#securitygroup — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securitygroup, aggregated by home.social.
-
via @dotnet : Announcing the .NET Security Group
https://ift.tt/V3SJ8gW
#DotNet #SecurityGroup #Microsoft #OpenSource #VulnerabilityManagement #CVE #PatchTuesday #CyberSecurity #SoftwareDevelopment #TechNews #Collaboration #SecurityUpdates #DotNetEcosystem #Trus… -
AWSネットワークリソースの設定変更を Microsoft Teamsで複数ユーザーにメンション通知できるようにしてみた
https://dev.classmethod.jp/articles/sg-change-notify-teams-multi-user-mention-notification/#dev_classmethod #AWS #Amazon_EventBridge #AWS_Lambda #Microsoft_Teams #AWS_CloudFormation #SecurityGroup
-
@dob That's a big scope.
Some things we do to make our lives easier and doesn't cost $$$.
Enable #guardduty and pipe all the alerts into a slack channel (+email as well).
Enable #cloudtrail log everything to an #S3 bucket in another account. #cloudwatch alerts on auth failures (to slack + email (some go to pagerduty #infosec contact).
We also have some alerts on updates when a cidr is added to a #SecurityGroup.Don't use #ssh or #bastion/#JumpHosts use #ssm to run automations on the hosts (package install, service restarts etc) also to get a shell on a box (if needed at all). (you can use #TransitiveTags with #RoleAssumption to give granular access).
Using #ssm for console access also logs the entire session (including someone doingsudo su - rootetc!) into #S3Use #MicroSegmentation within our #vpc. Instances behind an #alb will only accept traffic from the #alb #SecurityGroup etc.. #rds, #elasticache willl only accept traffic from instances in the appropriate #SecurityGroup. (Basically we don't use cidr ingress rules, we use security group ids) (this works across accounts in the same region with peering, but not across regions however).