Welcome to my AWS Cloud Cybersecurity Home Lab repository! This lab is designed to enhance my skills and knowledge in cloud-based cybersecurity, focusing on various AWS services and tools. The lab includes honeypot deployment, network traffic monitoring, and threat detection and analysis.
- Objective: Deploy and configure a T-Pot honeypot for intrusion detection.
- Setup:
- Deployed on an EC2 instance.
- Configured network segmentation with subnets and security groups.
- Outcome: Successfully attracted and logged malicious activities.
- Objective: Monitor network traffic using VPC flow logs.
- Setup:
- Configured VPC flow logs to feed data to CloudWatch.
- Set up dashboards and alarms for real-time monitoring.
- Outcome: Achieved comprehensive network visibility and proactive monitoring.
- Objective: Enhance threat detection and incident analysis.
- Setup:
- Enabled Guard Duty for continuous monitoring.
- Used Detective for in-depth analysis of security findings.
- Outcome: Strengthened threat detection and response capabilities.
- EC2: Hosting T-Pot honeypot instance.
- Security Hub: Centralized view of security alerts and compliance status.
- CloudWatch: Monitoring and logging of VPC flow logs and other metrics.
- IAM: Identity and Access Management for securing AWS resources. Idenities managed for users and service inegrations
- CloudTrail: Logging of AWS API calls for auditing and compliance to ensure secure access control between services.
- S3: Storage for logs and other data.
- Billing and Cost Management: Monitoring AWS usage and expenses.
- IAM Identity Center: Centralized identity management.
- Guard Duty: Threat detection and monitoring of T-Pot instance for malicious activity.
- Detective: Detailed analysis and investigation of potential security issues to aid with threat hunting.