Overview of the security operation on the cloud for Education Industry and Technology
Based on years of the solution focus on security at all layers of the business and other aspects of deep defense solutions to ensure that Education web applications are both safe and compliant while protecting against potentially malicious threats as well as prevent scanning from customers, national network security related policies.
Cloud security experience and solution of Simba Innovation,
- AWS Cloud Platform Security：
- access-control, network security, data encryption, log management, accounting and auditing, security operation
- OS Security：
- Operation system security，docker security，kubernetes security
- Application Security：
- vulnerability scan，penetration test, firewall implementation，code hardening
Simba Innovation cloud-based security operation and maintenance system includes:
- Multidimensional monitoring system
- Log management system
- Security Information and Event Management
- Account management system
Cloud platform security solution
- Perform security scans of the AWS cloud platform.
- Create a secure network zone using virtual private cloud (VPC) and security group.
- Encrypt data at rest and data in transit, using KMS.
- Use multiple accounts to mitigate the attack affect.
- Strict account management, granting least privilege.
- Enable MFA, SAML, web authentication SSO.
- Enable Cloudtrail for log traceability.
- Use cloudwatch monitoring and alerting.
- Use a separate Security-Account for log storage.
- Strict object storage(S3) access restrictions.
AWS cloud provides security management application tools
eg： cloudtrail, config, IAM, KMS, SecurityGroup, Nacl
Make the most of AWS security tools to enhance security at the cloud platform.
System security solution
System security solution includes：
- OS System Security：Disable unnecessary services, kernel hardening, file hardening, account auditing, system hardening, locking unused accounts...
- Kubernetes Security：Upgrade to the new version, use the namespace, Strict access control strategy, multidimensional monitoring system...
- Docker Security：Use a secure docker image, mirror permission control, limit resource usage of the docker container, minimizes installation principles...
Application layer security solution
Penetration test + vulnerability scan：
Penetration test is an attempt to evaluate the security of safely trying to exploit vulnerabilities. Test and scan results assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.
Block all kinds of scanning and attacks by deploying security products such as firewall and WAF, use multiple-az implementation for HA/DR purposes.
Application layer code hardening:
- Verify all the inputs, modify and hardening front-end code.
- Blacklisting file extensions, Content-Type Header Validation, etc.
- Logical vulnerability needs to modify the judgment logic of the code.
- Add tokens to important requests. Tokens should be generated as randomly as possible.