Index
A
- access control, Amazon Redshift
- cluster management / Security in Redshift
- cluster connectivity / Security in Redshift
- database access / Security in Redshift
- access control list (ACL) / Shared responsibility model, WAF and Shield
- account-based ACL / Swift – OpenStack object storage
- Active Directory (AD) / IAM users
- Amazon Machine Image (AMI) / Encryption in EBS
- Amazon Macie / Amazon Macie
- Amazon Redshift
- about / AWS Redshift
- encryption, enabling / Security in Redshift
- access, controlling / Security in Redshift
- Amazon Resource Name (ARN) / How does AWS work in IAM?, Using SSL to encrypt database connections
- Ansible
- inventory / Configuration management
- playbook / Configuration management
- role / Configuration management
- group variables / Configuration management
- task / Configuration management
- application level / Logging and monitoring level
- Application Load Balancer (ALB) / WAF and Shield
- application program interface (API) / Auditing
- asynchronous message queue (AMQP) / Neutron – OpenStack network
- Attestation of Compliance (AOC) / Security compliance – PCI DSS
- authentication / Authentication
- Authentication, Authorization, and Auditing (AAA)
- about / Availability
- authentication / Auditing
- authorization / Auditing
- auditing / Auditing
- authentication token / Using IAM
- Availability Zone (AZ) / RDS
- AWS
- security options / Other security options in AWS
- AWS Certificate Manager (ACM) / AWS Certificate Manager, CDN-level security
- AWS Cognito / Cognito, Quick recap
- AWS DynamoDB
- about / AWS DynamoDB
- security / Security in DynamoDB
- AWS Elasticsearch / CloudWatch
- AWS GuardDuty / AWS GuardDuty, Quick recap
- AWS Inspector
- about / AWS Inspector, Quick recap
- assessment target / AWS Inspector
- assessment template / AWS Inspector
- AWS Macie / Amazon Macie, Quick recap
- AWS OpsWorks / Automate deployment – AWS OpsWorks
- AWS PaaS services
- RDS / Let's have a recap
- Redshift / Let's have a recap
- DynamoDB / Let's have a recap
- ElastiCache / Let's have a recap
- ECS / Let's have a recap
- SQS / Let's have a recap
- AWS Snowball
- about / AWS Snowball
- security / Security in Snowball
C
- Ceilometer / Auditing
- certificate authority (CA) / Using SSL to encrypt database connections
- certificate signing request (CSR) / Cloud hardware security module
- Cinder / Cinder – OpenStack block storage
- cloud
- types / Types of cloud
- public cloud / Public cloud
- private cloud / Private cloud
- hybrid cloud / Hybrid cloud
- Software as a Service / Software as a Service
- Platform as a Service (PaaS) / Platform as a Service
- Infrastructure as a Service / Infrastructure as a Service
- CloudFormation template
- description / Infrastructure as Code
- metadata / Infrastructure as Code
- parameters / Infrastructure as Code
- mapping / Infrastructure as Code
- conditions / Infrastructure as Code
- resources / Infrastructure as Code
- output / Infrastructure as Code
- CloudFront
- securing / CDN-level security
- CloudFront, vulnerabilities tackling
- cryptographic attacks / CDN-level security
- patching / CDN-level security
- DDoS attack / CDN-level security
- cloud hardware security module (HSM) / Cloud hardware security module, Quick recap
- cloud security
- about / Cloud security
- confidentiality / Confidentiality
- integrity / Integrity
- availability / Availability
- authentication / Authentication
- authorization / Authorization
- auditing / Auditing
- features / Key concern areas of cloud security
- infrastructure level / Infrastructure level
- user access level / User access level
- storage level / Storage and data level
- data level / Storage and data level
- application access level / Application access level
- network level / Network level
- logging level / Logging and monitoring level
- monitoring level / Logging and monitoring level
- Cloud Security Alliance (CSA) / Key concern areas of cloud security, Cloud security compliance
- cloud security compliance
- about / Cloud security compliance
- ISMS / Security compliance – ISMS
- PCI DSS / Security compliance – PCI DSS
- cloud stakeholders
- cloud provider / Shared responsibility model
