Watch Out for the Dark Cloud: Cloud Computing and Cyber Threats
Cloud Security & Real World Threats
-
Upload
rob-witoff -
Category
Engineering
-
view
272 -
download
2
Transcript of Cloud Security & Real World Threats
![Page 1: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/1.jpg)
R o b W i t o f f , D i r e c t o r
CLOUD SECURITY & USABLE PROTECTIONS FROM REAL WORLD THREATS
![Page 6: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/6.jpg)
coinbase.com
PRIVATE KEY PUBLIC KEY
1EBHA1ckUWzNKN7BMfDwGTx6GKEbADUozX
BITCOIN ADDRESS
![Page 11: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/11.jpg)
Observe Orient Decide Act
![Page 12: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/12.jpg)
coinbase.com
VPC
IAM
NACL
SecurityGroups
RouteTable
ShareSnapshotCloudtrail
Flow Logs
DENY
Geo
Volume
Misconfiguration
Data Exfiltration
Anomalous Activity
![Page 21: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/21.jpg)
2015 Verizon Data Breach Investigations
Report
![Page 22: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/22.jpg)
![Page 23: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/23.jpg)
![Page 24: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/24.jpg)
![Page 25: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/25.jpg)
![Page 26: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/26.jpg)
![Page 27: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/27.jpg)
2/22 google trends search for “glibc”
![Page 28: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/28.jpg)
2/22 google trends search for “glibc”
![Page 29: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/29.jpg)
Friday → Weekend!
![Page 30: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/30.jpg)
![Page 31: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/31.jpg)
![Page 32: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/32.jpg)
coinbase.com
“Asset Discovery”
“Digital Footprint Detection”
“Unknown Asset Indexing”
![Page 39: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/39.jpg)
coinbase.com
30 Day Project
- Automation - Codification - Knowledge Sharing - Disaster Recovery
![Page 40: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/40.jpg)
coinbase.com
30 day plan -> impact on automation AWS Cache, Discovery & Charting
5
0
![Page 45: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/45.jpg)
Disclosure Feb 17, 2016_________________________________________________________________________________________________________________________
Discovery < July 13, 2015
?
![Page 46: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/46.jpg)
![Page 47: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/47.jpg)
“At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence
agencies”
https://www.schneier.com/blog/archives/2014/04/heartbleed.html
![Page 49: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/49.jpg)
![Page 50: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/50.jpg)
![Page 51: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/51.jpg)
Secure By $$$ Optimization -or-
Secure By Design?
https://www.washingtonpost.com/blogs/the-switch/files/2014/02/mainroom.jpg
![Page 52: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/52.jpg)
Secure by $$$ Optimization -or-
Secure by Design
![Page 65: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/65.jpg)
coinbase.com
~99% of bitcoin will never touch a routable electron
… and neither should your root MFA tokens!
![Page 68: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/68.jpg)
![Page 77: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/77.jpg)
coinbase.com
https://github.com/coinbase/self-service-iam
![Page 80: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/80.jpg)
![Page 81: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/81.jpg)
Accessing User Data via Metadata Service SSRF
![Page 82: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/82.jpg)
![Page 85: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/85.jpg)
EC2 Instance
169.254.169.254
![Page 86: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/86.jpg)
![Page 87: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/87.jpg)
![Page 88: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/88.jpg)
![Page 89: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/89.jpg)
![Page 90: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/90.jpg)
![Page 91: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/91.jpg)
![Page 92: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/92.jpg)
![Page 93: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/93.jpg)
![Page 94: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/94.jpg)
![Page 95: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/95.jpg)
![Page 96: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/96.jpg)
![Page 97: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/97.jpg)
![Page 98: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/98.jpg)
![Page 99: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/99.jpg)
![Page 100: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/100.jpg)
![Page 101: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/101.jpg)
![Page 102: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/102.jpg)
![Page 103: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/103.jpg)
![Page 105: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/105.jpg)
![Page 106: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/106.jpg)
Resolution #1
Resolution #2!
![Page 107: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/107.jpg)
![Page 108: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/108.jpg)
coinbase.com
via @Lukasa https://github.com/kennethreitz/requests/issues/2008#issuecomment-40793099
![Page 109: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/109.jpg)
coinbase.com
![Page 110: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/110.jpg)
coinbase.com
1.Lookup IP Address 2.Validate IP Address Against RFC 6890 3.Make Request Bound to this Validated IP Address
Making A Safe Web Request inside Your Cloud
![Page 111: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/111.jpg)
coinbase.com
![Page 112: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/112.jpg)
![Page 113: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/113.jpg)
Accessing User Data 1. Metadata Service SSRF
![Page 114: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/114.jpg)
Accessing User Data 1. Metadata Service SSRF 2. AWS API
![Page 115: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/115.jpg)
coinbase.com
![Page 116: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/116.jpg)
coinbase.com
11911 actions x 471 servicesPolicies Are Hard
![Page 117: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/117.jpg)
coinbase.com
11911 actions x 471 servicesPolicies Are Hard
instanceType ebsOptimized deviceMapping
shutdownBehavior userData
![Page 118: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/118.jpg)
coinbase.com
11911 actions x 471 servicesPolicies Are Hard
instanceType ebsOptimized deviceMapping
shutdownBehavior userData
![Page 119: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/119.jpg)
coinbase.com
![Page 120: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/120.jpg)
coinbase.com
ec2:Describe* ec2:DescribeInstance ec2:DescribeInstanceAttribute
Write Explicit IAM Policies
![Page 121: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/121.jpg)
coinbase.com
Cloud Can Be Very Secure
Insight Without Access
Security Through Consensus
Security Can Empower
![Page 122: Cloud Security & Real World Threats](https://reader031.fdocuments.us/reader031/viewer/2022022201/588901fb1a28abcf5f8b65ef/html5/thumbnails/122.jpg)
coinbase.com@rwitoff
Thanks!