Securing AWS Using CIS Foundations Benchmark Security Standard
Securing your AWS environments is a straightforward process with the CIS benchmark and even easier with the automation code included with this course.
What you'll learn
The Center for Internet Security (CIS) is a collaborative organization that creates directly actionable security configuration checklists. This makes them easier for non-security professionals to implement and provides a great deal of protection for a relatively small effort. This course, Securing AWS Using CIS Foundations Benchmark Security Standard, takes you through the CIS AWS Foundations Benchmark details and teaches you how to implement it at your company. First, you will learn about the benefits of the Benchmarks and the AWS Foundations Benchmark. Next, you will explore the benchmark protections and understand how to apply them. Finally, you'll have access to ready-to-use automation code to create a compliant AWS account. The code formulates a great base from which you can customize and create your own utility sets. By the end of this course, you'll feel confident in your knowledge of the most challenging aspects of compliance with the AWS Foundations Benchmark.
Table of contents
- Why Security Matters: Some Facts 2m
- Why CIS Benchmarks? 2m
- Implementation Ready 2m
- Foundational CIS Principles 4m
- Demo: Finding and Reading the Benchmark 7m
- Be a Promoter 1m
- Demo: CIS Website 3m
- Security Standards Lifecycle 6m
- What the Benchmark Is NOT 2m
- High Value for Your Investment 1m
- It Doesn't Have to Be Hard 2m
- Summary 2m
- Intro and Section 1: IAM Policies 2m
- Included Automation Code 3m
- Preparing to Run the Code (on Linux) 4m
- IAM: Running the Code 1m
- IAM: Changes in Console 2m
- Running Sample Resources Code 1m
- Checking Sample Resources in Console 1m
- IAM and Samples: Code Review 1m
- Challenges of IAM Recommendations 3m
- IAM Best Practices 4m
- Showing IAM Best Practices in Console 4m
- Networking: Overview 4m
- Networking: Reviewing Recommendations 2m
- Networking: Running the Code 3m
- Networking: Changes in Console 3m
- Networking: Code Review 1m
- Summary 1m
- IAM and Networking: Walkthrough and Automated Setup 0m
- Logging: Overview 2m
- Logging: Recommendations Review 3m
- Building a Scalable SIEM within AWS 8m
- Logging: Running the Code 1m
- Logging: Changes in Console 2m
- Logging: Code Review 7m
- Monitoring: Overview 1m
- Monitoring: Recommendations Review 3m
- Monitoring: Running the Code 1m
- Monitoring: Changes in Console 2m
- Monitoring: Code Review 1m
- Summary 1m
- Benchmark Rollout Timeline 3m
- Complex Password Re-education 2m
- xkpasswd.net Passphrase Generator 3m
- Peerio Passphrase Generator 2m
- MFA Self-service Setup Overview 3m
- Migrating to Instance Roles Overview 5m
- Demo: Moving an Instance to a Role 6m
- Special Handling for Instance Migration 4m
- Demo: Researching Security Alerts 4m
- Summary 1m
- Default Security Group Anti-pattern 4m
- Security Group Best Practice 4m
- Ping and Remoting Security Groups 1m
- Infrastructure, SMB, AD, and PaaS 5m
- Security Group Constraints 3m
- Least Privilege Engineering Walkthrough 1m
- Diagramming the System 1m
- Using 'ACCEPT' Flow Logging 2m
- Discovering Systems via Console 6m
- Digging into Flow Logs 4m
- Designing Security Groups for Blog 3m
- Setting up Security Groups 8m
- Using 'REJECT' Flow Logs 4m
- Summary 3m
About the author
Darwin is a Senior Cloud Architect and DevOps Tooling Team Lead at Infor where he crafts DevOps automation to ensure Windows is running smoothly in the cloud. Darwin has been working with large scale systems automation for over 25 years and shares his knowledge through blogging, book authoring, training, conference speaking and open source contributions.