Free GIAC Certification attempt with associated Live Online course purchase. Offer ends tomorrow!

Instructor-Led Training | Aug 10 MT - Live Online

Virtual, US Mountain | Mon, Aug 10 - Sat, Aug 15, 2020

SEC488: Cloud Security Essentials New

Mon, August 10 - Fri, August 14, 2020

Course Syllabus  ·  30 CPEs  ·   Lab Requirements
Instructor: Kenneth G. Hartman  ·  Price: 4,568 USD

Because this course is offered as a beta including discounted pricing, seating is limited to a maximum of two seats per organization. No additional discounts apply.

More businesses than ever are moving sensitive data and shifting mission-critical workloads to the cloud. And not just one cloud service provider (CSP) - research shows that most enterprises have strategically decided to deploy a multi-cloud platform, including Amazon Web Services, Azure, Google Cloud, and others.

Organizations are responsible for securing their data and mission-critical applications in the cloud. The benefits in terms of cost and speed of leveraging a multi-cloud platform to develop and accelerate delivery of business applications and analyze customer data can quickly be reversed if security professionals aren't properly trained to secure the organization's cloud environment and investigate and respond to the inevitable security breaches.

The SANS SEC488: Cloud Security Essentials course will prepare you to advise and speak about a wide range of topics and help your organization successfully navigate both the security challenges as well as the opportunities presented by cloud services. Like foreign languages, cloud environments have similarities and differences, and SEC488 covers all of the major CSPs.

We will begin by showing how your day-to-day operations will change due to the evolution of Cloud. Expect changes from the different responsibility models to the different CSP models of Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service. From there we'll move on to securing the cloud, managing risk, and addressing the challenges you may experience as you look to achieve a specific level of security assurance.

New technologies introduce new risks. This course will equip you to implement appropriate security controls in the cloud, often using automation to "inspect what you expect." Mature CSPs have created a variety of security services that can help customers use their products in a more secure manner, but nothing is a magic bullet. This course covers real-world lessons using security services created by the CSPs and open-source tools. Each course day features hands-on lab exercises to help students hammer home the lessons learned. We progressively layer multiple security controls in order to end the week with a functional security architecture implemented in the cloud.

Course Syllabus


Kenneth G. Hartman
Mon Aug 10th, 2020
9:00 AM - 12:15 PM MT
1:30 PM - 5:00 PM MT

Overview

The first course book will set the stage for how day-to-day operations could change as an enterprise looks at cloud technologies. Different service and delivery models will influence how a business changes based on the model that is being leveraged. In addition to learning about important cloud fundamentals, students will be able to:

  • Identify the risks and risk control ownership based on the deployment and service delivery models of the various products offered by cloud service providers (CSPs).
  • Evaluate the trustworthiness of cloud service providers based on their security documentation, service features, third-party attestations, and position in the global cloud ecosystem.
  • Create accounts and use the services of any of the leading CSPs and be comfortable with the self-service nature of the public cloud. This includes finding documentation, tutorials, pricing, and security features.
  • Articulate the business and security implications of a multi-cloud strategy.
Exercises
  • Exploring the Web Consoles
  • Launching Virtual Machines in AWS and Azure
  • Exploring Platform as a Service
  • High Level Security Assessment of Box

CPE/CMU Credits: 6

Topics
  • Course Overview
    • What This Course IS NOT
    • What is the Cloud?
  • What is the Cloud?
    • Cloud Deployment Models
    • Cloud Actors
  • The Global Cloud Ecosystem
    • Cloud Market Data
    • Global Cloud Computing Issues
  • Pros & Cons of the Public Cloud
    • Cloud Security Benefits
    • Cloud Security Concerns
  • Shared Responsibility Models
  • Infrastructure, Platform, and Sofrware as a Service

    • Comparison of major "as a Service" models
  • Other Service Models
  • Multicloud

