DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

VPC - Virtual Private Cloud

6/1/2021

0 Comments

 
  • VPC is a Logical Datacenter in AWS consist of Virtual Private Gateways, Network Access Control Lists, Subnets and Security Groups.
  • 1 Subnet = 1 Availability Zone
  • Security Group is Stateful - If you open any port eg: 443 it automatically opens inbound and outbound for it.
  • Access Control List is Stateless - If you open any port eg: 443 it will not automatically open inbound and outbound for it. You have to do it manually.
  • ​VPC Peering is possible in Star Formation - 1 Central VPC can be pair with the 4 VPC and no transit peering is allowed.




What is created by default when you create a VPC?
  • Network ACL
  • Security Group
  • Route Table
Picture
​Resources 
  • https://cidr.xyz
0 Comments

IAM

3/10/2021

0 Comments

 
IAM
0 Comments

EC2

3/10/2021

0 Comments

 
AWS Inspector is used to list down all the Vulnerability as per the center of Internet security.
0 Comments

CloudWatch

3/10/2021

0 Comments

 
Picture
What is AWS CloudWatch? 
​One word: Performance Monitoring
AWS CloudWatch is a monitoring service to monitor your AWS Resources and the application that you run on AWS. CloudWatch is used for Performance Monitoring. It can monitor EC2, Autoscaling Groups, Elastic load Balancer, Route53, EBS, Storage gateway etc. It can also monitor Host Level Metrics like CPU, Network, Disk etc. 


CloudTrail vs CloudWatch
CloudTrails is like a CCTV and used for increasing the visibility for API Calls and CloudWatch Monitor Performance. 

Alerting
CloudWatch Alerting: Yes, you can create alerts in CloudWatch as well and trigger notifications for it. 

Security Use-Case
  • Monitor and Notify on AWS Root User Activity. Link 
    • Video​
  • Performance Monitoring of EC2 Instance for Anomaly Detection
    • Setup a CloudWatch to stream Data to a Centralized S3 Bucket. 
Additional Key things to remember
  • CloudWatch can work with on-prem service as well. 
  • Ensure that the Associated IAM policy has cloudwatch:putMetricData

0 Comments

Amazon - Simple Storage Service S3 Tips

3/10/2021

0 Comments

 
Use AWS Config and Lambda to  Ensure that S3 Bucket Remains Private
 - AWS Config will trigger the Lambda Function to invoke SNS for any changes in the AWS.

Create a Lambda function to monitor the Bucket ACL and Bucket Policy Changes. If the bucket ACL found public - Lambda function can over write it to make it private. 
if the Bucket Policy found public - it can trigger a SNS Notification to the Security Team.

-- Cross region replication for the bucket ensures that the S3 Bucket is available in another region as well.

-- Use "AWS Encryption CLI" to encrypt the data first before sending  the data across the wire.
0 Comments

    Author

    Write something about yourself. No need to be fancy, just an overview.

    Archives

    June 2021
    March 2021

    Categories

    All

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity