بنقرة واحدة
network-security
Cloud-native network protection, zero-trust architecture, and AWS VPC security
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Cloud-native network protection, zero-trust architecture, and AWS VPC security
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
GitHub Agentic Workflows (gh-aw) - markdown-based AI automation with 5-layer security, safe outputs, and Continuous AI patterns
gh-aw CLI usage, compilation, testing, debugging, add-wizard, and CI/CD practices for GitHub Agentic Workflows
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
5-layer defense-in-depth security for GitHub Agentic Workflows - safe outputs, threat detection, AWF firewall, and zero-trust patterns
Continuous AI patterns from Agent Factory - issue triage, documentation sync, code quality, security scanning, and project coordination
GDPR compliance including privacy by design, data protection requirements, consent management, right to be forgotten, and data breach response
| name | Network Security |
| description | Cloud-native network protection, zero-trust architecture, and AWS VPC security |
| license | Apache-2.0 |
| version | 1.0 |
| author | Hack23 AB |
| tags | ["network-security","zero-trust","aws-vpc"] |
| category | security |
| frameworks | ["ISO 27001:2022","NIST CSF 2.0","CIS Controls v8.1"] |
| related_policies | ["Network_Security_Policy.md"] |
Enforce cloud-native network security with zero-trust architecture, based on Network Security Policy.
Key Principle: "The perimeter is dead. Long live zero-trust."
aws_vpc_architecture:
network_design:
multi_tier: [public_subnets, private_subnets, isolated_subnets]
availability_zones: minimum_2_for_ha
security_groups: default_deny_least_privilege
nacls: additional_subnet_protection
zero_trust_controls:
identity: iam_roles_with_mfa
segmentation: micro_segmentation_per_workload
encryption: tls_1_3_preferred_vpn_for_admin
monitoring: cloudtrail_guardduty_flowlogs
aws_waf:
managed_rules: [owasp_top_10, known_bad_inputs, ip_reputation]
custom_rules: [rate_limiting, geo_blocking]
logging: s3_with_90_day_retention
prohibited:
- public_databases: rds_in_public_subnets
- unrestricted_sg: 0.0.0.0/0_for_admin_ports
- default_vpc: production_in_default_vpc
- disabled_monitoring: no_cloudtrail_or_flow_logs
vpc_deployment:
public_subnets: [alb, nat_gateway]
private_subnets: [ec2_app_servers, lambda]
isolated_subnets: [rds_database]
security_groups:
alb_sg:
inbound: [443_from_0.0.0.0/0, 80_redirect]
outbound: [8080_to_app_sg]
app_sg:
inbound: [8080_from_alb_sg, 22_from_bastion]
outbound: [5432_to_db_sg, 443_external_apis]
db_sg:
inbound: [5432_from_app_sg_only]
outbound: deny_all
monitoring:
vpc_flow_logs: enabled
guardduty: active
cloudwatch_alarms: configured
Policies: Network Security, Information Security
Frameworks: ISO 27001 A.8.20-23, NIST CSF PR.AC-05, CIS Control 12