Application Security Best Practices. Matt Tavis Principal Solutions Architect

Size: px
Start display at page:

Download "Application Security Best Practices. Matt Tavis Principal Solutions Architect"

Transcription

1 Application Security Best Practices Matt Tavis Principal Solutions Architect

2 Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for the Cloud Most traditional best practices still apply There are ways AWS can help

3 Built Around the Shared Responsibility Model AWS Facilities Physical Security Physical Infrastructure Network Infrastructure Virtualization Infrastructure Customer Operating System Application Security Groups OS Firewalls Network Configuration Account Management

4 and AWS Certifications AWS Environment SAS70 Type II Audit ISO Certification Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider FedRAMP (FISMA) Customers have deployed various compliant applications: Sarbanes-Oxley (SOX) HIPAA (healthcare) FISMA (US Federal Government) DIACAP MAC III Sensitive IATO

5 Resources and data are in your control Specify what Region and AZ to launch in Customize your AMIs Create distinct Security Groups groups of EC2 Instances use rules for controlling access between layers restrict external access to specific IP ranges Use AWS Identity & Access Management (IAM) upload your own keys use MultiFactor Authentication (MFA) AWS personnel can t login to your Instances

6 Protect your data with encryption Encrypt data in-transit (SSL/TLS) Encrypt data at-rest Encrypt records before writing in database Encrypt objects before storing them Consider encrypted file systems for sensitive data Windows Bitlocker Truecrypt dm-crypt SafeNet

7 Traditional Network Topologies in VPC Create multiple Subnets specify IP Ranges Specify Instance private IP Address Manage Routing Inbound & Outbound filters Security Groups: stateful Network Access Control Lists (ACLs): stateless Use NAT Instances Enhance NAT Instances with software VPNs, IDS, logging, etc

8 Security best practices still apply Secure coding standards Perform penetration testing Antivirus where appropriate Intrusion Detection Host-based Intrusion Detection (e.g., OSSEC) Log events Role-based access control AWS Identity & Access Management LDAP and/or Active Directory for Operating Systems & Applications

9 AWS Credential and Key Management Tips Create limited IAM Users for application needs Don t package privileged key in Instance Periodic key rotation One way to pass the application key to an Instance On the Instance Decryption key IAM User with read-only access to a private S3 Bucket that contains the encrypted key Retrieve the full key and then decrypt it Use Bucket Logging to monitor attempts to access the key

10 Extend Your Credentials into AWS Often done in VPC easier with static IP for DCs use egress control Use Read-only Domain Controllers to scale better Whitepaper: Using Windows ADFS for Single Sign-On to EC2 C2_ADFS_howto_2.0.pdf

11 New Security Opportunities Arise on AWS Issue Spending too much time troubleshooting issues? Found questionable log entries? Tired of patching? High risk site in your datacenter? Opportunity Throw it away and just replace it. Launch an EMR job and find correlating events. Use minimal OS and introduce puppet/chef/etc... Create new AMIs and launch replacements. Move it to AWS and reduce threat vectors to other applications.

12 Security Belongs In Every Layer

13 Using AWS Account Isolation to Protect Resources Environment development, test, integration, performance, production Major system Line of business / function Customer Risk level Consolidated Billing lets you bring it all together under one bill!

14 Leverage Multiple Layers of Defense Feature Standard EC2 Virtual Private Cloud Security Groups Inbound Inbound and Outbound Network ACLs n/a Inbound and Outbound Operating System firewalls Use as-is Use as-is Border firewall Manual configuration* NAT Instance VPN Manual configuration* VPN Gateway Bastion Host Enforce via Security Groups Enforce via Security Groups or Network ACLs IDS HIDS* HIDS* & NAT Instance * Third-party tools / solutions

15 Public EC2 Multi-tier Security Group Approach Web Tier ssh Application & Bastion Tier ssh Database Tier Ports 80 and 443 only open to the Internet Engineering staff have ssh Sync with on-premises database Amazon EC2 Security Group Firewall All other Internet ports blocked by default

