ABOUT ME Automation Ninja @Appsecco Interested in Security, DevOps and Cloud Speaker & Trainer at Defcon, DevSecCon, AllDayDevOps, etc. Found bugs in Google, Microso , Yahoo, etc Never ending learner! Follow me (or) Tweet to me @madhuakula
WHAT IS CLOUD COMPUTING? computing in which large groups of remote servers are networked to allow the centralized data storage, and online access to computer services or resources. - http://en.wikipedia.org/wiki/Cloud_computing
SOME OF THE CLOUD SECURITY CONTROLS Don't user root account (delete or disable access key) Admin's should have written/verbal policy that we don't create access key's for root account
BASIC INCIDENT RESPONSE Who to contact (update contact list) How to communicate (speak only over phone) What information to parse Where your backups are located and how they are secured
BASIC INCIDENT RESPONSE (CONTD.) Don't use AWS to backup for your AWS Offsite backups Common things to backup databases/snapshots s3 buckets EBS volumes cloud formation templates Have a plan and practice that plan (like every 6 months)
VPN TO VPC (CLOUD TO DATACENTER) General observations Setting up is not hard Zero control over the encryption Routing between both is pain Think careful through the CIDR chosen for VPC. Otherwise you have to destroy or rebuilt. Monitoring VPN/VPC heavily VPC flow logs very specific for naming conventions (for alerts & other)
APP INSECURITY SCENARIO App has a Local File Inclusion bug The AWS root credentials are being used They are stored in a world readable file on the server Attacker reads the credentials and starts multiple large instances to mine bitcoins Victim saddled with a massive bill at the end of the month
INFRA INSECURITY SCENARIO MySQL Production database is listening on external port Developers work directly on production database and require SQL Management So ware They log in using the root user of MySQL Database server and a simple password Attacker runs a brute force script and cracks the password, gains full access to the database
DATA INSECURITY SCENARIO Database is getting backed up regularly Due to performance reasons, database wasn’t encrypted when initial backups were done Dev team moves to newer type SSDs and doesn’t decommission older HDDs Attacker finds older HDD, does forensics for data recovery and sell the data for profit