Embed Size (px)
DESCRIPTION
Navigating Payment Card Industry (PCI) compliance on AWS can be easier than in a traditional data center. This session discusses how PaymentSpring implemented a PCI level-1 certified payment gateway running entirely on AWS. PaymentSpring will talk about how they designed the system to make PCI validation easier, what AWS provided, and what additional tools PaymentSpring added. Along the way, they'll cover some things they did to reduce costs and increase the overall security of the system.
Citation preview
https://openvpn.net/
http://www.openldap.org/
https://www.duosecurity.com/
http://www.ossec.net/
https://www.snort.org/
http://www.daemon-tools.cc/
https://openvpn.net/
Snort IDS instance
EC2 Instance
eth0 tap0
http://www.clamav.net/
Customer Master Key (CMK)
• I would recommend a unique CMK for each data record
type (one to encrypt sensitive configuration files, one to
protect SSL private keys, etc.)
• The CMK is used to generate Data Encryption Keys.
Returns
• Generate the DEK using the AWS SDK to call AWS
KMS. It will return cipherText which you must store with
the record and a plaintext string which is the encryption
key you will encrypt the record with.
• Pass an Encryption Context value when creating DEK to
map the key against the record you’re encrypting. This
value will appears in AWS KMS audit logs.
• Each record should have a unique DEK generated for it.Returns
Returns
Returns
Returns
Please give us your feedback on this session.
Complete session evaluations and earn re:Invent swag.
http://bit.ly/awsevals