16 You may still need to patch! Most traditional tools will work Emerging options puppet (www.puppetlabs.com) chef (www.opscode.com/chef/) fabric/cuisine (www.fabfile.org) capistrano (https://github.com/capistrano/capistrano/wiki)

17 Monitoring Tools Cloud Watch (now with console!) Application Monitoring Cacti CloudWatch User Metrics Instance Monitoring CloudWatch Nagios Nagios CloudWatch plugin https://github.com/j3tm0t0/check_cloudwatch

18 Approaches to Log Management Distributed Approach Highly scalable, but not always real-time Instance-based (push to S3) Facebook s Scribe Centralized Approach Real-time, but not highly scalable syslog Windows Event Logging Service Analytics Custom EMR jobs Splunk (www.splunk.com)

19 Example Application DNS (Route 53) ELB Auto-scaling group : Web Tier Web Server Web Server Auto-scaling group : Web Tier Web Server Web Server SLB SLB App Server App Server Tomcat Auto-scaling group : App Tier App Server App Server Tomcat Auto-scaling group : App Tier Cloud Front RDS Master Availability Zone #1 RDS Slave Availability Zone #2 S3 Availability Zone #n

20 Example: Build Security into Every Layer HA Architecture Security Characteristics: - Route 53 (highly scalable DNS) - Autoscaling Groups - Security Groups - ELB Security Group - OS Firewalls (on Instances) - RDS - DB Security Groups - backup window - snapshots - multi-az - CloudFront - Private Distribution - pre-signed URLs - S3 Bucket Policies - private bucket Auto-scaling group : Web Tier Web Server App Server DNS (Route 53) SLB Auto-scaling group : App Tier RDS Master Web Server App Server Tomcat Availability Zone #1 ELB Auto-scaling group : Web Tier Web Server App Server SLB Web Server App Server Tomcat Auto-scaling group : App Tier RDS Slave Availability Zone #2 Cloud Front S3 Availability Zone #n

21 Thank You! More reading: Security Center:

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS

More information

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud

More information

Security Essentials & Best Practices

Security Essentials & Best Practices Security Essentials & Best Practices Overview Overview of the AWS cloud security concepts such as the AWS security center, Shared Responsibility Model, and Identity and Access Management. 1 AWS Security

More information

319 MANAGED HOSTING TECHNICAL DETAILS

319 MANAGED HOSTING TECHNICAL DETAILS 319 MANAGED HOSTING TECHNICAL DETAILS 319 NetWorks www.319networks.com Table of Contents Architecture... 4 319 Platform... 5 319 Applications... 5 319 Network Stack... 5 319 Cloud Hosting Technical Details...

More information

TECHNOLOGY WHITE PAPER Jan 2016

TECHNOLOGY WHITE PAPER Jan 2016 TECHNOLOGY WHITE PAPER Jan 2016 Technology Stack C# PHP Amazon Web Services (AWS) Route 53 Elastic Load Balancing (ELB) Elastic Compute Cloud (EC2) Amazon RDS Amazon S3 Elasticache CloudWatch Paypal Overview

More information

TECHNOLOGY WHITE PAPER Jun 2012

TECHNOLOGY WHITE PAPER Jun 2012 TECHNOLOGY WHITE PAPER Jun 2012 Technology Stack C# Windows Server 2008 PHP Amazon Web Services (AWS) Route 53 Elastic Load Balancing (ELB) Elastic Compute Cloud (EC2) Amazon RDS Amazon S3 Elasticache

More information

Using ArcGIS for Server in the Amazon Cloud

Using ArcGIS for Server in the Amazon Cloud Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview Opsview in the Cloud Monitoring with Amazon Web Services Opsview Technical Overview Page 2 Opsview In The Cloud: Monitoring with Amazon Web Services Contents Opsview in The Cloud... 3 Considerations...

More information

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...

