Cloud security handbook find out how to effectively secure cloud environments using AWS, Azure, and GCP
A comprehensive reference guide to securing the basic building blocks of cloud services, with actual examples for leveraging Azure, AWS, and GCP built-in services and capabilities Key Features Discover practical techniques for implementing cloud security Learn how to secure your data and core cloud...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited
[2022]
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009661635006719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright
- Dedication
- Contributors
- Table of Contents
- Preface
- Section 1: Securing Infrastructure Cloud Services
- Chapter 1: Introduction to Cloud Security
- Technical requirements
- What is a cloud service?
- What are the cloud deployment models?
- What are the cloud service models?
- Why we need security
- What is the shared responsibility model?
- AWS and the shared responsibility model
- Azure and the shared responsibility model
- GCP and the shared responsibility model
- Command-line tools
- AWS CLI
- Azure CLI
- Google Cloud SDK
- Summary
- Chapter 2: Securing Compute Services
- Technical requirements
- Securing VMs
- Securing Amazon Elastic Compute Cloud (EC2)
- Securing Azure Virtual Machines
- Securing Google Compute Engine (GCE) and VM instances
- Securing managed database services
- Securing Amazon RDS for MySQL
- Securing Azure Database for MySQL
- Securing Google Cloud SQL for MySQL
- Securing containers
- Securing Amazon Elastic Container Service (ECS)
- Securing Amazon Elastic Kubernetes Service (EKS)
- Securing Azure Container Instances (ACI)
- Securing Azure Kubernetes Service (AKS)
- Securing Google Kubernetes Engine (GKE)
- Securing serverless/function as a service
- Securing AWS Lambda
- Securing Azure Functions
- Securing Google Cloud Functions
- Summary
- Chapter 3: Securing Storage Services
- Technical requirements
- Securing object storage
- Securing Amazon Simple Storage Service
- Securing Azure Blob storage
- Securing Google Cloud Storage
- Securing block storage
- Best practices for securing Amazon Elastic Block Store
- Best practices for securing Azure managed disks
- Best practices for securing Google Persistent Disk
- Summary
- Securing file storage
- Securing Amazon Elastic File System
- Securing Azure Files.
- Securing Google Filestore
- Securing the CSI
- Securing CSI on AWS
- Securing CSI on Azure
- Securing CSI on GCP
- Summary
- Chapter 4: Securing Networking Services
- Technical requirements
- Securing virtual networking
- Securing Amazon Virtual Private Cloud
- Securing Azure VNet
- Securing Google Cloud VPC
- Securing DNS services
- Securing Amazon Route 53
- Securing Azure DNS
- Securing Google Cloud DNS
- Securing CDN services
- Securing Amazon CloudFront
- Securing Azure CDN
- Securing Google Cloud CDN
- Securing VPN services
- Securing AWS Site-to-Site VPN
- Securing AWS Client VPN
- Securing Azure VPN Gateway (Site-to-Site)
- Securing Azure VPN Gateway (Point-to-Site)
- Securing Google Cloud VPN
- Securing DDoS protection services
- Securing AWS Shield
- Securing Azure DDoS Protection
- Securing Google Cloud Armor
- Securing WAF services
- Securing AWS WAF
- Securing Azure WAF
- Summary
- Section 2: Deep Dive into IAM, Auditing, and Encryption
- Chapter 5: Effective Strategies to Implement IAM Solutions
- Technical requirements
- Introduction to IAM
- Failing to manage identities
- Securing cloud-based IAM services
- Securing AWS IAM
- Auditing AWS IAM
- Securing Azure AD
- Auditing Azure AD
- Securing Google Cloud IAM
- Auditing Google Cloud IAM
- Securing directory services
- Securing AWS Directory Service
- Securing Azure Active Directory Domain Services (Azure AD DS)
- Securing Google Managed Service for Microsoft AD
- Configuring MFA
- Summary
- Chapter 6: Monitoring and Auditing Your Cloud Environments
- Technical requirements
- Conducting security monitoring and audit trails
- Security monitoring and audit trails using AWS CloudTrail
- Security monitoring using AWS Security Hub
- Best practices for using AWS Security Hub.
