Best Seller!
AWS Certified Security - Specialty: AWS Certified Security - Specialty (SCS-C01)

AWS Certified Security - Specialty: AWS Certified Security - Specialty (SCS-C01) Certification Video Training Course

AWS Certified Security - Specialty: AWS Certified Security - Specialty (SCS-C01) Certification Video Training Course includes 165 Lectures which proven in-depth knowledge on all key concepts of the exam. Pass your exam easily and learn everything you need with our AWS Certified Security - Specialty: AWS Certified Security - Specialty (SCS-C01) Certification Training Video Course.

136 Students Enrolled
165 Lectures
21:41:00 hr

Curriculum for Amazon AWS Certified Security - Specialty Certification Video Training Course

AWS Certified Security - Specialty: AWS Certified Security - Specialty (SCS-C01) Certification Video Training Course Info:

The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including AWS Certified Security - Specialty: AWS Certified Security - Specialty (SCS-C01) Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.

Domain 2 - Logging & Monitoring

6. Configuring AWS Inspector

Hey everyone, and welcome back to the Knowledge Portal video series. So today we will be looking into how we canset up the basic about AWS Inspector in an environment. So let's get started. Now, if I or you go to Inspector, just click on Inspector, and you'll get the Get Started page. Okay, so now you're getting getting started. Page. Now, there are three things that you need to do. The first thing is that you need to install the AWS agent on your EC2 instance, which you want to scan. Now, if you remember, in Nessus, we did not install any agents. We used to work with SSH keys or passwords. However, for AWS Inspector, we have to install the agent. After you install the agent, there are some predefined assessments like CISBenchmark, CVE, and behavioural analysis. So if you run those assessments on the EC two instances, Ads Inspector will give you a report about the findings. So, quite easy. three-step methodology. So let's click on "Get started." Now the first thing that you have to do is create a role related to AWS Inspector. Now. AWS Inspector. For running AWS, Inspector, you have to tag your EC2 instances. And this is the reason that AWS Inspector will need to list all the EC2 instances within your account. And thus, if you click on "Choose" or "Create Role," it will give you a default role that will basically have a "policy of described instances" so that it can see what instances are present in your account. So I'll click on "allow." Okay, so the second step over here is to tag your EC Two instances. So whenever you want to run a scan from AWS Inspector, you run a scan based on the tagging of your EC2 instances. So we'll look into this as well. The third requirement is that you install AWSAgent on your EC2 instances. So I'll click on "next." So the assessment name will be "KP Lapse" for the timing KP Lapse.So the type value will be the name. Because if you will see, I have a few instances running, and if I open any instances and go to tag, the key is name. So if I want to scan this specific instance, then I have to create a tag with a value name and the key name, and the value will be Kplab and two B. So these are all the instances that it is showing. I'll just choose KP Labs to be with. Now I'll click on "next." Now, this is the assessment template. Now, the Assessment Template basically contains the list of rule packages that are available in AWS Inspector. Now, if you just look over here I have CVEs. We have discussed this. I have CIS operating system benchmarks, I have security best practices, and I have runtime behavioural analysis. For our purpose, I will just choose CVE, and the name that I ideally give is very similar to the rule package that we have configured, which will be CVE. Okay, now duration for the time being, although one R is recommended, I'll select 15 minutes for the time being, and I'll click on "next." It will give you an overview of what we have done, and I'll click on "Create." So if you go to the dashboard over here, it has not really shown anything like zero important findings or zero recent findings in the recent assessment list, but it will show you the list of inspector runs that you have done within your account. Now, if I go to the targets, this is the target that is available, which is KP Labs 2 B. In the assessment template, I have the vetted template, which is available for assessment runs. I have not really done a run right now. So, before we run, we need to install the AWSInspector agent on our EC2 instance. So I'll go to the root. Now if I just run, this is a small Wgate script that instals or downloads the AWS Inspector agent. Just do a double get, and what you see is an install script wire. So if you just run a nano, this is basically the script that instals the inspector region. So, because this is a script, we need to chmod + X install the sh and then just run the install. So basically, this will install the inspector agent. Let's wait for a minute. Perfect. The installation has completed successfully. So this is the basic idea of today's lecture on how to set up the AWS Inspector, both in our consoles as well as the account servers. So in the next lecture we will go ahead with the scan. But for now, I hope this has been informative for you. And again, I recommend you practise this along with the video before you go out with the next lecture. This is it for now. I hope this has been informative, and I look forward to seeing you in the next lecture.