More information

Alfresco Enterprise on AWS: Reference Architecture

Alfresco Enterprise on AWS: Reference Architecture Alfresco Enterprise on AWS: Reference Architecture October 2013 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 13 Abstract Amazon Web Services (AWS)

More information

Using ArcGIS for Server in the Amazon Cloud

Using ArcGIS for Server in the Amazon Cloud Using ArcGIS for Server in the Amazon Cloud Randall Williams, Esri Subrat Bora, Esri Esri UC 2014 Technical Workshop Agenda What is ArcGIS for Server on Amazon Web Services Sounds good! How much does it

More information

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015 Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational

More information

Building Energy Security Framework

Building Energy Security Framework Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy

More information

Securing the Microsoft Platform on Amazon Web Services

Securing the Microsoft Platform on Amazon Web Services Securing the Microsoft Platform on Amazon Web Services Tom Stickle August 2012 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 22 Abstract Deploying Microsoft

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application

More information

Famly ApS: Overview of Security Processes

Famly ApS: Overview of Security Processes Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Amazon Web Services Hands-On Virtual Private Computing

Amazon Web Services Hands-On Virtual Private Computing Amazon Web Services Hands-On Virtual Private Computing 1 Overview Amazon s Virtual Private Cloud (VPC) allows you to launch AWS resources in a virtual network that you define. You can define an environment

More information

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables

More information

Digital, Transparent & Secure

Digital, Transparent & Secure Digital, Transparent & Secure Table of Contents Overview... 4 Overbond Platform... 4 Data Encryption... 4 Transit... 4 Storage... 4 Cloud Platform Security... 5 Amazon Web Services - AWS... 5 Antivirus

More information

DoD-Compliant Implementations in the AWS Cloud

DoD-Compliant Implementations in the AWS Cloud DoD-Compliant Implementations in the AWS Cloud Reference Architectures Paul Bockelman Andrew McDermott April 2015 Contents Contents 2 Abstract 3 Introduction 3 Getting Started 4 Shared Responsibilities

More information

Running Oracle Applications on AWS

Running Oracle Applications on AWS Running Oracle Applications on AWS Bharath Terala Sr. Principal Consultant Apps Associates LLC June 09, 2014 Copyright 2014. Apps Associates LLC. 1 Agenda About the Presenter About Apps Associates LLC

More information

Expand Your Infrastructure with the Elastic Cloud. Mark Ryland Chief Solutions Architect Jenn Steele Product Marketing Manager

Expand Your Infrastructure with the Elastic Cloud. Mark Ryland Chief Solutions Architect Jenn Steele Product Marketing Manager Expand Your Infrastructure with the Elastic Cloud Mark Ryland Chief Solutions Architect Jenn Steele Product Marketing Manager Today we re going to talk about The Cloud Scenarios Questions You Probably

More information

Every Silver Lining Has a Vault in the Cloud

Every Silver Lining Has a Vault in the Cloud Irvin Hayes Jr. Autodesk, Inc. PL6015-P Don t worry about acquiring hardware and additional personnel in order to manage your Vault software installation. Learn how to spin up a hosted server instance

More information

Web Application Hosting in the AWS Cloud Best Practices

Web Application Hosting in the AWS Cloud Best Practices Web Application Hosting in the AWS Cloud Best Practices May 2010 Matt Tavis Page 1 of 12 Abstract Highly-available and scalable web hosting can be a complex and expensive proposition. Traditional scalable

More information

Web Application Hosting in the AWS Cloud Best Practices

Web Application Hosting in the AWS Cloud Best Practices Web Application Hosting in the AWS Cloud Best Practices September 2012 Matt Tavis, Philip Fitzsimons Page 1 of 14 Abstract Highly available and scalable web hosting can be a complex and expensive proposition.

