一键导入
network-security
Cloud-native network protection, zero-trust architecture, and AWS VPC security
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Cloud-native network protection, zero-trust architecture, and AWS VPC security
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
GitHub Agentic Workflows (gh-aw) - markdown-based AI automation with 5-layer security, safe outputs, and Continuous AI patterns
gh-aw CLI usage, compilation, testing, debugging, add-wizard, and CI/CD practices for GitHub Agentic Workflows
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
5-layer defense-in-depth security for GitHub Agentic Workflows - safe outputs, threat detection, AWF firewall, and zero-trust patterns
Continuous AI patterns from Agent Factory - issue triage, documentation sync, code quality, security scanning, and project coordination
GDPR compliance including privacy by design, data protection requirements, consent management, right to be forgotten, and data breach response
| name | Network Security |
| description | Cloud-native network protection, zero-trust architecture, and AWS VPC security |
| license | Apache-2.0 |
| version | 1.0 |
| author | Hack23 AB |
| tags | ["network-security","zero-trust","aws-vpc"] |
| category | security |
| frameworks | ["ISO 27001:2022","NIST CSF 2.0","CIS Controls v8.1"] |
| related_policies | ["Network_Security_Policy.md"] |
Enforce cloud-native network security with zero-trust architecture, based on Network Security Policy.
Key Principle: "The perimeter is dead. Long live zero-trust."
aws_vpc_architecture:
network_design:
multi_tier: [public_subnets, private_subnets, isolated_subnets]
availability_zones: minimum_2_for_ha
security_groups: default_deny_least_privilege
nacls: additional_subnet_protection
zero_trust_controls:
identity: iam_roles_with_mfa
segmentation: micro_segmentation_per_workload
encryption: tls_1_3_preferred_vpn_for_admin
monitoring: cloudtrail_guardduty_flowlogs
aws_waf:
managed_rules: [owasp_top_10, known_bad_inputs, ip_reputation]
custom_rules: [rate_limiting, geo_blocking]
logging: s3_with_90_day_retention
prohibited:
- public_databases: rds_in_public_subnets
- unrestricted_sg: 0.0.0.0/0_for_admin_ports
- default_vpc: production_in_default_vpc
- disabled_monitoring: no_cloudtrail_or_flow_logs
vpc_deployment:
public_subnets: [alb, nat_gateway]
private_subnets: [ec2_app_servers, lambda]
isolated_subnets: [rds_database]
security_groups:
alb_sg:
inbound: [443_from_0.0.0.0/0, 80_redirect]
outbound: [8080_to_app_sg]
app_sg:
inbound: [8080_from_alb_sg, 22_from_bastion]
outbound: [5432_to_db_sg, 443_external_apis]
db_sg:
inbound: [5432_from_app_sg_only]
outbound: deny_all
monitoring:
vpc_flow_logs: enabled
guardduty: active
cloudwatch_alarms: configured
Policies: Network Security, Information Security
Frameworks: ISO 27001 A.8.20-23, NIST CSF PR.AC-05, CIS Control 12