7. AWS Inspector & Nessus - CVE scans

Hey everyone, and welcome back to the Knowledge Portal video series. So we'll continue our discussion with AWS Inspector. And if you remember, in the last lecture, we went ahead and installed the AWS Agent. Now, just one thing to confirm after you have installed AWS is that the AWS Agent is running. I'll click on "Start." Okay, so just make sure that the Inspector Agent is running. Perfect. So now the inspector is running. We will conduct an evaluation of the CBE for this specific instance. So, if you look into the CVE, let me show you. So this is the CBE, and the target name, if you see, is Kplabs. Now, in the assessment target, kplabs is associated with the Kpops hypnotised two B tags. Now these two V. Tag.If you see KP Labs Hypnot, two VTAGS are associated with a specific instance. And this is how the inspector knows where exactly it has to run the assessment. So you don't really have to give the private IP addresses; you just pay based on tax. This becomes much simpler if you have multiple instances with similar tagging. Anyways, in order to run the assessment, go to the assessment templates over here. I'll select this and I'll click on "Run." Now, as you can see, the assessment run has started. Now, the first thing that it really does during the assessment run is collect data. So this takes quite a long time, from what I have seen. So let's do one thing. We'll pause the video until this process is finished. And once the findings are reported, we will come back with the resumed video. Hey everyone. So it has not been completed yet. I just resumed within three 4 minutes. So, what I decided was that, along with the AWS Inspector run, we will also run our Nessus Professional on the same server, so that we can compare the results between Inspector and Nessus. So, this will give you an overview of various tools that have similar functionality. So, what we'll do is I'll copy the publicIP, and we will set up a Nessus scan. If I'll just click on Safari, let me just log in. Perfect. Now, I'll click on "New Scan" over here. And since this is a trial version, various great scans like the internal PCA network scan are not available, but we'll do the basic network scan for RB. So I'll name this klob in two variables, and the target will be the public IP of our server. Now, since Nessa does not work on an agent basis, we have to import the credentials over here. So, since I work based on public private keys, I'll select the username over here. And in the private key, I'll select theprivate key which is associated with the instance. So the preferred port is 22. I'll click on Save, and I'll go ahead and launch this particular scan. So Inspector and Nessus are scanning in the same instance at the same time. So at the end, we will compare and look at the reports from both of them to see which one is preferred by us. So let me just pause the video again, and I'll come back in a few minutes. Hey everyone and welcome back. So both these scans, Inspector and Nessus, are complete. You'll see the analysis is complete, and until the time the scanning was going on, I was actually watching Dragon Ball Super episode 106. I hope many of you are fans of Dragon Ball Z. It's really amazing. Anyways, coming back, if you look into the notable findings over here, you have eight important findings that you will see. Now if I just click here on the assessment, you will see the total findings are 14. Now, if I simply click here, you can see that it is giving me a lot of things that are donated by severity, time, and finding the related data. So you have high, you have medium, and, if you need, you can also export the particular findings in PDF format. So again, along with that, you have a severity filter. For example, if you only want to look at high, it will only show you high assessment-related details. So this is the basic information about the assessment. Again, we discussed that we can also look at the PDF format. Now if you see over your report there is a document image, just click on here, and in the report type I'll just put "Findings report" and I'll click on "Generate report." So it takes around a minute to generate the report. Let me just allow the pop-up, and basically the inspector will give you a report in PDF format so you can see something related to this. So this is the rule package, these are the high vulnerabilities, and these are the medium vulnerabilities. So if we just go a bit down, it gives you the CVE-related details specific to vulnerabilities, and this is the report that the Inspector will provide you. Now, similar results can be achieved with help from Nessus. So let's look into the NESSUS findings. So the scan is complete, and if I just click on here, you'll see that Nessus really gives a nice little graph related to the vulnerabilities that are present. If I click on any one of them, Nests will give you the description of the vulnerability. Now all of these things could be found in the CVSS and CVE charts as well. Along with that, nests will also give you solutions on how you can mitigate this specific vulnerability. So this is the way Nessus really works. Let me go back to the vulnerability chart. So these are the vulnerabilities that were found. Now along with that, if you want, you can export this specific document in terms of PDF. Let me just click on export, and it goes into export. So now if you look into the summary chart, you will find the details related to the exports that are available. An SS provides so many nice little details. So I hope this has been informative for you. So I really hope you understand the basic difference between AWS Inspector and Nessa. very similar tools, but again, I'll leave it up to you which one you prefer. Now, the reason why Inspector might be preferred is that you don't really have to pay an initial cost, like a licence cost, for a year. You have to pay based on the assessment runs that you do in Inspector. However, in nests, you have to pay for a licence cost on a yearly basis, so both have different pricing mechanisms. I leave it up to you as to which one you might prefer. Personal choice. I prefer "necessary" for now. So again, it really depends on individuals. So I hope the lecture has been informative for you, and I look forward to seeing you in the next lecture. It.

