Cloudspace Security

CONS3RT allocated cloudspaces have many security features included out of the box including:

  • Credentials that are scoped to your cloudspace and easy to rotate
  • Networks available to only your cloudspace
  • A cloudspace boundary which includes firewalls, network/port address translation (NAT/PAT), and edge gateways
  • Secure remote access (RDP, VNC, or SSH) using your CONS3RT account credentials

All this combines to create a secure cloudspace out-of-the-box for your team whether you choose AWS, Azure, Openstack, or vCloud

Enable Additional Cloudspace Security

If you are a Team Manager, you can enable the additional cloudspace security on your cloudspace:

  1. Click Cloudspaces on the main menu
  2. Select your cloudspace
  3. At the top right click ...Actions, and click Apply Cloudspace Security
  4. Please wait while the additional security features are enabled on your cloudspace, it may take a few minutes
  5. When complete, your cloudspace will display "Lock" icon next to the cloudspace name

If your Team owns a Cloud, then you can enable these features for your Cloud click here for details.

CONS3RT AWS Cloudspaces

CONS3RT AWS cloudspace allocation and security configuration is a fully automated process. Out of the gate CONS3RT creates for you:

  • An IAM role, group, user, and a policy scoping access to only the required resources
  • Access keys for the IAM user that are easily rotatable
  • A VPC with an Internet gateway
  • A private Subnet for each network
  • A public Subnet and NAT instance for each routable network
  • Network ACLs attached to each subnet for additional lockdown
  • Routing tables directing traffic for each subnet
  • Firewall automatically created on the NAT instances
  • Security Groups automatically applied to NAT instances, implementing network firewall rules on each EC2 instance network interface
  • An Elastic IP attached to the cons3rt-net

When enabling Additional Cloudspace Security on your AWS cloudspaces, CONS3RT will:

  • Create of a secure S3 bucket to capture logs
  • Enable CloudTrail logging on actions in the VPC
  • Create of a configuration for capturing CloudTrail logs in the S3 buckets

Note: Enabling additional cloudspace security incurs additional fees from AWS to collect Cloudtrail logs and store in S3.

CONS3RT Azure Cloudspaces

CONS3RT Azure cloudspace allocation and security configuration is a fully automated process. Out of the gate CONS3RT creates for you:
* A private Resource Group
* A private Storage Account
* A private Virtual Network with a private Subnet for each network
* A NAT instance for each routable network
* Firewall automatically created on the NAT instances
* Routing tables directing traffic for each subnet
* Network Security Groups automatically applied to NAT instances, and Network Interfaces attached to each virtual machine (VM)
* A Public IP Address for the cons3rt-net, and each additional routable network