Amazon AWS Shared Security Model
Download as PPTX, PDF•0 likes•1,081 views
The document discusses the Amazon Web Services (AWS) shared responsibility model, emphasizing AWS's security measures at various levels including physical, virtualization, and application security. It details the responsibilities of both AWS and clients to ensure data security, including multi-factor authentication, firewall mechanisms, and identity management. The document also highlights additional resources for further understanding AWS security practices.
Amazon AWS Shared Security Model
- 1. Amazon Web Services Shared Responsibility Model 1 Security & 4 Compliance 2 3 PPT by www.EndPointVault.com
- 2. Amazon AWS Amazon offers scalable cloud computing platform to build, deploy and run wide range of application using their servers that are spread across the globe.
- 3. AWS Shared Security Model Amazon AWS Amazon Client Facilities Physical Security Physical Infrastructure Network Infrastructure Virtualization Security OS Application Security Groups OS Firewall Network Configuration Account Management
- 4. Physical Security - AWS AWS Facilities state of the art electronic surveillance system. Authentication and Authorization is done using multi factor access control System. Data centre is guarded by professionals in security domain. Hardware are fully guarded and are destroyed before it leave the premise or data center.
- 5. Virtualization Security - AWS Security for instances or virtual server is provided on multiple level to the user: Host OS (Amazon) Guest OS (User Virtual Instance) Firewall Signed API calls Each of these security measures are interdependent to provide the overall security and to prevent any unauthorized access to the database.
- 6. Host OS Security - AWS • Authorized administrator who needs to access the management plane are required to pass through the multifactor authentication before gaining access to the administration host. • All such cases are logged and audited. • Privileges are immediately revoked as soon as the work gets completed.
- 7. Guest OS Security - AWS Though virtual instances are totally controlled by the user nevertheless Amazon still provides considerable amount of security to it. https/SSL enabled login and Guest OS management. Support for SSH (Secure Shell) network protocol for secure logging in Unix/Linux Instances. Provides regular updates and patches for the Guest OS (Windows or Linux). Further security can be easily enhanced by the instance administrator by using services available in Amazon Marketplace.
- 8. Firewall Solution - AWS • Amazon has created a robust firewall security mechanism where by default all the ports are in deny mode and the user explicitly open the ports to allow the inbound traffic. • Firewall is guest OS independent and does not reply on the administrator instead, requires the users X.509 certificate and relevant key to authorize changes thus creating an extra layer of security.
- 9. Amazon Client Security Responsibility • Create and manage groups and set security policy to insure data security and safety of your instance. • Use of Virtual Private Network to ensure network safety and creating Access list to manage the inbound – outbound traffic from your instances. • Setup VPN tunnel to your end for direct access of your instances.
- 10. Identity and Access Management • You can deny access to resources and services (EC2, S3, Direct Connect, etc.) to those with minimum privileges. • Use of multi-factor authentication for authorized access. • API through Access ID/ Secret Key
- 11. Resources and further study Amazon Webinars: Security https://www.youtube.com/watch?v=IedaYaKsb-4 Amazon AWS Foundation https://www.youtube.com/watch?v=Nf-m-dKJYMQ De-Duplication Process http://www.endpointvault.com/de-dupe.html
- 12. Use the Power of Cloud to Secure Your Data visit http://www.endpointvault.com/