Kenneth G. Hartman
Tue Aug 11th, 2020
9:00 AM - 12:15 PM MT
1:30 PM - 5:00 PM MT

Overview

The second book will cover ways you can access your cloud environments through new management interfaces, as well as programmatic access with APIs, access keys, and SDKs. We'll cover industry best practices for hardening the environments and securing workloads in different service providers and deployment models. We will finish the day by covering the different log sources you can pull from your environment to provide visibility, as well as the tools that can automatically review your accounts for compliance with best practices and industry benchmarks. In addition, the student will be able to:

  • Secure access to the consoles used to access cloud service provider environments.
  • Use command line interfaces to query assets and identities in the cloud environment.
  • Use hardening benchmarks, patching, and configuration management to achieve and maintain an engineered state of security for the cloud environment.
  • Evaluate the logging services of various cloud service providers and use those logs to provide the necessary accountability for events that occur in the cloud environment.
Exercises
  • Securing Console Access
  • Getting to know the CLI
  • Account Auditing
  • Show me the logs

CPE/CMU Credits: 6

Topics
  • How Does Security Change in the cloud?
  • Interacting with CSPs
  • Infrastructure-as-Code
  • Serverless

    • Container Security
  • Intro to Identity and Access Management

    • Policy Evaluation
  • Hardening Infrastructure
  • Logging Services

    • Logging Strategies
  • Cloud Security Tools
    • Cloud Security Platform Management
    • Cloud Access Security Brokers
    • Open-Source Cloud Security Tools

Kenneth G. Hartman
Wed Aug 12th, 2020
9:00 AM - 12:15 PM MT
1:30 PM - 5:00 PM MT

Overview

This book will build on our review of how developers can leverage the cloud's flexibility. After starting with a discussion of secrets management, we dive into Application Security, and apply cloud technologies, design patterns, and best practices to our cloud applications. Understanding and applying the basics of securing cloud applications will put you ahead of many residents of the cloud. Students will be able to:

  • Implement, configure, and secure certificate-based SSH authentication to virtual machines launched in the cloud.
  • Configure the CLI and properly protect the access keys to minimize the risk of compromised credentials.
  • Use basic Bash and Python scripts to automate tasks in the cloud.
  • Learn to prevent secrets leakage in code deployed to the cloud.
  • Use application security tools to threat model and assess the security of cloud-based web applications.
Exercises
  • Serverless Dynamic Analysis Security Testing
  • Adding a Break the Glass Account
  • Preventing Secret Leakage
  • Cloud Log Retrieval & Parsing
  • Data Protection

CPE/CMU Credits: 6

Topics
  • Application Security
    • Software Development Lifecycle (SDLC)
    • AppSec Frameworks
    • Static Analysis Security Testing (SAST) and Dynamic Analysis Security Testing (DAST)
  • Threat Modeling
  • IAM Key Management
  • Secrets Management Overview
    • What are secrets?
    • How to handle secrets
  • Handling Temporary Access
    • Identity Federation
    • Delegation and Roles
  • Application Programming Interfaces (API)
  • Encryption
    • Data-at-Rest Encryption
    • Data-in-Transit Encryption
    • Hardware Security Modules (HSM)
  • Data Security
    • Data Protection Measures
    • Data Hunting
  • Denial of Service Protections

Kenneth G. Hartman
Thu Aug 13th, 2020
9:00 AM - 12:15 PM MT
1:30 PM - 5:00 PM MT

Overview

On day 4, we look at the components of cloud security architecture, including architecture frameworks and cloud network design principles and component technologies. We cover native cloud security services and their importance in a well-designed security architecture as well as important operational practices such as hardening and patching - using cloud automation, of course. Next, we leverage the flexibility of cloud services using capabilities that enable "infrastructure-as-code" for rapid deployments, including serverless technologies.

