Please enable JavaScript.
Coggle requires JavaScript to display documents.
Securing Cloud Resources - Coggle Diagram
Securing Cloud Resources
Virtual Network Security
Allow and Deny Rules
AWS VPCs and Subnets
network access control list
security groups
flow logs
traffic mirroring
network firewalls
Azure Virtual Networks
network security group
application security group
network virtual appliance
GCP VPCs
VPC flow logs
packet mirroring
virtual firewall
Data Security
Encryption Techniques
in use
in motion
at rest
private key encryption
public key encryption
DNS Security
authentication
encryption
DNS over TLS
DNS over HTTPS
NTP Security
network time security
Troubleshooting Cloud Security
Security Misconfigurations
incorrect hardening settings
security device failure
weak or obsolete security technologies
insufficient security controls and processes
unencrypted data and unencrypted communications
unauthorized physical; access
Data Misclassification
Key Management Issues
failed connections
encryption operation failure
unavailable keys
Cloud Security Configurations
Threats to Cloud Security
account hijacking
poor account management
advanced persistent threats
user error
insecure interfaces
insider threats
DoS and DDoS attacks
data loss with no backups
data breaches
CSP changes or outages
Scanning Tools
Nessus
Metasploit
Nmap
Compute Security
Device Hardening
enforce account management policies
install antivirus/anti-malware software and keep it updated
disable unnecessary ports and services
install host-based/software firewalls and IDS/IPS
plan subnet placement
create single-function resources
Application Security
web application firewall
application delivery controller