what they did, assuming your hackers are very sophistic…

Your CTO thinks your AWS account was hacked. What is the only way to know for certain if there was unauthorized access and what they did, assuming your hackers are very sophisticated AWS engineers and doing everything they can to cover their tracks?

to forgery in the event of a full account compromise by sophisticated enough hackers. Validated log files are invaluable in security and forensic investigations. user credentials performed specific API activity. The CloudTrail log file integrity validation process also lets you know if a log file has been deleted or changed, or assert positively that no log files were delivered to your account during a given period of time. http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

Your CTO thinks your AWS account was hacked. What is the only way to know for certain if there was unauthorized access and what they did, assuming your hackers are very sophisticated AWS engineers and doing everything they can to cover their tracks?

to forgery in the event of a full account compromise by sophisticated enough hackers. Validated log files are invaluable in security and forensic investigations. user credentials performed specific API activity. The CloudTrail log file integrity validation process also lets you know if a log file has been deleted or changed, or assert positively that no log files were delivered to your account during a given period of time. http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

A.
Use CloudTrail Log File Integrity Validation.

B.
Use AWS Config SNS Subscriptions and process events in real time.

C.
Use CloudTrail backed up to AWS S3 and Glacier.

D.
Use AWS Config Timeline forensics.

Explanation:
Explanation/Reference:
You must use CloudTrail Log File Validation (default or custom implementation), as any other tracking method is subject
For example, a validated log file enables you to assert positively that the log file itself has not changed, or that particular



Leave a Reply 0

Your email address will not be published. Required fields are marked *