AWS Tools in Labs
•Manages access to AWS resources by creating users, roles, and policies to control permissions.
AWS Identity and Access Management (IAM)Purpose
Listing objects in a secure S3 bucket:
aws --no-sign-request s3 ls s3://ccse-demobucket-new
This will output an "Access Denied" message because the bucket is secure.
A fully managed data warehouse that allows users to run fast SQL queries on large datasets, ideal for analytics and business intelligence in GCP
Google BigQuery
Automates the collection of evidence needed for auditing AWS resources, helping to manage compliance efforts across frameworks and regulations.
AWS Audit Manager
•A security standard by the PCI Security Standards Council that governs how payment card data is handled in the cloud.
Cloud Security Standards: PCI DSS
Allows users to interact with AWS services through a terminal using commands, automating tasks and managing resources
AWS Command Line Interface (CLI)
Getting the access control list (ACL) of a secure S3 bucket:
ws s3api get-bucket-acl --bucket ccse-demobucket-new --no-sign-request
This command will also output "Access Denied" as the bucket is properly configured.
A tool used to scan Google Cloud resources for security and compliance issues, helping users identify misconfigurations.
CFT Scorecard (Google Cloud)
Provides visibility into the administrative and access activities performed on Google Cloud resources for auditing and compliance.
Google Cloud Audit Logs
•A standard addressing cloud security threats like unauthorized access and data loss, outlining roles for CSPs, CSCs, and CSNs in mitigating risks.
Cloud Security Standards: ITU-T X.1601
Protects web applications fromcommon web exploits such as SQL injection and cross-site scripting (XSS)
AWS Web Application Firewall (WAF)
Listing objects in a vulnerable S3 bucket:
aws --no-sign-request s3 ls s3://ccse-demobucket-newest
This command lists the objects in the misconfigured bucket, showing that it is publicly accessible.
Provides monitoring tools to track performance metrics and uptime for Google Cloud resources and services
Google Cloud Monitoring
Aggregates security alerts and compliance checks across AWS services, providing a centralized view of security posture and compliance status
AWS Security Hub
•Guidelines for cloud service providers to manage information security controls in cloud environments.
Cloud Security Standards: ISO/IEC 27017
Manages and deploys APIs, allowing developers to create, publish, and secure APIs at scale
AWS API Gateway
Getting the access control list (ACL) of a vulnerable S3 bucket:
aws s3api get-bucket-acl --bucket ccse-demobucket-newest --no-sign-request
This will show that "FULL_CONTROL" is granted to everyone, indicating the vulnerability.
Provides a complete inventory of all Google Cloud resources within an organization for auditing and management purposes
Google Cloud Asset Inventory
A AWS serverless computing service that allows users to run code in response to events without provisioning or managing servers
AWS Lambda
•Ensures cloud providers protect Personally Identifiable Information (PII) and comply with data protection laws.
Cloud Security Standards: ISO/IEC 27018
A content delivery network (CDN) that securely delivers data, videos, applications, and APIs to customers globally with low latency.
AWS CloudFront
Enabling write access control to a vulnerable bucket:
aws s3api put-bucket-acl --bucket ccse-demobucket-newest --grant-full-control uri=http://acs.amazonaws.com/groups/global/AllUsers
These commands are used to test the security configurations of S3 buckets in AWS by simulating both secure and vulnerable setups.
Allows users to capture and analyze network traffic to and from Google Cloud VM instances for security and troubleshooting purposes
Google Cloud Packet Mirroring
A tool for managing and governing distributed data across Google Cloud services, helping to automate data organization, discovery, and security
GCP Dataplex
•Provides a framework for secure and effective cloud computing by defining cloud computing models and reference architectures.
Cloud Security Standards: NIST
Provides scalable object storage for data, including backups, files, and media, with options for access control and security in AWS.
Amazon Simple Storage Service (S3
CD
Change directory.
An open-source network threat detection engine that inspects network traffic for signs of malicious activity or policy violations. (mentioned in GCP Section)
Suricata (Intrusion Detection System)
A cloud-based shell environment for managing Google Cloud resources, providing command-line access to perform tasks and run scripts
Google Cloud Shell
•A framework from the Cloud Security Alliance mapping security controls to various industry standards to ensure security and compliance.
