Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
AWS: Security Best Practices on AWS
AWS: Security Best Practices on AWS

AWS: Security Best Practices on AWS: Learn to secure your data, servers, and applications with AWS

eBook
€8.99 €26.99
Paperback
€32.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

AWS: Security Best Practices on AWS

Chapter 2. Data Security in AWS

Data security in the AWS platform can be classified into two broad categories:

  • Protecting data at rest

  • Protecting data in transit

Furthermore, data security has the following components that help in securing data in multiple ways:

  • Data encryption

  • Key Management Services (KMS)

  • Access control

  • AWS service security features

AWS provides you with various tools and services to secure your data in AWS when your data is in transit or when your data is at rest. These tools and services include resource access control using AWS Identity and Access Management (IAM), data encryption, and managed KMS, such as AWS KMS for creating and controlling keys used for data encryption. The AWS KMS provides multiple options for managing your entire Key Management Infrastructure (KMI). Alternatively, you also have the option to go with the fully managed AWS CloudHSM service, a cloud-based hardware security module (HSM) that helps you generate and use your own keys for encryption purpose...

Introduction


In this lesson, we will learn about protecting data in the AWS platform for various AWS services. To begin with, we will go over the fundamentals of encryption and decryption and how encryption and decryption of data work in AWS. Post that, we will start with security features for securing data in transit and at rest for each of the following AWS services:

  • Amazon Simple Storage Service (S3)

  • Amazon Elastic Block Storage (EBS)

  • Amazon Relational Database Service (RDS)

  • Amazon Glacier

  • Amazon DynamoDB

  • Amazon Elastic Map Reduce (EMR)

We will look at data encryption in AWS and we will learn about three models that are available for managing keys for encryption and how we can use these models for encrypting data in various AWS services such as, AWS S3, Amazon EBS, AWS Storage Gateway, Amazon RDS, and so on.

Next, we will deep dive on AWS KMS and go through KMS features and major KMS components.

Furthermore, we will go through the AWS CloudHSM service with its benefits and popular use cases.

Lastly...

Encryption and Decryption Fundamentals


Encryption of data can be defined as converting data known as plaintext into code, often known as ciphertext that is unreadable by anyone except the intended audience. Data encryption is the most popular way of adding another layer of security for preventing unauthorized access and use of data. Encryption is a two-step process: in the first step, data is encrypted using a combination of an encryption key and an encryption algorithm, in the second step, data is decrypted using a combination of a decryption key and a decryption algorithm to view data in its original form.

The following three components are required for encryption. These three components work hand in hand for securing your data.

  • Data to be encrypted

  • Algorithm for encryption

  • Encryption keys to be used alongside the data and the algorithm

There are two types of encryption available, symmetric and asymmetric. Asymmetric encryption is also known as public key encryption. Symmetric encryption uses...

Securing Data at Rest


You might be required to encrypt your data at rest for all AWS services or for some of the AWS storage services depending on your organizational policies, industry or government regulations, compliance, or simply for adding another layer of security for your data. AWS provides several options for encrypting data at rest including fully automated and fully managed AWS encryption solutions, manual encryption solutions, client-side encryption, and so on. In this section, we are going to go over these options for each AWS storage service.

Amazon S3

The S3 is one of the major and most commonly used storage services in the AWS platform. It supports a wide range of use cases such as file storage, archival records, disaster recovery, website hosting, and so on. The S3 provides multiple features to protect your data such as encryption, MFA, versioning, access control policies, cross-region replication, and so on. Let us look at these features for protecting your data at rest in...

Securing Data in Transit


Most of the web applications that are hosted on AWS will be sending data over the internet and it is imperative to protect data in transit. This transit will involve network traffic between clients and servers, and network traffic between servers. So data in transit needs to be protected at the network layer and the session layer.

AWS services provide IPSec and SSL/TLS support for securing data in transit. An IPSec protocol extends the IP protocol stack primarily for the network layer and allows applications on the upper layers to communicate securely without modification. The SSL/TLS, however, operates at the session layer.

The Transport Layer Security (TLS) is a standard set of protocols for securing communications over a network. TLS has evolved from Secure Sockets Layer (SSL) and is considered to be a more refined system.

Let us look at options to secure network traffic in AWS for various AWS services.

Amazon S3

The AWS S3 supports the SSL/TLS protocol for encrypting...

AWS KMS


AWS KMS is a fully managed service that supports encryption for your data at rest and data in transit while working with AWS services. AWS KMS lets you create and manage keys that are used to encrypt your data. It provides a fully managed and highly available key storage, management and auditing solution that can be used to encrypt data across AWS services as well as to encrypt data within your applications. It is low cost as default keys are stored in your account at no charge – you pay for key usage and for creating any additional master keys.

