Advanced

Securing AWS Using CIS Foundations Benchmark Security Standard

By Darwin Sanoy
Securing your AWS environments is a straightforward process with the CIS benchmark and even easier with the automation code included with this course.
Play course overview
Course info
Level
Intermediate
Updated
Oct 24, 2016
Duration
3h 11m
Table of contents
Course Overview
Course Overview 2m
Understanding the CIS AWS Foundations Benchmark and Its Benefits and Impacts
Why Security Matters: Some Facts 2m Why CIS Benchmarks? 2m Implementation Ready 2m Foundational CIS Principles 4m Demo: Finding and Reading the Benchmark 7m Be a Promoter 1m Demo: CIS Website 3m Security Standards Lifecycle 6m What the Benchmark Is NOT 2m High Value for Your Investment 1m It Doesn't Have to Be Hard 2m Summary 2m
IAM and Networking: Walkthrough and Automated Setup
Intro and Section 1: IAM Policies 2m Included Automation Code 3m Preparing to Run the Code (on Linux) 4m IAM: Running the Code 1m IAM: Changes in Console 2m Running Sample Resources Code 1m Checking Sample Resources in Console 1m IAM and Samples: Code Review 1m Challenges of IAM Recommendations 3m IAM Best Practices 4m Showing IAM Best Practices in Console 4m Networking: Overview 4m Networking: Reviewing Recommendations 2m Networking: Running the Code 3m Networking: Changes in Console 3m Networking: Code Review 1m Summary 1m
Logging and Monitoring: Walkthrough and Automated Setup
IAM and Networking: Walkthrough and Automated Setup 0m Logging: Overview 2m Logging: Recommendations Review 3m Building a Scalable SIEM within AWS 8m Logging: Running the Code 1m Logging: Changes in Console 2m Logging: Code Review 7m Monitoring: Overview 1m Monitoring: Recommendations Review 3m Monitoring: Running the Code 1m Monitoring: Changes in Console 2m Monitoring: Code Review 1m Summary 1m
Planning Benchmark Compliance for an Existing Account
Benchmark Rollout Timeline 3m Complex Password Re-education 2m xkpasswd.net Passphrase Generator 3m Peerio Passphrase Generator 2m MFA Self-service Setup Overview 3m Migrating to Instance Roles Overview 5m Demo: Moving an Instance to a Role 6m Special Handling for Instance Migration 4m Demo: Researching Security Alerts 4m Summary 1m
Least Privilege Security Group Engineering
Default Security Group Anti-pattern 4m Security Group Best Practice 4m Ping and Remoting Security Groups 1m Infrastructure, SMB, AD, and PaaS 5m Security Group Constraints 3m Least Privilege Engineering Walkthrough 1m Diagramming the System 1m Using 'ACCEPT' Flow Logging 2m Discovering Systems via Console 6m Digging into Flow Logs 4m Designing Security Groups for Blog 3m Setting up Security Groups 8m Using 'REJECT' Flow Logs 4m Summary 3m
Description
Course info
Level
Intermediate
Updated
Oct 24, 2016
Duration
3h 11m
Description

The Center for Internet Security (CIS) is a collaborative organization that creates directly actionable security configuration checklists. This makes them easier for non-security professionals to implement and provides a great deal of protection for a relatively small effort. This course, Securing AWS Using CIS Foundations Benchmark Security Standard, takes you through the CIS AWS Foundations Benchmark details and teaches you how to implement it at your company. First, you will learn about the benefits of the Benchmarks and the AWS Foundations Benchmark. Next, you will explore the benchmark protections and understand how to apply them. Finally, you'll have access to ready-to-use automation code to create a compliant AWS account. The code formulates a great base from which you can customize and create your own utility sets. By the end of this course, you'll feel confident in your knowledge of the most challenging aspects of compliance with the AWS Foundations Benchmark.

About the author
Darwin Sanoy
About the author

Darwin is a Senior Cloud Architect and DevOps Tooling Team Lead at Infor where he crafts DevOps automation to ensure Windows is running smoothly in the cloud.

More from the author
Chocolatey NuGet Essentials for Automation Pros
Intermediate
3h 10m
Mar 25, 2016
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Today's IT organizations have two top level priorities that are battling it out. Getting to the cloud as soon as possible, and avoid becoming the next victim of an IT security breach. Many security standards require internal IT staff and hired consultants working for months to produce a comprehensive company approach. And that's just the beginning. Making systems compliant and passing audits takes a lot of time and effort as well. The Center for Internet Security Benchmarks distinguish themselves among other security standards. Because, there are actionable technology-specific checklists. While you may need more than they provide for a truly comprehensive program, they can be a fast and leveraged payoff for the efforts spent. They can also be used as a first wave of a larger security effort, and they can be implemented by regular IT folks like you and me. Securing AWS using the CIS Foundations Benchmarks security standard, will help you understand and explain the benefits of the Benchmarks and then it delves into the AWS Foundations Benchmark. It will equip you to explain the benchmark protections and help you understand how to apply them. This course also contains a ready-to-use automation code to create a compliant AWS account. The code formulates a great base from which you can customize and create your own utility set. This course goes on to help you with one of the most challenging aspects of compliance with the AWS Foundations Benchmark, namely Least Privilege Security Group Engineering. The only way your company will win at the IT security game, is if everyone considers IT security to be a part of their job. My name is Darwin and I challenge you to roll up your sleeves and take your AWS environments to the next level of bulletproofing against the bad guys.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT