Securing AWS Using CIS Foundations Benchmark Security Standard
By Darwin Sanoy
Course info
Course info
Description
The Center for Internet Security (CIS) is a collaborative organization that creates directly actionable security configuration checklists. This makes them easier for non-security professionals to implement and provides a great deal of protection for a relatively small effort. This course, Securing AWS Using CIS Foundations Benchmark Security Standard, takes you through the CIS AWS Foundations Benchmark details and teaches you how to implement it at your company. First, you will learn about the benefits of the Benchmarks and the AWS Foundations Benchmark. Next, you will explore the benchmark protections and understand how to apply them. Finally, you'll have access to ready-to-use automation code to create a compliant AWS account. The code formulates a great base from which you can customize and create your own utility sets. By the end of this course, you'll feel confident in your knowledge of the most challenging aspects of compliance with the AWS Foundations Benchmark.
About the author
Darwin is a Senior Cloud Architect and DevOps Tooling Team Lead at Infor where he crafts DevOps automation to ensure Windows is running smoothly in the cloud.
More from the author
Section Introduction Transcripts
Course Overview
Today's IT organizations have two top level priorities that are battling it out. Getting to the cloud as soon as possible, and avoid becoming the next victim of an IT security breach. Many security standards require internal IT staff and hired consultants working for months to produce a comprehensive company approach. And that's just the beginning. Making systems compliant and passing audits takes a lot of time and effort as well. The Center for Internet Security Benchmarks distinguish themselves among other security standards. Because, there are actionable technology-specific checklists. While you may need more than they provide for a truly comprehensive program, they can be a fast and leveraged payoff for the efforts spent. They can also be used as a first wave of a larger security effort, and they can be implemented by regular IT folks like you and me. Securing AWS using the CIS Foundations Benchmarks security standard, will help you understand and explain the benefits of the Benchmarks and then it delves into the AWS Foundations Benchmark. It will equip you to explain the benchmark protections and help you understand how to apply them. This course also contains a ready-to-use automation code to create a compliant AWS account. The code formulates a great base from which you can customize and create your own utility set. This course goes on to help you with one of the most challenging aspects of compliance with the AWS Foundations Benchmark, namely Least Privilege Security Group Engineering. The only way your company will win at the IT security game, is if everyone considers IT security to be a part of their job. My name is Darwin and I challenge you to roll up your sleeves and take your AWS environments to the next level of bulletproofing against the bad guys.
IAM and Networking: Walkthrough and Automated Setup
In this module, we'll be going through the IAM and networking sections of the Foundations Benchmark. In addition to discussing the focus and recommendations of each of these sections, we'll be using automation code to build out a sandbox environment. My name is Darwin, and I'm glad you're joining me for IAM and Networking: Walk Through and Automated Setup. So let's get started talking about the first section in the benchmark, that is identity and access management or section number one. I want to talk a little bit about the intended protections that it's going to bring to us. We want to protect the root account, which is a special account in Amazon Web Services. This is the account, really the email address that you create the account with, and it has special permissions and we need to make sure that it's appropriately protected. We also have to protect accounts that have passwords. We can also create accounts without passwords, which we'll be covering; but for those that do have passwords and are intended to be used by individuals, you need to have appropriate protections in place for those. We also want to disable inactive credentials. So any credentials that belong to people that maybe depart the company or there are role changes and they no longer need them, you want to make sure that those credentials don't stay active for long after they're used. We also want a best practice permissions management. So this involves assigning permissions to groups and then assigning users to groups and some other additional details that we'll be covering. We also want to minimize a number of IAM accounts that we actually have employed. So we don't really want to be creating IAM accounts for everyone that joins IT, or everyone in a certain group. We want to make sure that these accounts are assigned as they're needed. So let's get into some of the details and take a look at the benchmark.
Logging and Monitoring: Walkthrough and Automated Setup
In this module, we'll be going through the Logging and Monitoring sections of the Foundations Benchmark. In addition to discussing the focus and recommendations of each section, we'll be using automation code to build out a sandbox environment. My name is Darwin, and I'm glad you're joining me for Logging and Monitoring: Walk Through and Automated Setup.