Upload File

shared security in aws

14
Shared Security in AWS March 2017 Peter Gordon Cloud Security Architect APAC

Upload: darrell-king

Post on 11-Apr-2017

126 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Shared Security in AWS

Shared Security in AWS

March 2017

Peter GordonCloud Security Architect APAC

Page 2: Shared Security in AWS

Agenda

• Shared Security Model recap• Common threats & consequences• Ransomware and the cloud• Mapping controls to the SSM

Page 3: Shared Security in AWS

Sophos and AWS

• Sophos is a Security Competency Partner• Have had the UTM on the AWS Marketplace since 2011• Solutions that integrate with several AWS services

Auto ScalingAmazon S3CloudFormationElastic Load Balancing

Page 4: Shared Security in AWS

Customer is responsible for security ‘in’ the

Cloud

AWS takes care of the security ‘of’ the Cloud

AWS Shared Security Model overview

Page 5: Shared Security in AWS

Common threats

•Web application attacks, such as SQLi and XSS• DoS and DDoS• Ransomware• Exploits• Brute force attacks

Page 6: Shared Security in AWS

Consequences

• Data breacho User data / passwordso Financial infoo Now mandatory disclosure in Australia (for some)

• Loss of data o Encryption by ransomware

• Hijacked servers o Used as malware delivery serverso Participation in DDoS attackso Stepping stone to bigger target

• Time and cost of restoration of systems and data

Page 7: Shared Security in AWS

7

Servers are critical assets

• Corporate / proprietary data on network shares•Web site content• Higher value targets for ransomware• Performance and availability critical for servers

Page 8: Shared Security in AWS

Ransomware and AWS – really?

• Traditionally an end point problem, but…o Mapped drives get hit tooo Compromised web servers may be used

to spread the malwareo Some attacks encrypt web server fileso Can be delivered through an exploit kito Brute force RDP attacks

Page 9: Shared Security in AWS

Anatomy of a Ransomware Attack

Exploit Kit or Spam with Infection

Command & Control Established

Local Files are Encrypted

Ransomware deleted, Ransom

Instructions delivered

Page 10: Shared Security in AWS

10

Why customers need more security

• Security Groups and NACLso Port or IP filteringo No traffic or application visibilityo Unable to prevent attacks in trusted

portso No malware protection = no

ransomware protection

• Security vendorso Application controlo Forward proxy with filteringo Web Application Firewall*o Stateful Firewall and IPSo Anti-Malwareo Traffic visibility

Page 11: Shared Security in AWS

Security Controls to address Shared Security Model

Application Security

Data Encryption

Access Control

VPC / SG / NACL

AWS Web Services

DatabaseStorageComputeNetworking

Application Updates

HIPSCustomer is expected to add protection layers

WAF

VPN

NGFW Outbound Proxy

Host Hardening

Customer updates OS and Applications

Availability ZonesRegions

Edge Locations

AWS Global Infrastructure

OS Updates NIPS

AV/NG

Customer configures AWS security features

Customer is responsible for security ‘in’ the

Cloud

AWS takes care of the security ‘of’ the Cloud

App Control

Page 12: Shared Security in AWS

Further Mitigations

• Backup, backup, backup…• Block communications to C&C servers• Monitor and block encryption behaviour on servers• Reduce attack surface - Server lockdown / application

whitelisting• Patch your ec2 instances! OS and Applications• DDoS mitigation services (e.g. AWS Shield)• Other regular corporate security controls

• User education and user security controls (email etc)

Page 13: Shared Security in AWS

What is Sophos doing?

• Various deployments of UTM (FW/WAF/IPS/VPN/Proxy)o Standaloneo HAo Auto-scaling

• Server host protection integrates with AWS• Phishing education for users

Page 14: Shared Security in AWS

14


Aws security Fundamentals

Security Pillar - AWS

Amazon AWS Shared Security Model

ARMOR ANYWHERE – SECURITY · Per the AWS shared responsibility model, security is shared between AWS and AWS customers. AWS manages security controls of its infrastructure-as-a-service

Security onAWS (overview)aws-de-media.s3.amazonaws.com/images/Webinar/201… ·  · 2016-01-27Agenda: • Overview • AWS Regions • Availability Zones • Shared Responsibility

Shared Security Responsibility in the AWS Public Cloud

AWS Security Incident Response Guide - AWS Technical Guide...AWS Security Incident Response Guide AWS Technical Guide AWS Security Incident Response Guide Publication date: November

AWS Security in Plain English – AWS Security Day

AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Work for You

AWS Architecture and Security Recommendations for ... · AWS Architecture and Security Recommendations for ... Linux images in a cloud computing ... AWS Architecture and Security

The AWS Shared Responsibility Model in Practice - Nirav Kothari, AWS

Agile and Keyless Cloud Security Response...ACM, AWS CloudTrail, AWS IAM, AWS IAM Access Analyzer, AWS Lambda, AWS Security Hub. • Platform: Platform independent Avoid credential

AWS Security & Compliance

AWS Cloud Security

AWS Webcast - Security Best Practices on AWS

AWS Security & Compliance - Matrix · AWS Security & Compliance CJ Moses ... AWS IAM Amazon VPC AWS Direct Connect AWS Storage Gateway AWS$Public$Sector $!!! LEAST!PRIVILEGE!PRINCIPLE!

AWS Security - d36cz9buwru1tt.cloudfront.netd36cz9buwru1tt.cloudfront.net/aws-gov-summit-2011/Security_Keynote... · AWS Security Resources ... Customer 1 Security Groups Customer

AWS: Overview of Security Processesd36cz9buwru1tt.cloudfront.net/jp/summit2012/pdf/awssummit-overview... · AWS: Overview of Security Processes Bill Murray Manager – AWS Security

Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17

AWS Security Whitepaper

Introduction to AWS Security Processes · Introduction to AWS Security Processes . ... Amazon Web Services – Overview of Security Processes June ... the AWS-provided security group

AWS Security Overview

AWS Security Overview · | #cloudsec AWS Security Overview Ridge XU, Solutions Architect, AWS

Shared Security Responsibility Model of AWS

AWS Security Reference Architecture (AWS SRA)

TECHNICAL BRIEF Expert-enabled SaaS Security built for AWS...AlertLogic.com EXPERT-ENABLED SAAS SECURITY BUILT FOR AWS 3 Security Integrated (cont.) AWS CLOUDTRAIL AWS CloudTrail records

Understanding AWS Security

AWS Genomics WP · 4. Deploy data and applications on top of the AWS environment Classifying data for compliance requirements AWS operates under a shared security responsibility model,

FIREEYE THREAT ANALYTICS PLATFORM (TAP) FOR AWS · FIREEYE THREAT ANALYTICS PLATFORM (TAP) FOR AWS 4 The AWS Shared Responsibility Model In the AWS Shared Responsibility Model, security

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE€¦ · AWS SOC 1 Report, AWS SOC 2: Security & Availability Report, AWS SOC 2: Confidentiality Report, and AWS SOC 3: Security &

Aws meetup aws security 06112015 final 1

FERPA Compliance on AWS - Audience Response · PDF fileFERPA Compliance on AWS ... For more information about the shared responsibility model, see AWS Security Best Practices. Security

Spring and Pivotal Application Service · 2018-11-08 · vSphere Openstack AWS Google Cloud Azure & Azure Stack Shared Services Shared Security Shared Networking / Services Brokers

AWS User Guide to Support Compliance with North American ......Security and Shared Responsibility Cloud security is a shared responsibility. The Shared Responsibility Model is fundamental

AWS Security Strategy