KEMBAR78
Cloud Computing | PDF | Security | Computer Security
Scribd
Upload
15 views4 pages

Cloud Computing

Uploaded by

zeusauce
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views4 pages

Cloud Computing

Uploaded by

zeusauce
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Name: Harsh Santosh Gelda

Class: TE3 – A – 20
22UF17379CM017

Experiment No. – 8
Date of Performance:
Date of Submission:

Program Execution/
formation/ Timely
Viva Experiment
correction/ Submission Sign with Date
(03) Total (10)
ethical practices (01)
(06)

Experiment No. 8
Implement Security as a Service on AWS

8.1 Aim: To demonstrate and implement Security as a Service on AWS

8.2 Course Outcome: Implement various cloud computing service models and implement them to
solve the given Problems.

8.3 Learning Objectives: To configure Amazon Guard Duty to monitor and analyze AWS data
sources.

8.4 Requirement: Amazon Web Services

8.5 Related Theory:


Amazon GuardDuty is a threat detection service that continuously monitors, analyzes, and processes specific AWS
data sources and logs in your AWS environment. GuardDuty uses threat intelligence feeds, such as lists of malicious
IP addresses and domains, and machine learning (ML) models to identify unexpected, and potentially unauthorized
activity in your AWS environment.

Features of GuardDuty:
● Continuously monitors specific data sources and event logs
● Automatically monitors foundational data sources
● Detects presence of malware and generates security findings
● Manage generated security findings
● Integrate with related AWS security services such as Amazon Detective , AWS Security Hub
● Manage multiple-account environment

8.6 Procedure:

Skill Based Lab - Cloud Computing (CMLR0507) A.Y. 2024-25


39
Step1: Click on Services on the AWS console. And then select Security, Identity & Compliance->Guard
Duty
Step 2: Click on Get Started
Step 3: Click on Enable Guard Duty
Step 4 : From the left panel click on S3 protection and check whether it is enabled or not, if notthen enable
it
Step 5: Find out your ip address by typing what is my ip on google and copy it on notepad and change last
few digits of it and save.
Step 6: Open Amazon S3 and then create bucket
Step 7: Choose a file to upload in bucket from your system and then click on upload and then click on
uploaded file
Step 8: Check Upload file status shows in green color on top.
Step 9: Again go back to guard duty and click on list
Step 10 : Click on Add Trusted IP lists
Step 11: Go to findings and click on Policy
Step 12: Click on Lists on the left panel and then click on X under Active and then Delete it

Skill Based Lab - Cloud Computing (CMLR0507) A.Y. 2024-25


40
8.7Program and Output:

Skill Based Lab - Cloud Computing (CMLR0507) A.Y. 2024-25


41
8.8Conclusion:

In conclusion, implementing Security as a Service (SECaaS) on AWS provides a scalable and effective
solution for enhancing cloud security. AWS offers key services like IAM, GuardDuty, Shield, and WAF,
enabling real-time threat detection, automated responses, and strong access management. By leveraging
these tools, organizations can ensure robust protection of their cloud infrastructure while benefiting from
AWS's shared responsibility model. This approach simplifies security management, making it easier to
safeguard digital assets against evolving threats.

8.9 Review Questions based on Experiment:

1. What is Security as a Service (SaaS)?

Ans: Security as a Service (SaaS) refers to cloud-based security services provided by third-party vendors to
protect businesses' digital assets and infrastructure. These services are delivered over the internet and
typically follow a subscription model, making them scalable and cost-effective. SaaS security solutions can
include features like threat detection, data protection, identity management, and compliance monitoring.
SaaS providers manage all aspects of security infrastructure, including updates, maintenance, and patching,
allowing businesses to focus on core operations while benefiting from high-level security without the need
for in-house expertise.

2. What are the key AWS Services that provide security?

Ans:

1. AWS Identity and Access Management (IAM): Manages user access and permissions.
2. Amazon GuardDuty: Continuous threat detection using machine learning.
3. AWS Key Management Service (KMS): Manages encryption keys for data protection.
4. AWS Shield: DDoS protection service.
5. Amazon Inspector: Automated security assessments for vulnerabilities.
6. AWS WAF (Web Application Firewall): Protects against web exploits.
7. AWS CloudTrail: Logs and monitors AWS account activities.
8. Amazon Macie: Classifies and protects sensitive data using machine learning.
9. AWS Security Hub: Centralized security management and alert aggregation.
10. AWS Config: Monitors and tracks configuration changes for compliance.

Skill Based Lab - Cloud Computing (CMLR0507) A.Y. 2024-25


42

You might also like