Incident Response Flashcards
AWS AUP Categories
- No Illegal, Harmful or Offensive Use or Content
- No Security Violations
- No Network Abuse
- No Mass or unsolicited message abuse
Pre approved PT services
Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers Amazon RDS Amazon CloudFront Amazon Aurora Amazon API Gateways AWS Lambda and Lambda Edge functions Amazon Lightsail resources Amazon Elastic Beanstalk environments
Prohibited PT Services
DNS zone walking via Amazon Route 53 Hosted Zones
Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS
Port flooding
Protocol flooding
Request flooding (login request flooding, API request flooding)
Time taken by AWS team to approve Other Simulated Events
7 days post acknowledgement of the request
Preapproved vendors who can do DDoS Simulation
Red Wolf Security
NCC Group
AWS ProServ
Components of AWS CAF Security Perspective
Directive controls
Preventive controls
Detective controls
Response
Directive Controls
establish the governance, risk, and compliance models within which the environment operates.
Preventive Controls
protect your workloads and mitigate threats and vulnerabilities.
Detective Controls
provide full visibility and transparency over the operation of your deployments in AWS.
Responsive Controls
drive remediation of potential deviations from your security baselines.
Cloud Security Incident domains that comes under Customer responsibility
Service Domain
Infrastructure Domain
Application Domain
In the Incident domains in which domain is AWS API solely used for Incident response
Service Domain
Indicators of Cloud Security Events
Logs and Monitors Billing Activity Threat Intelligence Partner Tools AWS Outreach One-time Contract
What is AWS centralized logging solution
Amazon Elasticsearch Service (Amazon ES)