Students will be able to:

  • Implement network security controls that are native to both AWS and Azure.
  • Employ an architectural pattern to automatically create and provision patched and hardened virtual machine images to multiple AWS accounts.
  • Use Azure Security Center to audit the configuration in an Azure deployment and identify security issues.
  • Use Terraform to deploy a complete "infrastructure as code" environment to multiple cloud providers.
Exercises
  • VPC Peering and Monitoring
  • Hardened Image Provisioning
  • Azure Security Center

CPE/CMU Credits: 6

Topics
  • Architecture Considerations

    • Cloud Adoption Framework
  • Segmentation and Isolation
  • Patching
  • Image Creation
    • AWS Image Builder
    • Azure Image Builder
    • Hashicorp Packer
  • Vulnerability Scanning
    • Vulnerability Scanning in AWS and Azure
    • Vulnerability Scanning Cloud Services
  • Infrastructure-as-Code

    • Terraform


Kenneth G. Hartman
Fri Aug 14th, 2020
9:00 AM - 12:15 PM MT
1:30 PM - 5:00 PM MT

Overview

In the fifth book, we dive headfirst into compliance frameworks, audit reports, privacy, and eDiscovery to equip you with the questions and references that ensure the right questions are being asked during CSP risk assessments. After covering special-use cases for more restricted requirements that may necessitate the AWS GovCloud or Azure's Trusted Computing, we delve into penetration testing in the cloud and finish the day with incident response and forensics. Book 5 will equip students to:

  • Leverage the Cloud Security Alliance Cloud Controls Matrix to select the appropriate security controls for a given cloud network security architecture and assess a CSP's implementation of those controls using audit reports and the CSP's shared responsibility model.
  • Use logs from cloud services and virtual machines hosted in the cloud to detect a security incident and take appropriate steps as a first responder according to a recommended incident response methodology.
  • Perform a preliminary forensic file system analysis of a compromised virtual machine to identify indicators of compromise and create a file system timeline.
Exercises
  • Security Hub Compliance Assessment
  • Government Clouds
  • Multicloud Penetration Testing
  • Multicloud Forensics

CPE/CMU Credits: 6

Topics
  • Security Assurance
    • Stakeholders
    • Due Care & Due Diligence
    • Industry Standards & Frameworks
  • Privacy
    • Privacy Standards & Laws
    • Cloud Services to Aid in Privacy Protections
  • Government Clouds
  • Risk Management
    • Risk Management Frameworks
    • CSA Cloud Controls Matrix
  • Legal & Contractual Requirements
    • Supply Chain
    • Negotiated/Non-negotiated Agreements
    • CLOUD Act
  • Penetration Testing
    • What May/May Not be Tested
    • Cloud Provider Acceptable Use/Terms of Service
  • Incident Response & Forensics
    • SANS Incident Response Methodology
    • Using Cloud-Native Services to Support Incident Response & Forensics

Additional Information

Students need to have:

  • A laptop with Chrome internet browser. The laptop should have unrestricted access to the Internet and full administrative access. Chrome should allow for the addition of Chrome Extensions. Before class, the user should install the Secure Shell App in Chrome (https://url.sec488.com?id=425).
  • Adobe Acrobat Reader
  • A brand-new free tier Amazon Web Services (AWS) account or an existing AWS account with root access and no restrictions
  • A brand-new free trial Azure account or an existing Azure account with Owner access and no restrictions
  • (Optional for bonus exercises) A brand new free trial Google Cloud Platform (GCP) account or an existing GCP account with Owner access and no restrictions

SANS will provide:

  • Supplementary content via download

Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. These requirements are the mandatory minimums. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. We strongly urge you to arrive with a system meeting all the requirements specified for the course.

It is critical that you back-up your system before class. it is also strongly advised that you do not bring a system storing any sensitive data.

System Hardware Requirements

1. CPU: 64-bit Intel i5/i7 2.0+ GHz processor: Your system's processor must be a 64-bit Intel i5 or i7 2.0 GHz processor or higher. Your CPU and OS must support a 64-bit guest virtual machine.

  • VMware provides a free tool for Windows that will detect whether or not your host supports 64-bit guest virtual machines
  • Windows users can use this article to learn more about their CPU and OS capabilities
  • Apple users can use this support page to learn more information about Mac 64-bit capability

2. BIOS: Enabled "Intel-VT": Intel√ʬ¬s VT (VT-x) hardware virtualization technology should be enabled in your system's BIOS or UEFI settings. You must be able to access your system's BIOS throughout the class. If your BIOS is password-protected, you must have the password.

