Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Leoswaldo Macias - Protecting your App in the Cloud
Search
DevOpsDays GDL
February 21, 2020
Technology
0
220
Leoswaldo Macias - Protecting your App in the Cloud
DevOps Days GDL 2020 - February 20th
DevOpsDays GDL
February 21, 2020
Tweet
Share
More Decks by DevOpsDays GDL
See All by DevOpsDays GDL
Julian Limon - Aligned autonomy: How clarity on outcomes gets us to self-organized teams that win
devopsdaysgdl
0
380
Jorge Castro - Building DevOps Ways of Working at large Enterprise through learning, collaboration and Gamification experiences: Continuous WoWs, DevUps and Feedback
devopsdaysgdl
0
250
Salvador Elizarraras - Five Ways to Improve Team Performance
devopsdaysgdl
0
180
Tommy Adams - Cutting the Cord: Letting Your Remote Team Run Free
devopsdaysgdl
0
180
Cameron Motevasselani - Extending Spinnaker for the Enterprise
devopsdaysgdl
0
240
Jesus Contreras - Containers y DevTools en AWS
devopsdaysgdl
0
220
Liz fong-Jones - Production Excellence
devopsdaysgdl
0
260
Mofizur Rahman - Knative: Serverless Computing on Kubernetes
devopsdaysgdl
0
250
Ra Acosta - SAFe Journey 5.0
devopsdaysgdl
0
190
Other Decks in Technology
See All in Technology
require(ESM)とECMAScript仕様
uhyo
3
820
複雑な構成要素を持つUIとの向き合い方 〜新・支出グラフでの実例〜 / B43 TECH TALK
nakamuuu
0
140
Building a RAG-poweredAI chat appwith Python and VS Code
pamelafox
0
110
AWSに詳しくない人でも始められるコスト最適化ガイド
yuhta28
1
250
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
630
今年のRubyKaigiはProfiler Year🤘
osyoyu
0
190
【NW X Security JAWS#3】L3-4:AWS環境のIPv6移行に向けて知っておきたいこと
shotashiratori
0
430
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
2
390
ルーターでプレゼンする
puhitaku
0
650
MapLibreとAmazon Location Service
dayjournal
1
160
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
220
Featured
See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
How STYLIGHT went responsive
nonsquared
92
4.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
241
1.2M
Robots, Beer and Maslow
schacon
PRO
155
7.9k
How to name files
jennybc
65
93k
10 Git Anti Patterns You Should be Aware of
lemiorhan
648
58k
Fireside Chat
paigeccino
21
2.6k
Transcript
Protecting your App in the Cloud @LeoswaldoMacias
Misconception
Shared Responsibility Model
“If you have access to change it then it is
yours, if not, then it’s theirs”
Incident Prevention A process to set instruments/tools/services to avoid possible
threats or impacts during an attack Incident Response Plan What to do when once we are impacted
Compliance Updates Maintain your instances up to date (OS, Libraries)
Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret
Network: Content Delivery Network CDN Content Delivery Network Your App
WAF
Network: Web Application Firewalls Firewall Layer 3 and 4 WAF
Contains Layer 7 attacks by inspecting for: • SQL Injections • XSS • Origin Geographically requests • String appearances • … and more
At least you know How soon or late? What are
the actions taken?
Incident Response Plan • Preparation • Detection • Containment •
Investigation • Recovery • Lesson Learn
Preparation Log everything you can (this will also help for
auditing) • Application Logs • Server Logs • Network Logs (Traces) • Access Logs and more Design the infrastructure to prevent single point of failure
Detection Monitoring and Alerting • Behaviour rules like traffic spikes,
CPU and Memory consumption • Traffic from countries not served • Sign in failures Page System :(
Containment Use automated processes to isolate any further impact like:
• Creating Network rules Make sure the impacted surface does not grow
Investigation • Analyze logs and timelines • Check which alarming
systems triggered • Check Dashboards
Recovery Get your environment to normal state
Lessons Learned Make sure all missings are documented and ARs
are assigned and tracked
Take Away #1 All applications are subject to exploits
Take Away #2 I’d rather invest more money on security
checks, tools, automation, than risking customer/company data
Take Away #3 Security is a shared responsibility to be
carried among all company employees, not only the Security crew
Thanks! @LeoswaldoMacias
[email protected]