-
Security w/ AWS Network Firewall
I’ve been focused a lot in security prevention approaches, such as subnetting, security group configuration, IAM policies, and so forth. I also want to touch upon AWS detection services, too. Specifically, the AWS Network Firewall. I have an t2.micro EC2 instance running in us-west-2a Availability Zone. It has a private IPv4 address but no public…
-
Data Protection w/ Encryption (KMS)
One of the critical components of ensuring that data remains confidential, and other critical aspects such as nonrepudiation and authentication, is through the use of encryption methodologies. In this post, I’m going to walk through configuring AWS Encryption using the CLI, creating an encryption key using KMS (which will be used to encrypt and decrypt…
-
Patches! Using the Patch Manager ( w/ AWS Systems Manager)
One of tthe challenges of mitigating vulnerabilities and building a robust defense against potential threats against networked systems includes making sure that OS and app software is up to date and patched against known vulnerabilities and security risks. Especially if there are a lot of instances involved! It’s so easy to spin up new EC2…
-
Network Hardening Using Amazon Inspector and AWS Systems Manager
During my graduate studies in Information Systems, I was introduced to cybersecurity and became really interested in it. Since then, I’ve been focusing on learning cloud services and IaC, but I’m interested in pulling the security aspect in as well. To that effect, I’m going to be using Amazon Inspector and AWS Systems Manager to…
-
VPC+Web Server + DB (pt 2)
In my previous post, I followed a tutorial which set up a VPC, along with four subnets (two of which won’t be used), each situtated in their own Availability Zone for increased security. The DB in one, a private subnet, with a security group that is locked down -only the EC2 server, in the same…
-
VPC + DB in Private Subnet > Public-Facing Server (pt 1)
I’ve been deep-diving networking, Linux, and studies for the CSA, so time to start pulling everything together! I decided to follow a tutorial for creating a VPC with a private subnet holding a RDB and a public-facing EC2 instance/server in a second subnet. This is a pretty common use case, so a great place to…
-
nmap script engine: nmap_vulners
Both nmap and wireshark are two penetration testing mainstay tools that are highly recommended to learn. I’ve been exploring both of their functionality, but know that it will take some time to even begin to harness The Power that resides therein. One of the tools that nmap offers is a scripting engine, which I decided…
-
AI & Sec Resources
Google AI Security Initiative Google’s Secure AI Framework
-
Security Tools: IAM
Some of the foundational security concepts include the CIA Triad (confidential, integrity, availability) of data, identification/authentication/authorization, and AAA (authentication, authorization, accounting). A user provides an identity, confirms and authenticates that identity through a variety of means, and subsequently, after providing the identity, is allows appropriate access to resources. Discretionary Access Control (DAC) is what I’ve…
-
Hardening a Router (ACL)
I’ve been talking a lot about switches and how those need to be locked down in a network to mitigate vulnerabilities. Switches are such an important piece of the network, offering the connections between the different endpoints and clients. Previously, I talked a little about creating VLANs to help create sub-networks which will help with…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
davethemaker 