- Security monitoring and audit trails using Azure Monitor
- Best practices for using Azure Monitor
- Security monitoring and approval process using Customer Lockbox
- Best practices for using Customer Lockbox
- Security monitoring and audit trail using Google Cloud Logging
- Security monitoring using Google Security Command Center
- Security monitoring and approval process using Access Transparency and Access Approval
- Conducting threat detection and response
- Using Amazon Detective for threat detection
- Using Amazon GuardDuty for threat detection
- Security monitoring using Microsoft Defender for Cloud
- Using Azure Sentinel for threat detection
- Using Azure Defender for threat detection
- Using Google Security Command Center for threat detection and prevention
- Conducting incident response and digital forensics
- Conducting incident response in AWS
- Conducting incident response in Azure
- Conducting incident response in Google Cloud Platform
- Summary
- Chapter 7: Applying Encryption in Cloud Services
- Technical requirements
- Introduction to encryption
- Symmetric encryption
- Asymmetric encryption
- Best practices for deploying KMSes
- AWS Key Management Service (KMS)
- AWS CloudHSM
- Azure Key Vault
- Azure Dedicated/Managed HSM
- Google Cloud Key Management Service (KMS)
- Best practices for deploying secrets management services
- AWS Secrets Manager
- Google Secret Manager
- Best practices for using encryption in transit
- IPSec
- Transport Layer Security (TLS)
- Best practices for using encryption at rest
- Object storage encryption
- Block storage encryption
- Full database encryption
- Row-level security
- Encryption in use
- AWS Nitro Enclaves
- Azure Confidential Computing
- Google Confidential Computing
- Summary
- Section 3: Threats and Compliance Management.
- Chapter 8: Understanding Common Security Threats to Cloud Services
- Technical requirements
- The MITRE ATT&
- CK framework
- Detecting and mitigating data breaches in cloud services
- Common consequences of data breaches
- Best practices for detecting and mitigating data breaches in cloud environments
- Common AWS services to assist in the detection and mitigation of data breaches
- Common Azure services to assist in the detection and mitigation of data breaches
- Common GCP services to assist in the detection and mitigation of data breaches
- Detecting and mitigating misconfigurations in cloud services
- Common AWS services to assist in the detection and mitigation of misconfigurations
- Common Azure services to assist in the detection and mitigation of misconfigurations
- Common GCP services to assist in the detection and mitigation of misconfigurations
- Detecting and mitigating insufficient IAM and key management in cloud services
- Common AWS services to assist in the detection and mitigation of insufficient IAM and key management
- Common Azure services to assist in the detection and mitigation of insufficient IAM and key management
- Common GCP services to assist in the detection and mitigation of insufficient IAM and key management
- Detecting and mitigating account hijacking in cloud services
- Common AWS services to assist in the detection and mitigation of account hijacking
- Common Azure services to assist in the detection and mitigation of account hijacking
- Common GCP services to assist in the detection and mitigation of account hijacking
- Detecting and mitigating insider threats in cloud services
- Common AWS services to assist in the detection and mitigation of insider threats
- Common Azure services to assist in the detection and mitigation of insider threats.
- Common GCP services to assist in the detection and mitigation of insider threats
- Detecting and mitigating insecure APIs in cloud services
- Common AWS services to assist in the detection and mitigation of insecure APIs
- Common Azure services to assist in the detection and mitigation of insecure APIs
- Common GCP services to assist in the detection and mitigation of insecure APIs
- Detecting and mitigating the abuse of cloud services
- Common AWS services to assist in the detection and mitigation of the abuse of cloud services
- Common Azure services to assist in the detection and mitigation of the abuse of cloud services
- Common GCP services to assist in the detection and mitigation of the abuse of cloud services
- Summary
- Chapter 9: Handling Compliance and Regulation
- Technical requirements
- Compliance and the shared responsibility model
- Introduction to compliance with regulatory requirements and industry best practices
- How to maintain compliance in AWS
- How to maintain compliance in Azure
- How to maintain compliance in GCP
- Summary
- What are the common ISO standards related to cloud computing?
- ISO/IEC 27001 standard
- ISO 27017 standard
- ISO 27018 standard
- Summary
- What is a SOC report?
- Summary
- What is the CSA STAR program?
- STAR Level 1
- STAR Level 2
- Summary
- What is PCI DSS?
- Summary
- What is the GDPR?
- Summary
- What is HIPAA?
- Summary
- Summary
- Chapter 10: Engaging with Cloud Providers
- Technical requirements
- Choosing a cloud provider
- What is the most suitable cloud service model for our needs?
- Data privacy and data sovereignty
- Auditing and monitoring
- Migration capabilities
- Authentication
- Summary
- What is a cloud provider questionnaire?
- Summary
- Tips for contracts with cloud providers
- Summary.
- Conducting penetration testing in cloud environments.
