIST here is the chosen framework, and of course, it will depend on the final chosen security framework in the lecture.

NIST’s security framework core consists of five concurrent and continuous Functions. They are Identify, Protect, Detect, Respond and Recover. These Functions provide a high-level and strategic view of the lifecycle of an organisation’s management of cybersecurity risk. The selected AWS security services in the Lab are arranged and categorised into these Functions to form a complete lifecycle of Security strategy.

Preparation
GitLab is used as an example in the Labs. The app and its data one of the organisation assets, which is in the scope of cybersecurity protection.

Please contact us at learning@cloudtechpro.academy
Time Estimation: 5 hrs to 6 hrs for 4 hand-on labs, and 1 hr for lecture

See more details

What You’ll Learn

Lab Outline:

Lab 1: Identity Management (1 hr and 15 mins)

  • Introducing Identity & Access Management on Cloud
  • Concepts and Practices
  • Example: Installing GitLab on EC2 as an app example
  • Identity: Supply Chain Risk – AWS Artifact walk-through
  • Demonstrating the configuration of AWS SSO by the Lecturer
  • AWS SSO can only be created once in an AWS account. It acts as Idp of the GitLab.
  • Identify: Single-Sign-On SSO
  • Integration of the GitLab to AWS SSO – Identify + Protect
  • Enable MFA Protection


Lab 2: Data Protection (Data-in-Transit and Data-at-Rest) (1 hr and 15 mins)
Continue the lab result from Lab 1

  • Protect: Data-in-Rest Protection
  • Encryption for data-at-rest: VM disk encryption
  • Key Management System KMS
  • Protect: Data-at-Transit Protection
  • Encryption for data-in-transit: only self-sign (ELB + CDN)
  • Amazon Certificate Manager ACM


Lab 3: Infrastructure Security and Penetration Testing (1 hr and 15 mins)

  • Protect: Network Protection
  • Configuration of Security Group
  • Configuration of Network Architecture
  • Configuration of Web Application Firewall WAF
  • AWS Shield – mention DDOS basic protection is in place for free.
  • Detect: Simulating Penetration Tests


Lab 4: Detective Controls and Response (1 hr and 15 mins)

  • Detect: Conducting Vulnerability Scans
  • Amazon Inspector
  • Respond: Investigation
  • Amazon CloudWatch trigger email alerts
See more details
Report

Start FollowingSee all

Save Course
Enquire Now

Free eNewsletter

You will receive below exclusive information:

Sign Up Now

We use cookies to enhance your experience on our website. Please read and confirm your agreement to our Privacy Policy and Terms and Conditions before continue to browse our website.

Read and Agreed