3. USB: USB 3.0 Type-A port: At least one available USB 3.0 Type-A port is required for copying large data files from the USB 3.0 drives we provide in class. The USB port must not be locked in hardware or software. Some newer laptops may have only the smaller Type-C ports. In this case, you will need to bring a USB Type-C to Type-A adapter.

4. RAM: 8 GB RAM (4 GB min): 8 GB RAM (4 GB min) is required for the best experience. To verify on Windows 10, press Windows key + "I" to open Settings, then click "System", then "About". Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac".

5. Hard Drive Free Space: No course VM is used in this course: Labs are performed via a browser-based application.

6. Operating System: Windows, macOS, or Linux: Any operating system that can run VMware Workstation Player/Pro or VMware Fusion. Those who use a Linux host must be able to access the ExFAT partitions using the appropriate kernel or FUSE modules.

Additional Hardware Requirements

The requirements below are in addition to baseline requirements provided above. Prior to the start of class, you must install virtualization software and meet additional hardware and software requirements as described below. If you do not carefully read and follow these instructions, you will leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course.

1. Laptop Requirements for SEC488

Network, Wireless Connection: A wireless 802.11 B, G, N, or AC network adapter is required. This can be the internal wireless adapter in your system or and external USB wireless adapter. A wireless adapter allows you to connect to the network without any cables. If you can surf the Internet on your system without plugging in a network cable, you have wireless.

Additional Software Requirements

1. Adobe Acrobat or other PDF reader application

2. Google Chrome Browser: You need the Google Chrome browser installed on your system before you arrive for class. The course exercises have been tested with Chrome and not other browsers. You can download Chrome from here.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Anyone who works in a cloud environment, is interested in cloud security, or needs to understand the risks using CSP's should take this course, including:

  • Security engineers
  • Security analysts
  • System administrators
  • Risk managers
  • Security managers
  • Security auditors
  • Anyone new to the cloud!

A basic understanding of TCP/IP, network security, and information security principles are helpful for this course, but not required. Being accustomed to the Linux command-line is a bonus.

This course will prepare you to

  • Navigate your organization through the security challenges and opportunities presented by cloud services
  • Identify the risks of the various services offered by cloud service providers (CSPs).
  • Select the appropriate security controls for a given cloud network security architecture.
  • Evaluate CSPs based on their documentation, security controls, and audit reports.
  • Confidently use the services on any of the leading CSPs.
  • Articulate the business and security implications of multiple cloud providers.
  • Secure, harden, and audit CSP environments.
  • Protect the access keys and secrets used in cloud environments.
  • Use application security tools and threat modeling to assess the security of cloud-based web applications.
  • Automatically create and provision patched and hardened virtual machine images.
  • Deploy a complete "infrastructure as code" environment to multiple cloud providers.
  • Leverage cloud logging capabilities to establish accountability for events that occur in the cloud environment.
  • Prepare to detect and respond to security incidents in the cloud and take appropriate steps as a first responder.
  • Perform a preliminary forensic file system analysis of a compromised virtual machine.