Cloud Security Standards: CSA Cloud Controls Matrix (CCM)
Provides protection against Distributed Denial of Service (DDoS) attacks to ensure the availability of AWS resources.
AWS Shield
ls / dir
List files in a directory (ls in Unix-like systems, dir in Windows).
Uses machine learning to discover, classify, and protect sensitive data stored in S3 buckets, such as personal data and intellectual property
Amazon Macie
Provides block-level storage volumes for use with Amazon EC2 instances, enabling data persistence and backup through snapshots.
Amazon Elastic Block Store (EBS)
An XML-based standard for exchanging authentication and authorization information between identity providers and service providers.
HINT TOKEN Language
Cloud Security Standards: SAML 2.0
: A scalable domain name system (DNS) web service for routing traffic to AWS resources based on global infrastructure
AWS Route 53
pwd
Print working directory (shows the current directory path).
Vendor Neutral
A command-line tool for capturing and analyzing network traffic for debugging and monitoring purposes.
tcpdump
A pre-configured virtual machine image used to create new EC2 instances with a specific operating system and applications
Amazon Machine Image (AMI)
SOC 1
Financial Audit Report for internal C-levels
Automates security assessments for EC2 instances, identifying vulnerabilities and deviations from best practices
Amazon Inspector
mkdir
Make a new directory.
Provides network traffic filtering, intrusion detection, and intrusion prevention for VPCs to protect cloud applications and data
AWS Network Firewall
Stores copies of data across geographically separate regions in Azure, providing disaster recovery capabilities in the event of a regional failure
Azure Geo-Redundant Storage (GRS)
SOC 2
IT Audit based on CIA for internal C-levels
Logs and tracks user activity and API calls made to AWS services, providing a history of actions within an account
AWS CloudTrail
rm / del
Remove or delete files (rm in Unix-like systems, del in Windows).
Monitors the performance and health of Azure resources and applications, generating alerts and providing insights for troubleshooting.
Azure Monitor
Provides backup and recovery services for Azure resources, including VMs, databases, and files, ensuring data protection and business continuity.
Azure Backup
SOC 3
Public report used to evaluate CSP = redacted
Provides threat detection by continuously monitoring for malicious activity and unauthorized behavior in AWS environments
AWS GuardDuty
grep
Search for a specific string in a file or output.
Azure Monitor
GCP VPC Flow Logs
Privacy Laws in EU
Automates the process of patching EC2 instances by identifying and applying missing security updates
AWS Systems Manager Patch Manager
touch
Create an empty file or update the timestamp of a file (Unix-based systems).
Captures information about the IP traffic going to and from VM instances in Google Cloud, used for network monitoring and forensic analysis.
GCP VPC Flow Logs
SOX
Sarbanes Oxley for publicly traded companies - holds C-levels responsible for fraud and no compliance
Allows instances in a private subnet to access the internet without exposing them to incoming traffic from the internet
AWS NAT Gateway
clear / cls
Clear the terminal screen (clear for Unix-like systems, cls for Windows).
A serverless computing service that allows users to run code in response to events without provisioning or managing servers.
GCP Cloud Functions
GLBA
Finance Privacy Law US
Automatically adjusts the number of EC2 instances in a group based on demand, ensuring availability and cost-efficiency
AWS Auto Scaling
cat
Display the contents of a file.
A serverless computing service that allows users to run code in response to events without provisioning or managing servers.
GCP Cloud Functions
IRM
Information Rights Management - protects private and proprietary info US
Provides secure and seamless RDP and SSH access to Azure virtual machines directly from the Azure portal, without exposing VMs to public IP addresses
Azure Bastion
mv / move
Move or rename files.
Provides real-time best practices and recommendations for AWS resources in categories such as cost optimization, performance, security, and fault tolerance
AWS Trusted Advisor
ENISA
The European Union Agency for Cybersecurity
ENISA Information Assurance Framework based on its CSA STAR self-assessment.