More information

CLOUD COMPUTING WITH AWS An INTRODUCTION. John Hildebrandt Solutions Architect ANZ

CLOUD COMPUTING WITH AWS An INTRODUCTION. John Hildebrandt Solutions Architect ANZ CLOUD COMPUTING WITH AWS An INTRODUCTION John Hildebrandt Solutions Architect ANZ AGENDA Todays Agenda Background and Value proposition of AWS Global infrastructure and the Sydney Region AWS services Drupal

More information

Servers. Servers. NAT Public Subnet: 172.30.128.0/20. Internet Gateway. VPC Gateway VPC: 172.30.0.0/16

Servers. Servers. NAT Public Subnet: 172.30.128.0/20. Internet Gateway. VPC Gateway VPC: 172.30.0.0/16 .0 Why Use the Cloud? REFERENCE MODEL Cloud Development April 0 Traditionally, deployments require applications to be bound to a particular infrastructure. This results in low utilization, diminished efficiency,

More information

Cloud S ecurity Security Processes & Practices Jinesh Varia

Cloud S ecurity Security Processes & Practices Jinesh Varia Cloud Security Processes & Practices Jinesh Varia Overview Certifications Physical Security Backups EC2 Security S3 Security SimpleDB Security SQS Security Best Practices AWS Security White Paper Available

More information

Web Application Hosting using Amazon Web Services. E: Roshanr_2004@hotmail.com W: http://virtualizationandstorage.wordpress.

Web Application Hosting using Amazon Web Services. E: Roshanr_2004@hotmail.com W: http://virtualizationandstorage.wordpress. Web Application Hosting using Amazon Web Services Document Author: Contact: Roshan Ratnayake M: 0434 725 855 E: Roshanr_2004@hotmail.com W: http://virtualizationandstorage.wordpress.c om/category/aws/

More information

19.10.11. Amazon Elastic Beanstalk

19.10.11. Amazon Elastic Beanstalk 19.10.11 Amazon Elastic Beanstalk A Short History of AWS Amazon started as an ECommerce startup Original architecture was restructured to be more scalable and easier to maintain Competitive pressure for

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

Running Oracle on the Amazon Cloud

Running Oracle on the Amazon Cloud Running Oracle on the Amazon Cloud Bryan Stroble RMOUG Training Days February 7, 2014 Oracle Experts, Easy to Work With Oracle experts Oracle Database Technology Consulting Oracle E-Business Suite Applications

More information

Amazon Web Services: Overview of Security Processes May 2011

Amazon Web Services: Overview of Security Processes May 2011 Amazon Web Services: Overview of Security Processes May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 Amazon Web Services (AWS) delivers a scalable cloud computing

More information

Introduction to Auditing the Use of AWS. October 2015

Introduction to Auditing the Use of AWS. October 2015 Introduction to Auditing the Use of AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents

More information

Reliable Data Tier Architecture for Job Portal using AWS

Reliable Data Tier Architecture for Job Portal using AWS Reliable Data Tier Architecture for Job Portal using AWS Manoj Prakash Thalagatti 1, Chaitra B 2, Mohammed Asrar Naveed 3 1,3 M. Tech Student, Dept. of ISE, Acharya Institute of Technology, Bengaluru,

More information

Managing Multi-Tiered Applications with AWS OpsWorks

Managing Multi-Tiered Applications with AWS OpsWorks Managing Multi-Tiered Applications with AWS OpsWorks Daniele Stroppa January 2015 Contents Contents Abstract Introduction Key Concepts Design Micro-services Architecture Provisioning and Deployment Managing

More information

Run SAP for Savings and Speed in the Cloud Presentation for ASUG, September 28, 2011

Run SAP for Savings and Speed in the Cloud Presentation for ASUG, September 28, 2011 Run SAP for Savings and Speed in the Cloud Presentation for ASUG, September 28, 2011 2011 RUNE2E, llc Mike Culver Amazon Web Services Ray Kelly RunE2E, LLC SAP Solutions & Services from RunE2E Gold Channel

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

RemoteApp Publishing on AWS

RemoteApp Publishing on AWS RemoteApp Publishing on AWS WWW.CORPINFO.COM Kevin Epstein & Stephen Garden Santa Monica, California November 2014 TABLE OF CONTENTS TABLE OF CONTENTS... 2 ABSTRACT... 3 INTRODUCTION... 3 WHAT WE LL COVER...