- cloud consumers / Shared responsibility model
- CloudTrail
- logging / Logging and monitoring, CloudTrail
- about / CloudTrail
- CloudWatch
- monitoring / CloudWatch
- common name (CN) / Using SSL to encrypt database connections
- compiler hardening / Securing KVM
- compliance / Logging and monitoring level
- components, PCI DSS
- VPC / Security compliance – PCI DSS
- AZs / Security compliance – PCI DSS
- subnets / Security compliance – PCI DSS
- NACL / Security compliance – PCI DSS
- security groups / Security compliance – PCI DSS
- internet gateway / Security compliance – PCI DSS
- NAT gateway / Security compliance – PCI DSS
- RDS / Security compliance – PCI DSS
- CloudFront / Security compliance – PCI DSS
- WAF / Security compliance – PCI DSS
- IAM / Security compliance – PCI DSS
- Certificate Manager / Security compliance – PCI DSS
- AWS KMS / Security compliance – PCI DSS
- AWS Inspector / Security compliance – PCI DSS
- CloudTrail / Security compliance – PCI DSS
- S3 / Security compliance – PCI DSS
- Glacier / Security compliance – PCI DSS
- CloudWatch / Security compliance – PCI DSS
- compute
- securing / Securing compute
- container-based ACL / Swift – OpenStack object storage
- Content Delivery Network (CDN) / Application access level, CDN-level security
- continuous data protection (CDP) / Logging and monitoring level
- continuous integration (CI) / Why do we need automation?
- continuous integration and continuous delivery (CI/CD) / CI/CD
- control areas, IT
- information security policy / Security compliance – ISMS
- asset management / Security compliance – ISMS
- cryptography / Security compliance – ISMS
- physical and environmental security / Security compliance – ISMS
- operational security / Security compliance – ISMS
- communication security / Security compliance – ISMS
- system acquisition, development, and maintenance / Security compliance – ISMS
- information security incident management / Security compliance – ISMS
- cross-origin resource sharing (CORS) / S3
- customer master keys (CMKs) / Encryption in EBS
D
- database (DB) / Using security groups
- Database Migration Service (DMS) / IAM roles
- database services / Database services
- database storage / Storage and data level
- Data Execution Prevention (DEP) / Securing KVM
- data privacy and security
- for tenants / Data privacy and security for tenants
- DDoS response team (DRT) / WAF and Shield
- Denial Of Service (DoS) / Security for instances
- DevOps
- about / What is DevOps?
- code / What is DevOps?
- build / What is DevOps?
- package / What is DevOps?
- release / What is DevOps?
- configure / What is DevOps?
- monitor / What is DevOps?
- automation, need for / Why do we need automation?
- requisites / Why do we need automation?
- Direct Connect / Direct Connect, Quick recap
- Direct Console User Interface (DCUI) / Securing ESXi
- direct memory access (DMA) / Securing hypervisor
- distributed denial of service (DDoS) attacks
- about / Availability
- UDP reflection attack / WAF and Shield
- SYN flood / WAF and Shield
- DNS query flood / WAF and Shield
- HTTP flood / WAF and Shield
- DNS security
- about / DNS security
- CDN-level security / CDN-level security
- DynamoDB Accelerator (DAX) / AWS DynamoDB
E
- EFS
- about / EFS
- security / Security in EFS
- ElastiCache
- about / ElastiCache
- securing / Securing ElastiCache
- VPC-level security / VPC-level security
- authentication / Authentication and access control
- access control / Authentication and access control
- Redis authentication, authenticating / Authenticating with Redis authentication
- data encryption / Data encryption
- data-in-transit encryption / Data-in-transit encryption
- data-at-rest encryption / Data-at-rest encryption
- Elastic Block Store (EBS)
- about / Storage and data level , EBS
- fault tolerance / Fault tolerance at EBS
- encryption / Encryption in EBS
- Elastic Container Service (ECS)
- about / AWS ECS
- securing / Securing ECS
- Elastic Load Balancing (ELB) / Auditing
- Elasticsearch, Logstash, and Kibana (ELK) stack / Application access level, Security for instances
- elements, IAM
- principal / How does AWS work in IAM?
