1
00:00:00,250 --> 00:00:02,070
‫Okay, so now let's talk about

2
00:00:02,070 --> 00:00:04,750
‫penetration testing on the Cloud.

3
00:00:04,750 --> 00:00:07,160
‫So, penetration testing is when you're trying to attack

4
00:00:07,160 --> 00:00:10,900
‫your own infrastructure to test your security.

5
00:00:10,900 --> 00:00:12,820
‫A customer of AWS is welcome

6
00:00:12,820 --> 00:00:15,250
‫to carry out these security assessments

7
00:00:15,250 --> 00:00:18,380
‫and penetration testing against your own infrastructure

8
00:00:18,380 --> 00:00:21,440
‫without prior approval for eight services.

9
00:00:21,440 --> 00:00:23,510
‫So, our Amazon EC2 instances,

10
00:00:23,510 --> 00:00:27,463
‫NAT Gateways and Elastic Load Balancers, Amazon RDS,

11
00:00:27,463 --> 00:00:30,680
‫CloudFront, Aurora, the API Gateways, Lambda,

12
00:00:30,680 --> 00:00:32,250
‫and Lambda Edge functions,

13
00:00:32,250 --> 00:00:35,680
‫Lightsail resources and Elastic Beanstalk environments.

14
00:00:35,680 --> 00:00:37,040
‫The list can increase over time,

15
00:00:37,040 --> 00:00:38,920
‫but this is not something that you will be tested

16
00:00:38,920 --> 00:00:40,510
‫on at the exam.

17
00:00:40,510 --> 00:00:43,320
‫Just remember that you don't need an authorization

18
00:00:43,320 --> 00:00:45,650
‫for these eight services,

19
00:00:45,650 --> 00:00:49,100
‫but if you wanted to do other type of activities

20
00:00:49,100 --> 00:00:50,510
‫that could be prohibited.

21
00:00:50,510 --> 00:00:53,790
‫For example, you cannot do a DNS zone walking

22
00:00:53,790 --> 00:00:56,590
‫via Amazon Route 53 Hosted Zone.

23
00:00:56,590 --> 00:01:00,150
‫You can not perform a distributed attack on your system,

24
00:01:00,150 --> 00:01:03,421
‫so you cannot perform a DoS or DDoS or a Simulated DoS

25
00:01:03,421 --> 00:01:04,380
‫or Simulated DDoS.

26
00:01:04,380 --> 00:01:06,980
‫You cannot just attack your own infrastructure

27
00:01:06,980 --> 00:01:08,670
‫with a denial of service.

28
00:01:08,670 --> 00:01:10,150
‫You can not do port flooding.

29
00:01:10,150 --> 00:01:12,600
‫You can undo protocol flooding, request flooding,

30
00:01:12,600 --> 00:01:15,330
‫which are, you know, variants of an attack.

31
00:01:15,330 --> 00:01:17,220
‫And for any other events,

32
00:01:17,220 --> 00:01:20,710
‫you need to contact the security team at AWS

33
00:01:20,710 --> 00:01:22,480
‫to ensure that they can approve it.

34
00:01:22,480 --> 00:01:24,960
‫If you wanted to read more, you can read more here.

35
00:01:24,960 --> 00:01:27,300
‫So, from an exam perspective, yes,

36
00:01:27,300 --> 00:01:29,740
‫you can do pen testing on your Cloud.

37
00:01:29,740 --> 00:01:31,930
‫Remember that some are authorized,

38
00:01:31,930 --> 00:01:35,480
‫but anything that looks like an attack such as DDoS attack

39
00:01:35,480 --> 00:01:39,470
‫or a DNS zone walking or a port flooding is not authorized

40
00:01:39,470 --> 00:01:40,500
‫because for AWS,

41
00:01:40,500 --> 00:01:43,040
‫it would seem like you're trying to attack

42
00:01:43,040 --> 00:01:45,140
‫their infrastructure and they wouldn't like it.

43
00:01:45,140 --> 00:01:46,120
‫So, I hope that was helpful

44
00:01:46,120 --> 00:01:48,070
‫and I will see you in the next lecture.