Upload File

Download - How our AWS account got hacked and what we did to ensure it never happened again

Transcript
Page 1: How our AWS account got hacked and what we did to ensure it never happened again

Continuous Assurance

Page 2: How our AWS account got hacked and what we did to ensure it never happened again

A Typical AWS journey

Page 3: How our AWS account got hacked and what we did to ensure it never happened again

Best practice is new and complex

Page 4: How our AWS account got hacked and what we did to ensure it never happened again

With great power comes great responsibility

1: Respect the privacy of others.2: Think before you type.

3: With great power comes great responsibility.

[sudo] login

Page 5: How our AWS account got hacked and what we did to ensure it never happened again

Shared Responsibility!

Page 6: How our AWS account got hacked and what we did to ensure it never happened again

Typical monthly AWS bill

Spiraling Cost

Monthly AWS bill after compromise

Page 7: How our AWS account got hacked and what we did to ensure it never happened again

 NAT not designed for failure

Figure 1a: Internet-bound traffic through a NAT instance

Figure 1b: Internet-bound traffic interrupted during NAT

failure

Page 8: How our AWS account got hacked and what we did to ensure it never happened again

 NAT designed for failure

Virtual Private Cloud

Page 9: How our AWS account got hacked and what we did to ensure it never happened again

SSL certificate

The site’s security certificate has expired!

Page 10: How our AWS account got hacked and what we did to ensure it never happened again

What we built to solve this! – Cloud Conformity Demo

Page 11: How our AWS account got hacked and what we did to ensure it never happened again

Register your interest at

cloudconformity.com

Beta finishes September

1st

WIN anAmazon

Echo

Continuous Assurance


Top Related

ID Theft: Managing Risk and Controlling Damage€¦ · Been Hacked: 1. Find Out What Happened. To respond effectively, get a full picture of what happened, including how the hackers
ID Theft: Managing Risk and Controlling Damage€¦ · Been Hacked: 1. Find Out What Happened. To respond effectively, get a full picture of what happened, including how the hackers
WEBSITE HACKED TREND REPORT
WEBSITE HACKED TREND REPORT
April 2015 — Hacked
April 2015 — Hacked
To be Hacked or not to be Hacked!
To be Hacked or not to be Hacked!
Http:// HACKED!!! Securing your Business Ankit Fadia Ethical Hacker fadia.ankit@gmail.com Hacked!!!
Http:// HACKED!!! Securing your Business Ankit Fadia Ethical Hacker [email protected] Hacked!!!
HACKED BY Mutarrif
HACKED BY Mutarrif
Hacked Off with Hackathons
Hacked Off with Hackathons
AWS re:Invent 2016 Recap: What Happened, What It Means
AWS re:Invent 2016 Recap: What Happened, What It Means