Course name: AWS Security Engineer
Course Duration: 65 Hours.
Certification: The AWS Certified Security – Specialty (SCS-C01)
Course Outline
PART A: Prerequisites (20 Hours)
Linux Basics –Security
Get started with Red Hat Enterprise Linux
Describe and define open source, Linux distributions. Log into a Linux system and run simple commands using the shell. Create, manage, and delete local users and groups, as well as administer local password policies.
Manage networking and remote login
Configure network interfaces and settings on Linux servers. Configure secure command-line service on remote systems, using OpenSSH.
Manage file permissions
Interpret and set access control lists (ACLs) on files to handle situations requiring complex user and group access permissions.
Monitor and manage Linux
Evaluate and control processes running on Linux systems. Control and monitor network services and system daemons using systemd. Install and manage software packages using yum package repositories
Analyse system issues
Locate and accurately interpret logs of system events for troubleshooting purposes.
Manage Linux Firewall
Create, modify and remove Linux Firewall rules using firewalld.
Windows Server Basics –Security
Active Directory Domain Service( ADDS) to create and manage the Domain
Installing Windows Server 2016 and Windows 10, Installing ADDS in Windows Server 2016, Configuring the DNS Server, Joining the Windows 10 to Domain
Creating and assigning a policies to users and computers through GPMC
Creating Organization Units (OU), moving the user objects to OU, Creating a GPO, Configuring the Policies in GPO, Linking the GPO to OU, Site and Domain. Verifying the policies when user login to domain from member client.
Securing the resources in the server through permission and encryption
Creating partitions in Disk management, Creating a Files and Folders, Creating users and groups, assigning the permissions for users and groups on resources. Configuring Bit locker drive encryption.
Configuring the Windows Firewall Settings
Creating and configuring Inbound and Outbound Rules
Configuring the VPN Server and RRAS.
Installing Remote Access Server (RAS), Configuring the VPN Server and VPN Client, Configuring the server for Routing.
Monitoring the Server through Performance monitor and event logs
Active Directory Certificate Services (ADCS) to create and assign certificates to users and systems.
Installing ADCS Role in the Domain environment, creating a certificate for web server, Installing and configuring IIS web site for HTTPS.
PART B: AWS Security (45 Hours)
1. Incident Response
Introduction to Incident response. Incident Response in Cloud. AWS EC2 Abuse Notice. Dealing with Exposed Access Keys. Compromised Access and Secret Keys. Evaluate Suspected Compromised EC2 Instance. Working on AWS Guard Duty. Penetration Testing Tools
2. Logging and Monitoring
Introduction to Logging and Monitoring. Continuous Security Monitoring. Introduction to Vulnerability Assessment. Working on AWS Inspector. Configuring AWS EC2 Systems Manager. Configuring AWS Config Service. Understanding CloudWatch. Trusted Advisor. AWS Athena. CloudWatch Evnents. AWS Macie. S3 Event Notifications
3. Infrastructure Security
Introduction to Information Security. AWS Master Account and Policies. Managing Organizational Units. Configuring Web Distribution in CloudFront. Security benefits of CloudFront Distributions. Dynamic Caching with CloudFront. AWS CloudFRont Cutom SSL. CloudFront and Server name Indication(SNI). Introduction to Firewalls. Modes of Firewall. Architecting Firewall Rules. Revising Security Groups. IPTABLES and Instance Meta Data. Configuring Network Access Control Lists(NACL). Overview Architecture of Intrusion Prevention Systems(IPS). Configuring Web Application Firewall. AWS Shield. Network Segmentation. Implementing Bastion Hosts. Configuring Virtual private Cloud(VPC). Configuring Virtual private network(VPN). VPC Peering and VPC Endpoints. EC2 and Key Pair. API Gateway. Ec2 Tenancy. Compliance Frameworks and AWS Artifacts. AWS Lambda and S3-Configuring Event Triggers. AWS Simple Email Service(SES). CustomDNS Server for Your VPC.
4. Identity and Access Management
Introduction to Identity and Access management. Understanding the Principle of least Privilege. Creating and applying IAM Policies. Troubleshooting Conflicting Policies. Understanding Delegation. Revoking IAM Role Temporary Security Credentials. Understanding Federation. Web Identity federation. AWS Cognito User Pool and Identity PoolSingle Sign On. Security Assertion mark-up Language. AWS Directory Service. Joining instance to Domain. S3 Security – S3 ACL, Bucket Policy, Signed URLs. S3 Versioning and Cross-Region Replication.
5. Data Protection
Introduction to Data protection. Understanding Cryptography. Types of Cryptography. Hardware Security Modules(HSM). AWS key Management Service(KMS). KMS Authentication and Access Control. Policy Conditions with AWS KMS. Cross Account Access to Customer master Key(CMK). Rotating Customer master Keys. Policy Evaluation-KMS Key Policies and IAM Policies. CLoudTrail and Encryption. EBS Architecture and Secure Data Wiping. AWS Kinesis Encryption. AWS Glacier.