- request / How does AWS work in IAM?
- authentication / How does AWS work in IAM?
- authorization / How does AWS work in IAM?
- actions / How does AWS work in IAM?
- resources / How does AWS work in IAM?
- explicit deny / How does AWS work in IAM?
- external authentication
- MFA / Authentication methods – internal and external
- password policy enforcement / Authentication methods – internal and external
F
- features, KVM
- relocation read-only (RELRO) / Securing KVM
- stack measurement / Securing KVM
- Never Execute (NX) / Securing KVM
- Position Independent Executable (PIE) / Securing KVM
- Address Space Layout Randomization (ASLR) / Securing KVM
- Federal Risk and Authorization Management Program (FedRAMP) / Cloud security compliance
- Federated identity / Federated identity
- file integrity monitoring (FIM) / Securing compute
- Flux Advanced Security Kernel (Flask) / Securing XenServer
G
- Glacier
- about / CloudTrail, AWS Glacier
- security / Security in AWS Glacier
- Glance / Cinder – OpenStack block storage, Glance – OpenStack image storage
- group / User access level
H
- hardware infection / Securing hypervisor
- hash-based message authentication codes (HMACs) / Cloud hardware security module
- Health Insurance Portability and Accountability Act (HIPAA) / Cloud security compliance
- high availability (HA) / Auditing, Using SSL to encrypt database connections
- Horizon
- about / Horizon – OpenStack dashboard service
- security / Horizon – OpenStack dashboard service
- HTTP Strict Transport Security (HSTS) / Horizon – OpenStack dashboard service
- hypervisor
- securing / Securing hypervisor
- requisites / Securing hypervisor
- KVM, securing / Securing KVM
- XenServer, securing / Securing XenServer
- ESXi, securing / Securing ESXi
- compute, securing / Securing compute
- hypervisor level / Logging and monitoring level
- hypervisor threat / Securing KVM
I
- Identity and Access Management (IAM)
- about / Auditing, IAM, Security compliance – PCI DSS
- features / IAM features
- AWS, working / How does AWS work in IAM?
- elements / How does AWS work in IAM?
- users / Anatomy of IAM users, groups, roles, and policies
- groups / IAM groups
- roles / IAM roles
- policies / IAM policies
- used, for accessing delegation / Access right delegation using IAM
- temporary credentials / Temporary credentials
- cross-account access / Cross-account access
- identity federation / Identity federation
- best practices / IAM best practices
- authentication / Authentication
- authentication methods / Authentication methods – internal and external
- authorization / Authorization
- tokens / Policy, tokens, and domains
- policy / Policy, tokens, and domains
- domains / Policy, tokens, and domains
- Federated identity / Federated identity
- image / AWS ECS
- Information Security Management System (ISMS) / Security compliance – ISMS
- Infrastructure as a Service (IaaS) / Infrastructure as a Service
- Infrastructure as Code
- about / Infrastructure as Code, Infrastructure as Code
- configuration management / Configuration management
- infrastructure level / Infrastructure level
- Input Output Memory Management Unit (IOMMU) / Securing hypervisor
- International Standard Organization (ISO) / Cloud security compliance
- Internet of Things (IoT) / Auditing
J
- JavaScript Object Notation (JSON) / Infrastructure as Code
K
- Key Management Service (KMS) / Storage and data level , IAM roles, Encryption in EBS, Security in Redshift
- Keystone / IAM
- Keystone Service / Policy, tokens, and domains
- Kinesis / CloudWatch
- knowledge management portal (KM Portal) / Security compliance – ISMS