More information

ArcGIS 10.3 Server on Amazon Web Services

ArcGIS 10.3 Server on Amazon Web Services ArcGIS 10.3 Server on Amazon Web Services Copyright 1995-2015 Esri. All rights reserved. Table of Contents Introduction What is ArcGIS Server on Amazon Web Services?............................... 5 Quick

More information

Pega as a Service. Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect

Pega as a Service. Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect 1 Pega as a Service Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect This information is not a commitment, promise or legal obligation to deliver any material,

More information

FortiGate-AWS Deployment Guide

FortiGate-AWS Deployment Guide FortiGate-AWS Deployment Guide FortiGate-AWS Deployment Guide September 25, 2014 01-500-252024-20140925 Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard,

More information

Primex Wireless OneVue Architecture Statement

Primex Wireless OneVue Architecture Statement Primex Wireless OneVue Architecture Statement Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS) 2015 Primex Wireless, Inc. The Primex logo is a registered

More information

Introduction to DevOps on AWS

Introduction to DevOps on AWS Introduction to DevOps on AWS David Chapman December 2014 Contents Contents Abstract Introduction Agile Evolution to DevOps Infrastructure as Code AWS CloudFormation AWS AMI Continuous Deployment AWS CodeDeploy

More information

How AWS Pricing Works

How AWS Pricing Works How AWS Pricing Works (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 15 Table of Contents Table of Contents... 2 Abstract... 3 Introduction... 3 Fundamental

More information

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer March 2014 Last updated: September 2015 (revisions) Table of Contents Abstract... 3 What We ll Cover...

More information

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers

More information

Live Guide System Architecture and Security TECHNICAL ARTICLE

Live Guide System Architecture and Security TECHNICAL ARTICLE Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network

More information

AWS Directory Service. Simple AD Administration Guide Version 1.0

AWS Directory Service. Simple AD Administration Guide Version 1.0 AWS Directory Service Simple AD Administration Guide AWS Directory Service: Simple AD Administration Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's

More information

T2 IaaSand PCI Compliance. Robert Zigweid, IOActive

T2 IaaSand PCI Compliance. Robert Zigweid, IOActive T2 IaaSand PCI Compliance Robert Zigweid, IOActive Introduction Robert M. Zigweid Principal Compliance Consultant at IOActive, Inc. PCI QSA, PCI PA-QSA QSA for Amazon Web Services 2 Creating a PCI Compliant

More information

Securely Moving Your Business Into the Cloud

Securely Moving Your Business Into the Cloud Securely Moving Your Business Into the Cloud Alex Stamos Partner SOURCE Boston April 21, 2010 Your Humble Narrator Alex Stamos Co Founder and Partner of isec LBNL, Loudcloud, @stake UC Berkeley BS EECS

More information

Best Practices for Siebel on AWS

Best Practices for Siebel on AWS Best Practices for Siebel on AWS Contributors The following individuals and organizations contributed to this document Ashok Sundaram, Solutions Architect, Amazon Web Services Milind Waikul, CEO, Enterprise

More information

Financial Services Grid Computing on Amazon Web Services January 2013 Ian Meyers

Financial Services Grid Computing on Amazon Web Services January 2013 Ian Meyers Financial Services Grid Computing on Amazon Web Services January 2013 Ian Meyers (Please consult http://aws.amazon.com/whitepapers for the latest version of this paper) Page 1 of 15 Contents Abstract...