8. Best Practices in Vulnerability Assessments

Hey everyone and welcome back to the Knowledge Portal video series. Now, we have covered a significant amount of detail related to the vulnerability exploit and payload-related section. Today we look into best practises specifically for infrastructure and server-related vulnerability assessments. So let's look into some of them. Now, there are five important practises that we have to ensure that we cover in this specific area. Now, the first practise is getting the right tool, and this is a very important first practice. The second is to understand where the scanning is needed. Third is ranking and prioritising your vulnerabilities that you find after you scan your servers. Fourth, how will you schedule your vulnerability scanning and assessment on a monthly or quarterly basis? So that is what the fourth point talks about, and the fifth point talks about how you will act on your assessment results. So let's start with each one of them. Again, vulnerability assessment is one of the most important parts of a security monitoring area. So choosing the right tool for a vulnerability assessment activity is a very important part. Now, the tool that you will choose depends upon your environment and upon the budget that your organisation has. There are very nice tools like NESSUS. You have Pose, AWS Inspector, something new, OpenSCAP, and so on. for, as I said, my personal preference. I have been working in the payments organization, which deals with very sensitive information, and we have been using Nessus for the past three years. This is one of the best tools that I have found for my purposes. So again, it depends upon your choice, but for me, it is a de facto standard. Second, understanding where the scanning is needed Now, let's suppose you have 400 to 500 servers and there are just two security engineers. Then you cannot really scan all 400 or 500 servers every month. So in this case, what you need to do is create some kind of inventory, which will contain a list of all the mission-critical systems that are important for your business. And once you identify a list of important systems, specifically ones like production, then you perform your scanning on them. Now, if you spend your time scanning dev or QS servers and you forget to scan the production servers, then that is not a very good approach. So this is the reason why you need to have an inventory with lists of all the systems that are critical to your business. So ideally, this will be the production environment. So this is second-best practice. A third best practise is prioritization. Now, let me give you a simple example where youhave a high risk vulnerability on your web server. Let's assume enginex and that webserver is open to public. That means the public will be able to access your website, and the traffic goes to the web server. So on that Web server, you have a high-risk vulnerability. You now have a critical vulnerability in the SSH package on the server, which is in your internal network. That means that you have two vulnerabilities. The first vulnerability is the high-risk one, which is in your DMZ web server, and the second is the critical risk vulnerability, which is in the SSH package, but the server is in the internal network. Now the question is, which one will you patch first? Even though the second is critical, you will undoubtedly patch the web server first. However, since the web server is open to the public and it is in the DMZ, you will be testing the high-risk viability first, and the critical risks would be the next priority. So this is very important whenever you scan your server; the prioritisation of vulnerabilities is very important depending on the level of risk involved in the associated vulnerability. So the next step is the schedule interval. Now again, this is very important because hackers will not release the exploits after your vulnerability assessments are complete, so they can release them anytime. So they will not wait for your vulnerability assessment to be complete and everything to be clean, and then they'll release it. So doing a scheduled scan for vulnerability is very important. From what I have observed is that we generally usedto perform two week was the time interval for vulnerabilityassessment for the systems which are in the DMZ. Now that systems are in the DMZ, you can assume that systems that are in the public subnet and have external users are using them. So, if a system is in the public subnet and external users are using it, you must ensure that it is secure, which is why you must ensure that your VA scans are at the two-week level. This is a decent amount of scanning intervaland the other servers which are in theproduction, maybe in the private network, they shouldbe scanned at the monthly level. So it is quite important that if you have this kind of schedule interval, then you have a very good vulnerability assessment activity. Now, this is a very important aspect of the assessment result. Now, once you detect a vulnerability, you have to make sure that the vulnerability is closed, maybe because you updated some software or did something in which the vulnerability was closed. So this is a very important topic. Now, generally, after vulnerability assessment, patch management activity comes into play, so they are tied up. So once the vulnerabilities are identified, the patch management activity is followed, where all the packages in which the vulnerabilities are discovered are updated, and once these packages are updated, Your vulnerability scanner should run again to verify that all the vulnerabilities which were supposedly patched during the patch management activity are no longer present. So this is again a very important point. Now one tip that I can give youis do not directly patch the patching scheduleshould be first dev environment, QA environment andthird would be the broad environment. So there are various tools for patch management activities, such as spacewalks satellite servers, or you can directly do yum update on the specific packaging. So this is the basic above of the bestpractices related to the vulnerability assessment of your service.