- KVM
- securing / Securing KVM
M
- mandatory access control (MAC) / Securing KVM
- Manila / Manila – OpenStack shared file storage
- measured launch environment (MLE) / Securing XenServer
- message queue
- about / Message queue
- monitoring / Monitoring
- multi-factor authentication (MFA) / Auditing
N
- NACL / NACL
- National Institute of Standards and Technology (NIST) / Cloud security compliance
- natural language processing (NLP) / Amazon Macie
- networking
- best practices / Virtual private cloud
- network level / Logging and monitoring level
- Neutron / Neutron – OpenStack network
- New Relic / Auditing
- nova conductor / Database services
O
- object storage / Storage and data level
- Online Certificate Status Protocol (OCSP) / CDN-level security
- OpenStack block storage
- Cinder / Cinder – OpenStack block storage
- OpenStack dashboard service
- Horizon / Horizon – OpenStack dashboard service
- OpenStack image storage
- Glance / Glance – OpenStack image storage
- OpenStack network
- Neutron / Neutron – OpenStack network
- neutron server / Neutron – OpenStack network
- plugin agent / Neutron – OpenStack network
- DHCP agent / Neutron – OpenStack network
- neutron L3-agent / Neutron – OpenStack network
- SDN / Neutron – OpenStack network
- management / Neutron – OpenStack network
- guest / Neutron – OpenStack network
- external / Neutron – OpenStack network
- API / Neutron – OpenStack network
- operation-based policy / Neutron – OpenStack network
- resource-based policy / Neutron – OpenStack network
- OpenStack object storage
- Swift / Swift – OpenStack object storage
- OpenStack Security Portal
- URL / Securing compute
- OpenStack shared file storage
- OpenWeb Application Security Project (OWASP) / Database services
- Orchestration Layer / Infrastructure as a Service
- Origin Access Identity (OAI) / CDN-level security
P
- Payment Application Data Security Standard (PA-DSS) / Security compliance – PCI DSS
- Payment Card Industry (PCI) / Cloud security compliance
- Payment Card Industry Data Security Standards (PCI DSS)
- about / IAM features, Security compliance – PCI DSS
- component / Security compliance – PCI DSS
- Payment Card Industry Security Standards Council (PCI SSC) / Security compliance – PCI DSS
- PCI PIN Transaction Security (PTS) / Security compliance – PCI DSS
- personally identifiable information (PII) / Amazon Macie
- policies / Policy, tokens, and domains
- protected health information (PHI) / Amazon Macie
R
- read replica / RDS
- redundant array of independent disk (RAID)
- about / Fault tolerance at EBS
- RAID 0 / RAID 0
- RAID 1 / RAID 1
- Relational Database Service (RDS)
- about / Platform as a Service, RDS, Security compliance – PCI DSS
- Single Availability Zone / RDS
- multi AZ / RDS
- security / Security in RDS
- security groups, using / Using security groups
- IAM, using / Using IAM
- database connections, encrypting with SSL / Using SSL to encrypt database connections
- security best practices / Security best practices for AWS RDS
- database, backing up / Back up and restore database
- database, restoring / Back up and restore database
- monitoring / Monitoring of RDS
- replication process / Swift – OpenStack object storage
- requisites, DevOps
- CI / Why do we need automation?
- Continuous delivery (CD) / Why do we need automation?
- microservices / Why do we need automation?
- Infrastructure as Code / Why do we need automation?
- monitoring / Why do we need automation?
- logging / Why do we need automation?
- collaboration / Why do we need automation?
- communication / Why do we need automation?