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

CompTIA Cloud+ 9318; 5 Days, Instructor-led

CompTIA Cloud+ 9318; 5 Days, Instructor-led CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,

More information

Cloud Portal Office Security Whitepaper. October 2013

Cloud Portal Office Security Whitepaper. October 2013 Cloud Portal Office Security Whitepaper October 2013 Table of Contents Introduction... 2 Accessing Cloud Portal Office... 2 Account Authentication and Authorization... 2 Strong Password Policies... 3 Single

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend: CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification

More information

Overview and Deployment Guide. Sophos UTM on AWS

Overview and Deployment Guide. Sophos UTM on AWS Overview and Deployment Guide Sophos UTM on AWS Overview and Deployment Guide Document date: November 2014 1 Sophos UTM and AWS Contents 1 Amazon Web Services... 4 1.1 AMI (Amazon Machine Image)... 4 1.2

More information

Virtual Data Centre. User Guide

Virtual Data Centre. User Guide Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

Design for Failure High Availability Architectures using AWS

Design for Failure High Availability Architectures using AWS Design for Failure High Availability Architectures using AWS Harish Ganesan Co founder & CTO 8KMiles www.twitter.com/harish11g http://www.linkedin.com/in/harishganesan Sample Use Case Multi tiered LAMP/LAMJ

More information

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC Prepared by: Peter Bats Commissioning Editor: Linda Belliveau Version: 5.0 Last Updated:

More information

Introduction to AWS Security July 2015

Introduction to AWS Security July 2015 Introduction to AWS Security July 2015 Page 1 of 7 Table of Contents Introduction... 3 Security of the AWS Infrastructure... 3 Security Products and Features... 4 Network Security... 4 Inventory and Configuration

More information

Live Guide System Architecture and Security TECHNICAL ARTICLE

Live Guide System Architecture and Security TECHNICAL ARTICLE Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network

More information

Cloud Computing with Amazon Web Services and the DevOps Methodology. www.cloudreach.com

Cloud Computing with Amazon Web Services and the DevOps Methodology. www.cloudreach.com Cloud Computing with Amazon Web Services and the DevOps Methodology Who am I? Max Manders @maxmanders Systems Developer at Cloudreach @cloudreach Director / Co-Founder of Whisky Web @whiskyweb Who are

More information

KeyLock Solutions Security and Privacy Protection Practices

KeyLock Solutions Security and Privacy Protection Practices KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout

More information

McAfee Next Generation Firewall (NGFW) Administration Course

McAfee Next Generation Firewall (NGFW) Administration Course McAfee Product Education McAfee Next Generation Firewall (NGFW) Administration Course The McAfee NGFW Administration course from Education Services provides attendees with hands-on training on the design,

More information

Enterprise Applications on AWS

Enterprise Applications on AWS Enterprise Applications on AWS Tom Stickle Senior Manager, Solution Architecture AWS Partner Programs Why Should I Run Enterprise Applications on AWS? Turn procurement into provisioning! No capital expenditure

More information

Securing Amazon Web Services (AWS) and Simple Storage Service (Amazon S3) Security David Boland

Securing Amazon Web Services (AWS) and Simple Storage Service (Amazon S3) Security David Boland Securing Amazon Web Services (AWS) and Simple Storage Service (Amazon S3) Security David Boland The Cloud Whether a company is using Facebook for marketing purposes or migrating their entire organization's

More information

vcloud Director User's Guide

vcloud Director User's Guide vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

Here we are going to show you how to deploy Sangoma SBC VM as an EC2 (Elastic Compute Cloud) Instance inside a VPC (Virtual Private Cloud).

Here we are going to show you how to deploy Sangoma SBC VM as an EC2 (Elastic Compute Cloud) Instance inside a VPC (Virtual Private Cloud). Sangoma VM SBC AMI at AWS (Amazon Web Services) SBC in a Cloud Based UC/VoIP Service. One of the interesting use cases for Sangoma SBC is to provide VoIP Edge connectivity between Soft switches or IPPBX's

More information

Jinesh Varia Technology Evangelist jvaria@amazon.com. Architectural Design Patterns in Cloud Computing

Jinesh Varia Technology Evangelist jvaria@amazon.com. Architectural Design Patterns in Cloud Computing Jinesh Varia Technology Evangelist jvaria@amazon.com Architectural Design Patterns in Cloud Computing They sent me here to talk But I am here to listen Please Send Feedback jvaria@amazon.com Twitter: @jinman

More information

Security Gateway R75. for Amazon VPC. Getting Started Guide

Security Gateway R75. for Amazon VPC. Getting Started Guide Security Gateway R75 for Amazon VPC Getting Started Guide 7 November 2011 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

How AWS Pricing Works May 2015

How AWS Pricing Works May 2015 How AWS Pricing Works May 2015 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 15 Table of Contents Table of Contents... 2 Abstract... 3 Introduction...

