Teri Radichel

Summarize

Cloud Security Architecture

A compilation of blog posts by Teri Radichel on Cloud Security Architecture

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: AWS Security | Cloud Security Architecture

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This blog is a summary of my posts on Cloud Security Architecture. I’m trying to create some blogs to organize what I’ve written on various topics a bit better.

If you need help with cloud security architecture or need your architecture reviewed you can schedule a call with me through IANS Research. I’m currently focusing on AWS in my latest blog series but teach AWS, Azure and GCP cloud security classes. Although taking classes directly from a cloud vendor is great — I’ve done it — you will hear things in my classes you won’t hear from a cloud vendor from a customer perspective.

In my recent blog series I’m building a cloud architecture from the ground up. I have some tools I need to build and use for my own purposes so I thought I would share what I’m doing along the way. It’s a hands on approach to some of the things I talk about in my classes and includes a related GitHub repository where I publish the code. I hope to expand this to other cloud platforms in the future if time allows.

Security Architecture is Not A Checklist

ACM.14 Think like an attacker and architect accordingly

medium.com

Cybersecurity Architecture

Learning the value of proper engineering from an old house

medium.com

Cloud Architecture and KMS Keys

ACM.9 Key segregation to limit exposure in the event of a data breach

medium.com

AWS Lambda and Batch jobs for Steps in a Process

ACM.39 Serverless components to construct secure architectures

medium.com

Cloud Network Architecture and Naming Conventions

ACM.41 Resources that span applications, projects, and departments

medium.com

Cloud Security Architecture — Batch Jobs

ACM.49 Cloud security and application architecture for running batch jobs

medium.com

Network Design: Serverless Applications

ACM.73 Thinking through serverless network architecture

medium.com

Network Design: Developer Network

ACM.72 Network architecture for developer access to GitHub and AWS

medium.com

AWS SAML Federation to Okta Architecture

ACM.167 Architectural components and separation of duties

medium.com

AWS Service Control Policy Architecture

ACM.169 Designing maintainable, readable, and secure service control policies

medium.com

Creating an AWS Backup Account

ACM.186 Prevent Ransomware and other malicious actors from accessing your backups

medium.com

Defining AWS Accounts and Organizational Units

ACM.180 Defining accounts and organizational units based on by trust boundaries and roles to protect critical assets

medium.com

AWS VPC with a NAT

ACM.269 Setting up a NAT to allow outbound Internet Access From a Private VPC

medium.com

AWS Transit Gateway with a NAT and Network Security Options

ACM.270 AWS Network Firewall, Packet Mirroring, and Open Source IDS and IPS

medium.com

Architecture with Transit Gateway in an AWS Organization

ACM.271 There’s no one size fits all solution — design according to your business requirements

medium.com

CloudFormation Micro-Templates

ACM.285 Why I put a single resource in each CloudFormation template

medium.com

Thinking About CloudFormation LanguageTransformations

ACM.293 The implications of letting someone rewrite your code

medium.com

Organizational Hierarchies and Policies in AWS, Azure, and GCP

Multicloud.5 Accounts, OUs, Subscriptions, Tenants, Folders and Projects

medium.com

I’ve also compared and contrasted services you might choose when designing a cloud architecture.

AWS Secrets Manager vs. SSM Parameter Store

ACM.119 Choosing where to store secrets and configuration data

medium.com

AWS Nitro Enclaves and TPMs

ACM.80 Protecting data and encryption keys in memory and in use

medium.com

Route traffic through AWS for security and inspection

Here’s a mini-series on setting up your home or business traffic to flow through AWS for inspection. Still adding all the stories to show how to do it.

How to Route Your Home Network or Business Network Traffic Through AWS and Why

ACM.464 pfSense > AWS Site to Site VPN > Transit Gateway > NAT > Internet

medium.com

Configuring the VPC and VPC Flow Logs for an AWS Site to Site pfSense VPN

ACM.465 Creating a VPC to connect our pfSense to via a VPN and configuring logging to inspect the related network…

medium.com

AWS Credentials and Roles for the pfSense VPN Wizard

ACM.466 Also, why I’m not going to use this wizard

medium.com

Calculating the Cost of An AWS Architecture plus a Region Security Warning

ACM.467 Looking at the cost of resources on AWS for a private network

medium.com

Creating an AWS Site to Site VPN for pfSense with a Virtual Private Gateway

ACM.468 Configuring specific encryption options to prevent downgrade attacks

medium.com

Test Sending Traffic From a Load Balancer To A NAT Gateway

ACM.469 Spoiler Alert: Q told me I could do this but I can’t :( but this might help someone trying to set up a network…

medium.com

Sending Traffic From pfSense to a Site to Site VPN to a VGW to a NAT in AWS

ACM.470 Another thing Q told me I could do but not allowed

medium.com

Subnets And Routes For a Public NAT

ACM.471 Setting up proper routing to leverage a NAT to reach the Internet on AWS; Avoid traffic dropped due to…

medium.com

Configure a Transit Gateway To Route Traffic From A Site To Site VPN to a NAT

ACM.472 Get the routing right or packets will mysteriously disappear

medium.com

Related to the above posts — some issues I had while trying to implement that solution:

Concatenate Contiguous IP Ranges in Its IP List #awswishlist

See example here and related blog post for why

medium.com

AWS Routing Logs and Error Messages #awswishlist

ACM.463 The routing mystery that would be much easier to solve with a “No Route To Host” error message

medium.com

You may also want to check out my security related posts which cover some aspects of network security architecture.

Network Security:

Network Security

Blog posts, papers, and articles on Network Security by Teri Radichel

medium.com

AWS Security:

AWS Security

A compilation of stories written about AWS by Teri Radichel

medium.com

Azure Security:

Azure Security

Posts on Azure Security by Teri Radichel

medium.com

Google Security:

Google Security

Blog posts by Teri Radichel on Google, Google Cloud Platform (GCP), Chrome, Gmail and Google Workspace Security

medium.com

Okta and IDP:

Okta

Stories related to Okta by Teri Radichel

medium.com

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2022

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab

Cloud Security

Cloud Architecture

Cybersecurity

Security Architecture

Topics

Recommended from ReadMedium