KMS Benefits

AWS KMS has various benefits such as importing your own keys in KMS and creating keys with aliases and description. You can disable keys temporarily and re-enable them. You can also delete keys that are no longer required or used. You can rotate your keys periodically or let AWS rotate them annually. Let us look at some major benefits of KMS in detail:

Fully Managed

AWS KMS is a fully managed service, where AWS takes care of underlying...

AWS CloudHSM


AWS and AWS partners offer various options such as AWS KMS to protect your data in AWS. However, due to contractual, regulatory compliance, or corporate requirements for security of an application or sensitive data, you might need additional protection. AWS CloudHSM is a cloud-based dedicated, single-tenant HSM allowing you to include secure key storage and high-performance crypto operations to your applications on the AWS platform. It enables you to securely generate, store, manage, and protect encryption keys in a way that these keys are accessible only by you or authorized users that only you specify and no one else.

AWS CloudHSM is a fully managed service that takes care of administrative, time-consuming tasks such as backups, software updates, hardware provisioning, and high availability by automating these tasks. However, AWS does not have any access to configure, create, manage, or use your CloudHSM. You can quickly scale by adding or removing HSM capacity on-demand with...

CloudHSM Features


Let us look at some features of the AWS CloudHSM service.

Generate and Use Encryption Keys Using HSMs

AWS CloudHSM provides FIPS 140-2 level 3 compliant HSM for using and generating your encryption keys. It protects your encryption keys with a single tenant, exclusive access, and dedicated tamper-proof device in your own AWS VPC.

Pay as You Go Model

AWS CloudHSM offers a utility pricing model like many other AWS services. You pay only for what you use and there are no upfront costs whatsoever. You are billed for every running hour (or partial hour) for every HSM you provision within a CloudHSM cluster.

Easy to Manage

AWS CloudHSM is a fully managed service, so you need not worry about scalability, high availability, hardware provisioning, or software patching. These tasks are taken care by of AWS. The AWS also takes automated encrypted backups of your HSM on a daily basis.

AWS monitors health and network availability of HSMs. It does not have access to keys stored inside these...

AWS CloudHSM Use Cases


A CloudHSM cluster can store up to 3,500 keys of any type or size. It integrates with AWS CloudTrail so all activities related to CloudHSM are logged and you can get a history of all AWS API calls made to CloudHSM.

With so many features and benefits, AWS CloudHSM has many use cases when it comes to securing your data. Let us look at some of the most popular use cases for this service.

Offload SSL/TLS Processing for Web Servers

Web servers and web browsers often use SSL or TLS for a secure connection to transfer data over the internet. This connection requires the web server to use a public-private key pair along with a public key certificate in order to establish an HTTPS session with each client. This activity acts as an overhead for the web server in terms of additional computation. CloudHSM can help you offload this overhead by storing the web server's private key in HSM as it is designed for this purpose. This process is often known as SSL acceleration.

Protect Private...

Amazon Macie


Amazon Macie is the newest security service powered by Artificial Intelligence launched by AWS that uses machine learning to identify, categorize, and secure your sensitive data that is stored in S3 buckets. It continuously monitors your data and sends alerts when it detects an anomaly in the usage or access patterns. It uses templated Lambda functions for either sending alerts, revoking unauthorized access, or resetting password policies upon detecting suspicious behavior.

As of now, Amazon Macie supports S3 and CloudTrail with the support for more services such as EC2, DynamoDB, RDS, Glue is planned in the near future. Let us look at two important features of Amazon Macie.

Data Discovery and Classification

Amazon Macie allows you to discover and classify sensitive data along with analyzing usage patterns and user behavior. It continuously monitors newly added data to your existing data storage.

It uses artificial intelligence to understand and analyze usage patterns of existing...

Summary


Data security is one of the major requirements for most of the AWS users. The AWS platform provides multiple options to secure data in their data storage services for data at rest and data in transit. We learned about securing data for most popular storage services such as AWS S3, AWS RDS, and so on.

We learned the fundamentals of data encryption and how AWS KMS provides a fully managed solution for creating encryption keys, managing, controlling, and auditing usage of these encryption keys.

We also learned about AWS CloudHSM, a dedicated hardware appliance to store your encryption keys for corporate or regulatory compliance. We went through various features of CloudHSM and the most popular use cases for this service.

Lastly, we went through Amazon Macie, a newly launched data security service that uses machine learning for protecting your critical data by automatically detecting and classifying it.

The AWS EC2 service provides compute or servers in AWS for purposes such as web servers...

