Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Cloud Security Handbook

You're reading from   Cloud Security Handbook Find out how to effectively secure cloud environments using AWS, Azure, and GCP

Arrow left icon
Product type Paperback
Published in Apr 2022
Publisher Packt
ISBN-13 9781800569195
Length 456 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Eyal Estrin Eyal Estrin
Author Profile Icon Eyal Estrin
Eyal Estrin
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Preface 1. Section 1: Securing Infrastructure Cloud Services
2. Chapter 1: Introduction to Cloud Security FREE CHAPTER 3. Chapter 2: Securing Compute Services 4. Chapter 3: Securing Storage Services 5. Chapter 4: Securing Networking Services 6. Section 2: Deep Dive into IAM, Auditing, and Encryption
7. Chapter 5: Effective Strategies to Implement IAM Solutions 8. Chapter 6: Monitoring and Auditing Your Cloud Environments 9. Chapter 7: Applying Encryption in Cloud Services 10. Section 3: Threats and Compliance Management
11. Chapter 8: Understanding Common Security Threats to Cloud Services 12. Chapter 9: Handling Compliance and Regulation 13. Chapter 10: Engaging with Cloud Providers 14. Section 4: Advanced Use of Cloud Services
15. Chapter 11: Managing Hybrid Clouds 16. Chapter 12: Managing Multi-Cloud Environments 17. Chapter 13:Security in Large-Scale Environments 18. Other Books You May Enjoy

Best practices for using encryption in transit

The idea behind encryption in transit is to allow two parties to share messages over a publicly exposed network, in a secure way, while retaining message confidentiality and integrity.

IPSec

IPSec is the most commonly used protocol for encryption at transit, mainly for site-to-site VPN and VPN tunnels. IPSec resides on layer 3 of the OSI model.

The following are some best practices regarding IPSec:

  • Use the IKEv2 protocol for security association (SA).
  • Use AES-GCM for encryption.
  • Use HMAC-SHA256 (or higher) for integrity.
  • When supported by both the client and the server, use certificate-based authentication instead of a pre-shared key.
  • Use an up-to-date VPN client (to avoid known vulnerabilities).

For more information, please refer to the following resources:

Internet Protocol Security (IPSec):

https://en.wikipedia.org/wiki/IPsec

Guide to IPSec VPNs:

https://csrc.nist.gov/publications...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image