You're reading from Enterprise Cloud Security and Governance Efficiently set data protection and privacy principles

Product type Paperback

Published in Dec 2017

Publisher Packt

ISBN-13 9781788299558

Length 410 pages

Edition 1st Edition

Tools

Ansible

Concepts

Cloud Security

Author (1):

Zeal Vora

View More author details

Table of Contents (11) Chapters

Preface

1. The Fundamentals of Cloud Security FREE CHAPTER

2. Defense in Depth Approach

3. Designing Defensive Network Infrastructure

4. Server Hardening

5. Cryptography Network Security

6. Automation in Security

7. Vulnerability, Pentest, and Patch Management

8. Security Logging and Monitoring

9. First Responder

10. Best Practices

Accessing management

Once we have designed the network architecture, it's now time to understand how the servers will be placed in terms of DMZ and private environments.

Accordingly, the accessing methods will differ as well; with the general rule of thumb, all servers must be accessible via bastion host or VPN. Some organizations decide to open up port 22 for whitelisted office IPs for servers under DMZ but this is not the right approach.

Bastion hosts

Bastion hosts, also known as jump box, basically act as a proxy that allows the client to connect to remote servers. These remote servers are generally on a private subnet that is not accessible directly, with bastion generally being on the public subnet.

The following...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Vora

Zeal Vora works as a DevSecOps Engineer primarily in the area of Defensive Security. He spends his days protecting and implementing security controls to help mitigate attacks both on the Cloud and servers. He is actively involved in security consultation, helping various startups which have been breached to overcome the breach and start again with a secure infrastructure.

See other products by Vora