- Role-Based Access Control (RBAC) / User access level
- roles / User access level
- Route 53
- DNS management / DNS security
- traffic management / DNS security
- availability monitoring / DNS security
- domain registration / DNS security
- rules, OpenStack network access
- rule based on roles / Neutron – OpenStack network
- rule based on field / Neutron – OpenStack network
- generic rules / Neutron – OpenStack network
S
- S3, storage
- Secure Socket Layer (SSL) / Security in RDS
- secure virtualization (sVirt) / Securing KVM
- security, Amazon Redshift
- sign in credential / Security in Redshift
- IAM roles and policies / Security in Redshift
- security groups / Security in Redshift
- VPC / Security in Redshift
- encryption / Security in Redshift
- SSL-based encryption / Security in Redshift
- data encryption, loading / Security in Redshift
- data-in-transit / Security in Redshift
- security, for instances / Security for instances
- security, Horizon
- Cross Site Scripting (XSS) / Horizon – OpenStack dashboard service
- Cross Site Request Forgery (CSRF) / Horizon – OpenStack dashboard service
- Cross-Frame Scripting (XFS) / Horizon – OpenStack dashboard service
- access over SSL / Horizon – OpenStack dashboard service
- cookie / Horizon – OpenStack dashboard service
- Cross Origin Resource Sharing (CORS) / Horizon – OpenStack dashboard service
- frontend caching / Horizon – OpenStack dashboard service
- session backend / Horizon – OpenStack dashboard service
- security options, AWS
- AWS Certificate Manager / AWS Certificate Manager
- WAF / WAF and Shield
- Shield / WAF and Shield
- cloud hardware security module / Cloud hardware security module
- AWS Cognito / Cognito
- Amazon Macie / Amazon Macie
- AWS Inspector / AWS Inspector
- AWS GuardDuty / AWS GuardDuty
- Security Token Service (STS) / Identity federation, Security in DynamoDB
- server-side encryption (SSE) / CloudTrail, Security in Redshift
- Server Name Indicator (SNI) / CDN-level security
- shared responsibility model
- about / Shared responsibility model
- using, for infrastructure / Shared responsibility model for infrastructure
- using, for container service / Shared responsibility model for container service
- using, for abstract services / Shared responsibility model for abstract services
- Shield / Quick recap
- Simple Authentication and Secure Layer (SASL) / Message queue
- Simple Email Service (SES) / Shared responsibility model
- Simple Notification Service (SNS) / Shared responsibility model for abstract services, AWS Inspector
- Simple Queue Service (SQS)
- about / Shared responsibility model, SQS
- securing / Securing SQS
- Simple Storage Service (S3)
- about / Auditing, S3
- security / Security in S3
- Software as a Service (SaaS) / Software as a Service
- Software Development Kits (SDKs) / CloudTrail
- storage gateway
- about / Storage gateway
- file gateway / Storage gateway
- volume gateway / Storage gateway
- tape gateway / Storage gateway
- security / Security in the storage gateway
- storage level / Logging and monitoring level
- Swift / Swift – OpenStack object storage
T
- token
- about / Policy, tokens, and domains
- UUID / Policy, tokens, and domains
- PKI / Policy, tokens, and domains
- PKIZ / Policy, tokens, and domains
- fernet / Policy, tokens, and domains
- Transparent Data Encryption (TDE) / Using SSL to encrypt database connections
- Transport Layer Security (TLS) / Authentication
- Trusted Execution Technology (TXT) / Securing XenServer
- Trusted Platform Module (TPM) / Securing hypervisor
U
- User Datagram Protocol (UDP) / WAF and Shield
- user level / Logging and monitoring level
- users / User access level
V
- virtual interfaces (VIFs) / Direct Connect
- Virtualization Layer / Infrastructure as a Service
- virtual machine threat / Securing KVM
- virtual private cloud (VPC)
- about / Auditing, Virtual private cloud
- NACL / NACL
- security group / Security group
- virtual private gateway (VGW) / Virtual private cloud
- VM level / Logging and monitoring level
- VMware ESXi
- securing / Securing ESXi
- options / Securing ESXi
- volume storage / Storage and data level
- VPN connection
- about / VPN connection, Quick recap
- AWS-managed VPN connection / VPN connection
- hub / VPN connection
- third-party VPN appliance / VPN connection
- transit VPC / VPN connection
- Vulnerability Assessment and Penetration Testing (VAPT) / Security compliance – ISMS
W
- web application firewall (WAF)
- about / Application access level, WAF and Shield, Quick recap, Security compliance – PCI DSS
- conditions / WAF and Shield
- rules / WAF and Shield
- WordPress application infrastructure
- high-level severity / Cloud security compliance
- medium-level severity / Cloud security compliance
- informational-level severity / Cloud security compliance
X
- X-Account-Access-Control / Swift – OpenStack object storage
- X-Container-Read / Swift – OpenStack object storage
- X-Container-Write / Swift – OpenStack object storage
- Xen Security Model (XSM) / Securing XenServer
- XenServer
- about / Securing XenServer
- securing / Securing XenServer
Y
- Yet Another Markup Language (YAML) / Infrastructure as Code