SANS SEC545: Cloud Security Architecture and Operations – دانلود دوره آمورشی

دوره SANS SEC545: Cloud Security Architecture and Operations که به مباحث مربوط به عملیات و معماری امنیت فضای ابری می‌پردازد. این دوره با خلاصه کوتاهی درباره اصول و پایه‌های امنیت فضای ابری شروع می‌شود و بعد از آن، مفاهیم مهم مربوط به سیاست‌گذاری‌های ابری را به متخصصان امنیت را آموزش می‌دهد. پس از آن، اصول فنی امنیت و کنترل برای دسته‌های اصلی فضاهای ابری (Saas، Paas و Iaas) آموزش داده می‌شوند که این بخش از آموزش‌ها، بیشترین بخش از دوره Sans SEC545 را در بر می‌گیرند. SANS SEC545: Cloud Security Architecture and Operations، فریم‌ورک‌های امنیت ابری را آموزش می‌دهد، سپس به بررسی ریسک‌های سرویس‌های ابری می‌پردازد و مناطق تکنیکی فنی که نیاز به توجه دارند را شناسایی می‌کند. در دوره SEC545 می‌آموزید که چطور با استفاده از ابزارها و فرایندهای تست شده، یک معماری جدید بسازید. مباحثی که در این دوره مطرح می‌شوند، تمام مباحث امنیت شبکه (از جمله فایروال‌، اکسس کنترل، تشخیص نفوذ و دیگر موارد) و دیگر لایه‌های امنیت ابری را به طور جامع را در بر می‌گیرند.

Date: 2020
Publisher: SANS
Price: $6,900

COURSE OVERVIEW

As more organizations move data and infrastructure to the cloud, security is becoming a major priority. Operations and development teams are finding new uses for cloud services, and executives are eager to save money and gain new capabilities and operational efficiency by using these services. But will information security prove to be an Achilles’ heel? Many cloud providers do not disclose detailed control information about their internal environments, and many common security controls used internally may not translate directly to the public cloud.

SEC545: Cloud Security Architecture and Operations will tackle these issues one by one. We’ll start with a brief introduction to cloud security fundamentals, then touch on the Cloud Security Alliance framework for cloud control areas. The rest of day 1 will cover the critical concepts of cloud technical security principles and controls for Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS), SaaS brokering services, architecture concepts for containers, PaaS orchestration with Kubernetes and other services, and serverless controls and architecture. We’ll finish up with an introduction to Infrastructure-as-a-Service (IaaS) and virtualization security.

The course then moves into cloud architecture and security design for two full days, both for building new architectures and adapting tried-and-true security tools and processes to the cloud. This will be a comprehensive discussion that encompasses network security (firewalls and network access controls, intrusion detection, and more), as well as all the other layers of the cloud security stack. We’ll visit each layer and its components, including building secure instances, data security, identity and account security, and much more.

We’ll then devote an entire day to adapting our offense and defense architecture and processes for the cloud. This will involve looking at vulnerability management and pen testing, as well as covering the latest and greatest cloud security research. On the defense side, we’ll delve into incident handling, forensics, event management, and application security.

We’ll wrap up the course by taking a deep dive into DevSecOps and automation, investigating methods of embedding security into orchestration and every facet of the cloud life cycle. We’ll explore tools and tactics that work, and even walk through several cutting-edge use cases where security can be automated entirely in both deployment and incident detection-and-response scenarios using APIs and scripting.

Syllabus

SEC545.1: Cloud Security Models and Controls
SEC545.2: Cloud Security Architecture and Operations I
SEC545.3: Cloud Security Architecture and Operations II
SEC545.4: Cloud Security Offense + Defense Operations
SEC545.5: Cloud Security Automation and Orchestration

This Course Will Prepare You To:

• Understand all major facets of cloud risk, including threats, vulnerabilities, and impact
• Articulate the key security topics and risks associated with SaaS, PaaS, and IaaS cloud deployment models
• Evaluate Cloud Access Security Brokers to better protect and monitor SaaS deployments
• Evaluate Secure Access Service Edge to help with cloud architecture design
• Build security for all layers of a hybrid cloud environment, starting with hypervisors and working up to application layer controls
• Evaluate basic virtualization hypervisor security controls
• Design and implement network security access controls and monitoring capabilities in a public cloud environment
• Design a hybrid cloud network architecture that includes IPSec tunnels
• Integrate cloud identity and access management into security architecture
• Evaluate and implement various cloud encryption types and formats
• Develop multi-tier cloud architectures in a virtual private cloud using subnets, availability zones, gateways, and NAT
• Integrate security into DevOps teams, effectively creating a DevSecOps team structure
• Build automated deployment workflows with 3rd-party and native tools in all major cloud environments
• Incorporate vulnerability management, scanning, and penetration testing into cloud environments
• Build automated and flexible detection and response programs using tools like AWS-IR, CloudWatch, CloudTrail, and AWS Lambda
• Leverage the AWS CLI to automate and easily execute operational tasks
• Set up and use an enterprise automation platform, Ansible, to automate configuration and orchestration tasks
• Use CloudWatch, CloudFormation, and other automation tools to integrate automated security controls into your cloud security program

LAB INFORMATION

SEC545: Cloud Security Architecture and Operations reinforces knowledge transfer through the use of numerous hands-on labs. This approach goes well beyond traditional lectures and delves into literal application of techniques. Hands-on labs are held every day to reinforce the skills covered in class and to provide students with experience using tools to implement effective security. The labs are designed to enable students to apply what they are learning in an instructor-led environment. Labs for both AWS and Microsoft Azure are wide-ranging and include:

• Security-as-a-Service labs
• Architecture and design labs for AWS and Azure
• Security automation labs in AWS and Azure
• Offensive and defensive labs in the cloud
• Log collection and review labs
• Playing flAWS, a challenging cloud Capture-the-Flag challenge

WHAT YOU WILL RECEIVE

• Several virtual machines that include a hypervisor, Ansible platform, and more
• MP3 audio files of the complete course lectures + printed course books
• All policy and configuration files that can be used to automate security for labs
• A threat-modeling template that can be used for SEC545 and beyond
• A digital download package that includes the above and more
• Printed and Electronic Courseware