售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
AWS: Security Best Practices on AWS
Credits
Meet Your Expert
Preface
What's in It for Me?
What Will I Get from This Book?
Prerequisites
Chapter 1. AWS Virtual Private Cloud
Introduction
VPC Components
Subnets
Elastic Network Interfaces (ENI)
Route Tables
Internet Gateway
Elastic IP Addresses
VPC Endpoints
Network Address Translation (NAT)
VPC Peering
VPC Features and Benefits
Multiple Connectivity Options
Secure
Simple
VPC Use Cases
Hosting a Public Facing Website
Hosting Multi-Tier Web Application
Creating Branch Office and Business Unit Networks
Hosting Web Applications in the AWS Cloud That Are Connected with Your Data Center
Extending Corporate Network in AWS Cloud
Disaster Recovery
VPC Security
Security Groups
Network Access Control List
VPC Flow Logs
VPC Access Control
Creating VPC
VPC Connectivity Options
Connecting User Network to AWS VPC
Connecting AWS VPC with Other AWS VPC
Connecting Internal User with AWS VPC
VPC Limits
VPC Best Practices
Plan Your VPC before You Create It
Choose the Highest CIDR Block
Unique IP Address Range
Leave the Default VPC Alone
Design for Region Expansion
Tier Your Subnets
Follow the Least Privilege Principle
Keep Most Resources in the Private Subnet
Creating VPCs for Different Use Cases
Favor Security Groups over NACLs
IAM Your VPC
Using VPC Peering
Using Elastic IP Instead of Public IP
Tagging in VPC
Monitoring a VPC
Summary
Assessments
Chapter 2. Data Security in AWS
Introduction
Encryption and Decryption Fundamentals
Note
Envelope Encryption
Securing Data at Rest
Amazon S3
Permissions
Versioning
Replication
Server-Side Encryption
Client-Side Encryption
Amazon EBS
Replication
Backup
Encryption
Amazon RDS
Amazon Glacier
Amazon DynamoDB
Amazon EMR
Securing Data in Transit
Amazon S3
Amazon RDS
Amazon DynamoDB
Amazon EMR
AWS KMS
KMS Benefits
Fully Managed
Centralized Key Management
Integration with AWS Services
Secure and Compliant
KMS Components
Customer Master Key (CMK)
Data Keys
Key Policies
Auditing CMK Usage
Key Management Infrastructure (KMI)
AWS CloudHSM
CloudHSM Features
Generate and Use Encryption Keys Using HSMs
Pay as You Go Model
Easy to Manage
AWS CloudHSM Use Cases
Offload SSL/TLS Processing for Web Servers
Protect Private Keys for an Issuing Certificate Authority
Enable Transparent Data Encryption for Oracle Databases
Amazon Macie
Data Discovery and Classification
Data Security
Summary
Assessments
Chapter 3. Securing Servers in AWS
EC2 Security Best Practices
EC2 Security
IAM Roles for EC2 Instances
Managing OS-Level Access to Amazon EC2 Instances
Protecting Your Instance from Malware
Secure Your Infrastructure
Intrusion Detection and Prevention Systems
Elastic Load Balancing Security
Building Threat Protection Layers
Testing Security
Amazon Inspector
Amazon Inspector Features and Benefits
Amazon Inspector Components
AWS Shield
AWS Shield Benefits
AWS Shield Features
Summary
Assessments
Chapter 4. Securing Applications in AWS
AWS Web Application Firewall
Benefits of AWS Web Application Firewall
Working with AWS Web Application Firewall
Signing AWS API Requests
Amazon Cognito
Amazon API Gateway
Summary
Assessments
Chapter 5. AWS Security Best Practices
Shared Security Responsibility Model
IAM Security Best Practices
VPC
Data Security
Security of Servers
Application Security
Monitoring, Logging, and Auditing
AWS CAF
Security Perspective
Directive Component
Preventive Component
Detective Component
Responsive Component
Summary
Assessments
Appendix A. Assessment Answers
Lesson 1: AWS Virtual Private Cloud
Lesson 2: Data Security in AWS
Lesson 3: Securing Servers in AWS
Lesson 4: Securing Applications in AWS
Lesson 5: AWS Security Best Practices
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