9. Overview of Layer 7 Firewalls

Hey everyone, and welcome back to the Kplabs course. So in today's lecture, we'll be discussing more about the Web application firewall. So the web application firewall is currently one of the most critical components as far as the security infrastructure is concerned. And in most organizations, specifically the enterprise-grade ones, you have a Web application firewall already implemented. So let's look into what a Web application firewall is all about. Now, we all know what a firewall is, and most of us have already used a firewall in some way or another. It may be AWS security groups; it may be IP tables. So this is one of the things that you should already know. Now, one important thing is that firewalls generally operate onlayer three and layer four of the OSI model. So we'll look into it. So when you talk about the main aim of a firewall, the main aim of a firewall is to block malicious or unauthorised traffic. and I'm sure that you already know. So when you speak about that, firewalls work on layer three and layer four, which means network and transport layers. So generally, if I open up a random packet within the transport layer, you have various things like a source port and a destination port. The source IP and destination IP can be found in the Internet Protocol layer. You also have various things like a sequence number, which is within the transmit layer. And this is where stateful and stateless firewalls really play a vital role. So this is something that we already know we allow based on IP addresses and port numbers. So this is what the generic firewall does. So, coming back to the presentation, the main name of a firewall is basically to not allow traffic that is malicious. Now the question is, when we look at the diagram, since the firewall operates at layer three or layer four, it cannot really look into the layer seven traffic, which is the application traffic. And this is where the question comes in: what about the malicious traffic like SQLinjection attacks and cross-site scripting attacks, which generally operate at layer seven, specifically where the HTTP protocol operates? So if you look at the diagram, the non-http attacks can already be deferred by the standard packet firewall. So however, the Http attack so since the firewall cannotreally read the Http packets, let me show you again. So within this package, you have the IP layer, you have the transport layer, and you have the HTTP layer. So this is layer seven. So within layer seven, you have a lot of information like the user agent, you have the request, you have the host headers, and you have the HTTP request itself. So this is the Uri portion. Because the firewall does not operate on layer seven, it cannot read any of these things. And this is the reason why there is a need for a firewall, because layer seven is where the applications are running. They have a plethora of attacks at their disposal. This is why it was necessary to have a firewall that can read HTTP packets, operate at layer seven, and protect applications from various types of attacks. So, as I'll show you, there is an OS top ten that has a lot of web application-specific attacks. It can be SQL injection. I'm sure you've heard about it. SQL injection, you have cross-site scripting—a lot of them are there. These are details that are mentioned within the OStop 10, and since all of them generally operate at layer seven, you need a firewall that can protect you against the layer seven attacks. And this is where the web application firewall is all about. So web application firewalls are generally designed for web applications, and these kinds of firewalls operate at layer seven. So again, the rules that you write for Web application Fireworks are rules specific for HTTP-based communication. So we'll look into it in detail. But just understand that one of the primary motives of the various kinds of apps that are available is to protect against the OS's top ten metrics. And this is very important. So considering the web application firewall vendors, there are a lot of vendors that are available. It ranges from open source likeNazi, more security, to various commercialsolutions which are like signal signs. Akamai, you have AWS West which is also prettyinteresting solutions as far as the commercials are concerned. So many content delivery networks, such as Cloudflare, offer the web application firewall, which you can investigate, and definitely one of the best ones to have a high-level overview of is AWS because it is quite simple and you can go ahead and create your own rule sets, create your own webpage, and so on. Again, there are commercial ones like AkamaiSignal Sciences, which are good, but the problem with them is that many times they do not really entertain startups that have like five or six servers. So that is quite a big pain. And this is the reason why I generally recommendto go ahead and straightforwardly go with AWS. simple, straightforward solution. You can use it any time and you can implementany time and it's a pay as you go. So anyways, we'll discuss more about this in the relevant section.

Read More

* The most recent comment are at the top

Add Comments

Feel Free to Post Your Comments About EamCollection's Amazon AWS Certified Security - Specialty Certification Video Training Course which Include Amazon AWS Certified Security - Specialty Exam Dumps, Practice Test Questions & Answers.

Similar Amazon Video Courses

Only Registered Members Can Download VCE Files or View Training Courses

Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.

  • Trusted By 1.2M IT Certification Candidates Every Month
  • VCE Files Simulate Real Exam Environment
  • Instant Download After Registration.
Please provide a correct e-mail address
A confirmation link will be sent to this email address to verify your login.
Already Member? Click Here to Login

Log into your ExamCollection Account

Please Log In to download VCE file or view Training Course

Please provide a correct E-mail address

Please provide your Password (min. 6 characters)

Only registered members can download vce files or view training courses.

Registration is free and easy - just provide your E-mail address. Click Here to Register


ExamCollection Premium

ExamCollection Premium Files

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads
Enter Your Email Address to Receive Your 10% Off Discount Code
A Confirmation Link will be sent to this email address to verify your login
We value your privacy. We will not rent or sell your email address


Use Discount Code:


A confirmation link was sent to your e-mail.
Please check your mailbox for a message from and follow the directions.


Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.