Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Leoswaldo Macias - Protecting your App in the ...
Search
DevOpsDays GDL
February 21, 2020
Technology
0
290
Leoswaldo Macias - Protecting your App in the Cloud
DevOps Days GDL 2020 - February 20th
DevOpsDays GDL
February 21, 2020
Tweet
Share
More Decks by DevOpsDays GDL
See All by DevOpsDays GDL
Julian Limon - Aligned autonomy: How clarity on outcomes gets us to self-organized teams that win
devopsdaysgdl
0
480
Jorge Castro - Building DevOps Ways of Working at large Enterprise through learning, collaboration and Gamification experiences: Continuous WoWs, DevUps and Feedback
devopsdaysgdl
0
320
Salvador Elizarraras - Five Ways to Improve Team Performance
devopsdaysgdl
0
210
Tommy Adams - Cutting the Cord: Letting Your Remote Team Run Free
devopsdaysgdl
0
220
Cameron Motevasselani - Extending Spinnaker for the Enterprise
devopsdaysgdl
0
280
Jesus Contreras - Containers y DevTools en AWS
devopsdaysgdl
0
270
Liz fong-Jones - Production Excellence
devopsdaysgdl
0
310
Mofizur Rahman - Knative: Serverless Computing on Kubernetes
devopsdaysgdl
0
330
Ra Acosta - SAFe Journey 5.0
devopsdaysgdl
0
220
Other Decks in Technology
See All in Technology
偏光画像処理ライブラリを作った話
elerac
1
150
分解して理解する Aspire
nenonaninu
2
690
Potential EM 制度を始めた理由、そして2年後にやめた理由 - EMConf JP 2025
hoyo
2
1.6k
Apache Iceberg Case Study in LY Corporation
lycorptech_jp
PRO
0
250
AWSを活用したIoTにおけるセキュリティ対策のご紹介
kwskyk
0
270
PHPカンファレンス名古屋-テックリードの経験から学んだ設計の教訓
hayatokudou
2
530
エンジニアが加速させるプロダクトディスカバリー 〜最速で価値ある機能を見つける方法〜 / product discovery accelerated by engineers
rince
4
520
株式会社EventHub・エンジニア採用資料
eventhub
0
4.3k
EDRの検知の仕組みと検知回避について
chayakonanaika
8
4.2k
ホワイトボードチャレンジ 説明&実行資料
ichimichi
0
140
NFV基盤のOpenStack更新 ~9世代バージョンアップへの挑戦~
vtj
0
320
AIエージェント入門
minorun365
PRO
6
2.1k
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Writing Fast Ruby
sferik
628
61k
How to Ace a Technical Interview
jacobian
276
23k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
Bash Introduction
62gerente
611
210k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Into the Great Unknown - MozCon
thekraken
35
1.6k
A designer walks into a library…
pauljervisheath
205
24k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.3k
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.5k
Transcript
Protecting your App in the Cloud @LeoswaldoMacias
Misconception
Shared Responsibility Model
“If you have access to change it then it is
yours, if not, then it’s theirs”
Incident Prevention A process to set instruments/tools/services to avoid possible
threats or impacts during an attack Incident Response Plan What to do when once we are impacted
Compliance Updates Maintain your instances up to date (OS, Libraries)
Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret
Network: Content Delivery Network CDN Content Delivery Network Your App
WAF
Network: Web Application Firewalls Firewall Layer 3 and 4 WAF
Contains Layer 7 attacks by inspecting for: • SQL Injections • XSS • Origin Geographically requests • String appearances • … and more
At least you know How soon or late? What are
the actions taken?
Incident Response Plan • Preparation • Detection • Containment •
Investigation • Recovery • Lesson Learn
Preparation Log everything you can (this will also help for
auditing) • Application Logs • Server Logs • Network Logs (Traces) • Access Logs and more Design the infrastructure to prevent single point of failure
Detection Monitoring and Alerting • Behaviour rules like traffic spikes,
CPU and Memory consumption • Traffic from countries not served • Sign in failures Page System :(
Containment Use automated processes to isolate any further impact like:
• Creating Network rules Make sure the impacted surface does not grow
Investigation • Analyze logs and timelines • Check which alarming
systems triggered • Check Dashboards
Recovery Get your environment to normal state
Lessons Learned Make sure all missings are documented and ARs
are assigned and tracked
Take Away #1 All applications are subject to exploits
Take Away #2 I’d rather invest more money on security
checks, tools, automation, than risking customer/company data
Take Away #3 Security is a shared responsibility to be
carried among all company employees, not only the Security crew
Thanks! @LeoswaldoMacias
[email protected]