Assessments


  1. Which among the following is used for creating and controlling keys used for data encryption in AWS?

    1. IAM

    2. HSM

    3. KMS

    4. S3

  2. Asymmetric encryption is also known as _______.

    1. Private key encryption

    2. Public key encryption

    3. Secret key encryption

    4. Data key encryption

  3. For encrypting data in AWS, which among the following is used to convert plaintext data into cipher text using the encryption algorithm?

    1. Cipher text private key

    2. Cipher text public key

    3. Plaintext private key

    4. Plaintext data key

  4. For decrypting data in AWS, cipher text uses the _____ for converting cipher text into plaintext by applying the decryption algorithm.

    1. Plaintext public key

    2. Plaintext data key

    3. Plaintext private key

    4. Plaintext secret key

  5. State whether the following statement is True or False: AWS uses envelope encryption to encrypt data directly.

Left arrow icon Right arrow icon

Key benefits

  • ? Learn to secure your network, infrastructure, data, and applications in AWS cloud
  • ? Use AWS managed security services to automate security
  • ? Dive deep into various aspects such as the security model, compliance, access management and much more to build and maintain a secured environment
  • ? Explore Cloud Adoption Framework (CAF) and its components
  • ? Embedded with assessments that will help you revise the concepts you have learned in this book

Description

With organizations moving their workloads, applications, and infrastructure to the cloud at an unprecedented pace, security of all these resources has been a paradigm shift for all those who are responsible for security; experts, novices, and apprentices alike. This book focuses on using native AWS security features and managed AWS services to help you achieve continuous security. Starting with an introduction to Virtual Private Cloud (VPC) to secure your AWS VPC, you will quickly explore various components that make up VPC such as subnets, security groups, various gateways, and many more. You will also learn to protect data in the AWS platform for various AWS services by encrypting and decrypting data in AWS. You will also learn to secure web and mobile applications in AWS cloud. This book is ideal for all IT professionals, system administrators, security analysts, solution architects, and chief information security officers who are responsible for securing workloads in AWS for their organizations. This book is embedded with useful assessments that will help you revise the concepts you have learned in this book. This book is repurposed for this specific learning experience from material from Packt's Mastering AWS Security, written by Albert Anthony.

Who is this book for?

This book is for all IT professionals, system administrators, security analysts, solution architects, and chief information security officers who are responsible for securing workloads in AWS for their organizations.

What you will learn

  • ? Get familiar with VPC components, features, and benefits
  • ? Learn to create and secure your private network in AWS
  • ? Explore encryption and decryption fundamentals
  • ? Understand monitoring, logging, and auditing in AWS
  • ? Ensure data security in AWS
  • ? Secure your web and mobile applications in AWS
  • ? Learn security best practices for IAM, VPC, shared security responsibility model, and so on
Estimated delivery fee Deliver to Malta

Premium delivery 7 - 10 business days

€32.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Mar 13, 2018
Length: 118 pages
Edition : 1st
Language : English
ISBN-13 : 9781789134513
Vendor :
Amazon
Category :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Malta

Premium delivery 7 - 10 business days

€32.95
(Includes tracking information)

Product Details

Publication date : Mar 13, 2018
Length: 118 pages
Edition : 1st
Language : English
ISBN-13 : 9781789134513
Vendor :
Amazon
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 102.97
AWS Administration - The Definitive Guide
€36.99
AWS: Security Best Practices on AWS
€32.99
Practical AWS Networking
€32.99
Total 102.97 Stars icon
Banner background image

Table of Contents

5 Chapters
AWS Virtual Private Cloud Chevron down icon Chevron up icon
Data Security in AWS Chevron down icon Chevron up icon
Securing Servers in AWS Chevron down icon Chevron up icon
Securing Applications in AWS Chevron down icon Chevron up icon
AWS Security Best Practices Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Half star icon Empty star icon Empty star icon 2.6
(5 Ratings)
5 star 0%
4 star 20%
3 star 40%
2 star 20%
1 star 20%
Amazon Customer Aug 12, 2018
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Discription is clear and strait-forward. However, it only provides high-level concepts without deep diving into details. May need to refer to AWS white papers or technicsl guides for detail.
Amazon Verified review Amazon
Amazon Customer Oct 13, 2018
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
Basic high level view of Security in AWS great for non technical managers. And is a quick read . .
Amazon Verified review Amazon
Roscoe Nov 07, 2018
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
It's an okay book but I thought it would have a bit more details on the individual topics. I'm a newby in this area and will most likely need additional information for AWS.
Amazon Verified review Amazon
Agoa Apr 08, 2018
Full star icon Full star icon Empty star icon Empty star icon Empty star icon 2
This has not nothing more than what you will find in the aws whitepapers. I expected a lot more content and lessons learned.
Amazon Verified review Amazon
Amazon Customer Jan 16, 2019
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
In his book author says Security groups are stateless but they are statefull (FYI) I hope he will correct it ?
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela