Tweet
Tweet

Slide 1

Slide 1 text

i am what IAM Philipp Krenn, @xeraa

Slide 2

Slide 2 text

Why?

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

[...] our data, backups, machine configurations and offsite backups were either partially or completely deleted. 1 http://www.codespaces.com

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

The person(s) used our account to order hundreds of expensive servers, likely to mine Bitcoin or other cryptocurrencies. 1 http://blog.drawquest.com

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

This outage was the result of an attack on our systems using a compromised API key. 1 http://status.bonsai.io/incidents/qt70mqtjbf0s

Slide 9

Slide 9 text

Remember: Starting with AWS is easy, but terminating everything is just as simple.

Slide 10

Slide 10 text

How?

Slide 11

Slide 11 text

Lock away your root account and never use it

Slide 12

Slide 12 text

Always use Identity and Access Management (IAM)

Slide 13

Slide 13 text

Create an IAM user for every service or action

Slide 14

Slide 14 text

Use groups to manage permissions for users

Slide 15

Slide 15 text

Lock users and groups down as much as possible

Slide 16

Slide 16 text

{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket" ], "Resource": "arn:aws:s3:::*" }, { "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::com.example.backup/*" } ] }

Slide 17

Slide 17 text

Strong password

Slide 18

Slide 18 text

http://xkcd.com/936/

Slide 19

Slide 19 text

2 Factor Authentication (2FA)

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

Never commit your credentials

Slide 22

Slide 22 text

Enable IP restrictions

Slide 23

Slide 23 text

{ "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" }, { "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": ["10.0.0.0/24", "10.10.0.0/24"] } } } ] }

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

Enable billing alerts

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

Enable CloudTrail

Slide 28

Slide 28 text

{ "Records": [ { "eventVersion": "1.0", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:user/Alice", "accountId": "123456789012", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2014-09-09T19:01:59Z", "eventSource": "ec2.amazonaws.com", "eventName": "StopInstances", "awsRegion": "eu-west-1", "sourceIPAddress": "205.251.233.176", "userAgent": "ec2-api-tools 1.6.12.2", "requestParameters": { "instancesSet": { "items": [ { "instanceId": "i-ebeaf9e2" } ] }, "force": false }, ... }, ... ] }

Slide 29

Slide 29 text

Check Your Security Status

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

Premium Support Goodie: Trusted Advisor Security

Slide 32

Slide 32 text

No content

Slide 33

Slide 33 text

Questions?

Slide 34

Slide 34 text

PS: ViennaDB Redis meetup September 22nd 19:00 @sektorfuenf