  • MP3 audio files of the complete course lectures
  • Digital Download Package with supplementary content
  • Cloud security services cheat sheet (AWS vs. Azure vs GCP)
  • Electronic Courseware
  • Identify the risks and risk control ownership based on the deployment models and service delivery models of the various products offered by cloud service providers (CSPs).
  • Evaluate the trustworthiness of CSPs based on their security documentation, service features, third-party attestations, and position in the global cloud ecosystem.
  • Create accounts and use the services on any one the leading CSPs and be comfortable with the self-service nature of the public cloud. This includes finding documentation, tutorials, pricing, and security features.
  • Articulate the business and security implications of a multi-cloud strategy.
  • Secure access to the consoles used to access the CSP environments.
  • Use command line interfaces to query assets and identities in the cloud environment.
  • Use hardening benchmarks, patching, and configuration management to achieve and maintain an engineered state of security for the cloud environment.
  • Evaluate the logging services of various CSPs and use those logs to provide the necessary accountability for events that occur in the cloud environment.
  • Implement, configure, and secure certificate-based SSH authentication to virtual machines launched in the cloud.
  • Configure the CLI and properly protect the access keys to minimize the risk of compromised credentials.
  • Use basic Bash and Python scripts to automate tasks in the cloud.
  • Configure cross-account role assumption, a best practice for AWS.
  • Implement network security controls that are native to both AWS and Azure.
  • Employ an architectural pattern to automatically create and provision patched and hardened virtual machine images to multiple AWS accounts.
  • Use Azure Security Center to audit the configuration in an Azure deployment and identify security issues.
  • Use Terraform to deploy a complete "infrastructure as code" environment to multiple cloud providers.
  • Leverage the Cloud Security Alliance Cloud Controls Matrix to select the appropriate security controls for a given cloud network security architecture and assess a CSP's implementation of those controls using audit reports and the CSP's shared responsibility model.
  • Use logs from cloud services and virtual machines hosted in the cloud to detect a security incident and take appropriate steps as a first responder according to a recommended incident response methodology.
  • Perform a preliminary forensic file system analysis of a compromised virtual machine to identify indicators of compromise and create a file system timeline.

SEC488: Cloud Security Essentials reinforces the training material via multiple hands-on labs each day of the course. Every lab is designed to impart practical skills that students can bring back to their organizations and apply on the first day back in the office. The labs go beyond the step-by-step instructions and provide the context of "why" the skill is important and instill insights as to why the technology works the way it does.

Highlights of what students will learn in SEC488 labs include:

  • Accessing the web consoles of AWS, Azure, GCP, and Alibaba and launching virtual machines in select environment
  • Performing a security assessment of a Software-as-a-Service offering
  • Hardening and securing cloud environments and applications using security tools and services
  • Hardening, patching, and securing virtual machine images, including SSH
  • Using the command line interface (CLI) and simple scripts to automate work
  • Preventing secrets leakage in code deployed to the cloud
  • Using logs and security services to detect malware on a cloud virtual machine and perform preliminary file-system forensics
  • Using Terraform to deploy a complete environment to multiple cloud providers.

SEC488 Lab Summary

  • Lab 1.1 - Exploring the Web Consoles
  • Lab 1.2 - Launching Virtual Machines in AWS and Azure
  • Lab 1.3 - Exploring Platform-as-a-Service Offerings
  • Lab 1.4 - High-Level Security Assessment of Box.com
  • Lab 2.1 - Securing Console Access
  • Lab 2.2 - Getting to Know IAM via the Command Line Interface
  • Lab 2.3 - Using an Open-Source Tool to Audit an AWS Account
  • Lab 2.4 - Log Service Exploration
  • Lab 3.1 - Serverless Dynamic Analysis Security Testing
  • Lab 3.2 - Adding a Break the Glass Account
  • Lab 3.3 - Preventing Leakage of Secrets
  • Lab 3.4 - Cloud Log Retrieval & Parsing
  • Lab 3.5 - Data Protection
  • Lab 4.1 - VPCs
  • Lab 4.2 - Hardened Image Provisioning
  • Lab 4.3 - Azure Security Center Exploration
  • Lab 4.4 - Introduction to Terraform
  • Lab 5.1 - Security Hub Compliance Assessment
  • Lab 5.2 - Government Clouds
  • Lab 5.3 - Multicloud Penetration Testing
  • Lab 5.4 - Multicloud Forensics

Author Statement

"What is the cloud? It is much more than a big nebulous fluffy thing, filled with hype. More businesses than ever are shifting mission-critical workloads to the cloud. And not just one cloud - research shows that most enterprises are using up to five different cloud providers. Yet, cloud security breaches happen all the time and many security professionals feel ill-prepared to deal with this rampant change. SEC488 equips students to view the cloud through a lens informed by standards and best practices to rapidly identify security gaps. It provides class participants with hands-on tools, techniques, and patterns to shore up their organization's cloud security weaknesses."

- Kyle Dickinson, and Ryan Nicholson