More information

Centrify Cloud Connector Deployment Guide

Centrify Cloud Connector Deployment Guide C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as

More information

Firewall Environments. Name

Firewall Environments. Name Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting

More information

www.boost ur skills.com

www.boost ur skills.com www.boost ur skills.com AWS CLOUD COMPUTING WORKSHOP Write us at training@boosturskills.com BOOSTURSKILLS No 1736 1st Amrutha College Road Kasavanhalli,Off Sarjapur Road,Bangalore-35 1) Introduction &

More information

Amazon WorkDocs. Administration Guide Version 1.0

Amazon WorkDocs. Administration Guide Version 1.0 Amazon WorkDocs Administration Guide Amazon WorkDocs: Administration Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not

More information

Amazon Web Services: Risk and Compliance May 2011

Amazon Web Services: Risk and Compliance May 2011 Amazon Web Services: Risk and Compliance May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers

More information

WE RUN SEVERAL ON AWS BECAUSE WE CRITICAL APPLICATIONS CAN SCALE AND USE THE INFRASTRUCTURE EFFICIENTLY.

WE RUN SEVERAL ON AWS BECAUSE WE CRITICAL APPLICATIONS CAN SCALE AND USE THE INFRASTRUCTURE EFFICIENTLY. WE RUN SEVERAL CRITICAL APPLICATIONS ON AWS BECAUSE WE CAN SCALE AND USE THE INFRASTRUCTURE EFFICIENTLY. - Murari Gopalan Director, Technology Expedia Expedia, a leading online travel company for leisure

More information

Virtual Private Cloud - Lab. Hands-On Lab: AWS Virtual Private Cloud (VPC)

Virtual Private Cloud - Lab. Hands-On Lab: AWS Virtual Private Cloud (VPC) Virtual Private Cloud - Lab Hands-On Lab: AWS Virtual Private Cloud (VPC) 1 Overview In this lab we will create and prepare a Virtual Private Cloud (VPC) so that we can launch multiple EC2 web servers

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

Deploying for Success on the Cloud: EBS on Amazon VPC. Phani Kottapalli Pavan Vallabhaneni AST Corporation August 17, 2012

Deploying for Success on the Cloud: EBS on Amazon VPC. Phani Kottapalli Pavan Vallabhaneni AST Corporation August 17, 2012 Deploying for Success on the Cloud: EBS on Amazon VPC Phani Kottapalli Pavan Vallabhaneni AST Corporation August 17, 2012 Agenda Amazon AWS Global Infrastructure AWS VirtualPrivateCloud(VPC) Architecture

More information

Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation

Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts May 15, 2014 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy

More information

IAN MASSINGHAM. Technical Evangelist Amazon Web Services

IAN MASSINGHAM. Technical Evangelist Amazon Web Services IAN MASSINGHAM Technical Evangelist Amazon Web Services From 2014: Cloud computing has become the new normal Deploying new applications to the cloud by default Migrating existing applications as quickly

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

VERIFONE ENHANCED ZONE ROUTER

VERIFONE ENHANCED ZONE ROUTER VERIFONE ENHANCED ZONE ROUTER Security, remote management, and network connectivity offering more solutions for your c-store. SUMMARY The Verifone Enhanced Router is designed for customers to implement

More information

Financial Services Grid Computing on Amazon Web Services. January, 2016

Financial Services Grid Computing on Amazon Web Services. January, 2016 Financial Services Grid Computing on Amazon Web Services January, 2016 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes

More information