You're reading from Cloud Security Handbook Find out how to effectively secure cloud environments using AWS, Azure, and GCP

Product type Paperback

Published in Apr 2022

Publisher Packt

ISBN-13 9781800569195

Length 456 pages

Edition 1st Edition

Tools

AWS

Concepts

Cloud Computing

Author (1):

Eyal Estrin

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1: Securing Infrastructure Cloud Services

2. Chapter 1: Introduction to Cloud Security FREE CHAPTER

3. Chapter 2: Securing Compute Services

4. Chapter 3: Securing Storage Services

5. Chapter 4: Securing Networking Services

6. Section 2: Deep Dive into IAM, Auditing, and Encryption

7. Chapter 5: Effective Strategies to Implement IAM Solutions

8. Chapter 6: Monitoring and Auditing Your Cloud Environments

9. Chapter 7: Applying Encryption in Cloud Services

10. Section 3: Threats and Compliance Management

11. Chapter 8: Understanding Common Security Threats to Cloud Services

12. Chapter 9: Handling Compliance and Regulation

13. Chapter 10: Engaging with Cloud Providers

14. Section 4: Advanced Use of Cloud Services

15. Chapter 11: Managing Hybrid Clouds

16. Chapter 12: Managing Multi-Cloud Environments

17. Chapter 13:Security in Large-Scale Environments

18. Other Books You May Enjoy

Securing DNS services

Each cloud provider has its own implementation of managed DNS services – these include services for translating hostnames into IP addresses, different types of DNS records services (such as Alias, CNAME, and more), resolving hostname to load-balance IP, and more.

Securing Amazon Route 53

Amazon Route 53 is the Amazon managed DNS service.

Best practices for securing Amazon Route 53

The following are some of the best practices to follow:

Create an Identity and Access Management (IAM) group, add users to the group, and grant the required permissions on the Route 53 service for the target group.
Enable Domain Name System Security Extensions (DNSSEC signing) on any public-hosted zone to protect against DNS spoofing attacks.
Use a new customer master key (CMK) to sign any newly created public-hosted zone.
Make sure privacy protection is enabled for any domain you manage using Route 53 to protect the privacy of domain owners&apos...