Upload File

weeping angels of site reliability

21
The Weeping Angels of Site Reliability Tuesday 2015-03-17 11:30-12:30

Upload: kurt-andersen

Post on 16-Jul-2015

228 views

Category:

Technology


5 download

Report

Tags:

TRANSCRIPT

Page 1: Weeping Angels of Site Reliability

The Weeping Angels of Site ReliabilityTuesday 2015-03-17 11:30-12:30

Page 2: Weeping Angels of Site Reliability
Page 3: Weeping Angels of Site Reliability

Abuse Vectors

1) Shadow or

Reputational

2) Reflection

3) Bad Content

4) Intra-service Attacks

5) Outbound Abuse

6) Third Party Compromise

Page 4: Weeping Angels of Site Reliability

Why DMARC?

Page 5: Weeping Angels of Site Reliability
Page 6: Weeping Angels of Site Reliability

The Data

Page 7: Weeping Angels of Site Reliability

Blocked

Page 8: Weeping Angels of Site Reliability

Abuse Vectors

1) Shadow or

Reputational

2) Reflection

3) Bad Content

4) Intra-service Attacks

5) Outbound Abuse

6) Third Party Compromise

Page 9: Weeping Angels of Site Reliability

Amplification/Reflection Attacks

● Open[SMTP|DNS|NTP|other]

reflectiono http://openNTPproject.org/

o http://openRESOLVERproject.org/

o ISOC Amplification Hell

● Spoofed traffic bounce “back” against victims

http://openntpproject.org/
http://openresolverproject.org/
http://www.internetsociety.org/doc/amplification-hell-revisiting-network-protocols-ddos-abuse
Page 10: Weeping Angels of Site Reliability

Can your service be an oracle?

Page 11: Weeping Angels of Site Reliability

Abuse Vectors

1) Shadow or

Reputational

2) Reflection

3) Bad Content

4) Intra-service Attacks

5) Outbound Abuse

6) Third Party Compromise

Page 12: Weeping Angels of Site Reliability

Anti-Abuse Cloud Best Practices

Page 13: Weeping Angels of Site Reliability

Abuse Vectors

1) Shadow or

Reputational

2) Reflection

3) Bad Content

4) Intra-service Attacks

5) Outbound Abuse

6) Third Party Compromise

Page 14: Weeping Angels of Site Reliability

Intra-service defenses

● Protect credentials

● Watch tunnels / weak endpoint-security

● Watch out for unauthenticated

connections

● Logs can be your friend, but also your

enemy

Page 15: Weeping Angels of Site Reliability

Abuse Vectors

1) Shadow or

Reputational

2) Reflection

3) Bad Content

4) Intra-service Attacks

5) Outbound Abuse

6) Third Party Compromise

Page 16: Weeping Angels of Site Reliability

If you build it. . .

. . .it will be abused.

Page 17: Weeping Angels of Site Reliability

Abuse Vectors

1) Shadow or

Reputational

2) Reflection

3) Bad Content

4) Intra-service Attacks

5) Outbound Abuse

6) Third Party Compromise

Page 18: Weeping Angels of Site Reliability

Third-party services: Common issues

Examples: Source code repositories,

monitoring, crash analytics, user analytics

● Account provisioning and permissioning

● Authentication and account recovery

● Excessive sharing of user data or sensitive

info

● Lack of sufficient audit trails

Page 19: Weeping Angels of Site Reliability

Another take on third parties

Page 20: Weeping Angels of Site Reliability

Take-away points1. Get paranoid about any social/communications features

2. Limit payloads; do you really need a custom message including

arbitrary links?

a. Beware of all user-generated content (UGC)

3. Rate limits, quotas, and metrics

4. Trust but verify, verify, verify

5. Encrypt everything, everywhere, all the time (in motion and at rest)

6. Be mindful of how international users utilize your platform

7. Both users and attackers will use/abuse your platforms in ways you

would never expect

Page 21: Weeping Angels of Site Reliability

J. P. CLARK-BEKEDEREMO – THE WEEPING POET

Angels a Catalogue of Angels

21304 · 2020. 4. 23. · superior creatures in the Universe. The Weeping Angels have the ability to send other beings into the past. They then feed on the potential time energy of

01 Detective Bear Flea & Tick Prevention Bookmark Front€¦ · Angels Bear's Angels Bear's Angels Bear's Angels Bear's Angels BearsAngels.com TortorellaFoundation.org ... TortorellaFoundation.org

“La llorona” Canta: Chabuca Granda “The Weeping Woman”

collegearts.yale.edu · mama who bore me wendla mama who bore me. mama who gave me no way to handle things. who made me so sad. mama, the weeping. mama, the angels. no sleep in heaven,

A Valediction of Weeping

Rachel Weeping Her Children Part 1

Weeping From the Fear of Allah

Angels Demons&Angels Holy Angels Corrie Ten Boom Holy Stories of Angels – Protection in Prison Angels Holy Angels Then the king arose very early in the morning and went in haste

Ficus benjamina: Weeping Fig - Ask IFAS

Sophora japonica ‘Pendula’: Weeping Scholar Tree · Sophora japonica ‘Pendula’: Weeping Scholar Tree 3 Pests Potato leafhopper kills young stems causing profuse branching

Sargent's Weeping Hemlock Reconsidered - Arnold Arboretumarnoldia.arboretum.harvard.edu/pdf/articles/1107.pdf · 202 Sargent’s Weeping Hemlock Reconsidered by PETER DEL TREDICI

The Weeping God of Mormonism

Weeping Woman Pablo Picasso 1937 Oil On

Masters Weeping Willow In The Fog

AngelS/Fallen Angels

Weeping camel

Summer of the Weeping Rain

Issue 6: Chicken Wraps and Weeping Women

Jeremiah The Weeping Prophet

Weeping for Dido

Weeping out of Fear of Allah Part two The Weeping of the Companions

Weeping And Wailing

Outline Weeping Jeremiah-Lamentations All

THE IMPORTANCE OF WEEPING AND WAILING-(AHMIYAT-E …

Selecting Landscape Trees€¦ · Chilopsis linearis Desert Willow Fast 20-25' Short Upright Morus alba 'Chaparral' Weeping Mulberry Fast 20-30' Moderate Weeping Ulmus glabra'Camperdownii

A Semiological Reading: Theo Angelopoulos's The Weeping Meadow

white weeping broom - pir.sa.gov.aupir.sa.gov.au/__data/assets/pdf_file/0017/240065/white_weeping_bro… · White weeping brooms are introduced ornamental shrubs growing to 4 m high,

fabiansinteractivemediablog.files.wordpress.com€¦  · Web viewTHE WEEPING WOMAN, PICASSO. 1937. The weeping woman (60x49) was created in 1937 by famous French artist Pablo Picasso

“Christ Weeping over Jerusalem.” A sermon, etc ...preteristarchive.com/Books/pdf/1870_ellison_christ-weeping-over... · 44%.44 church or england “ temperancereformation sermons

Weeping out of Fear of Allah Part two

“AE” (Pseud. George RUSSELL). Dark Weeping. Beingcloud1.berkelouw.com.au/system/ckeditor_assets/attachments/326/Latest... · 1 1 “AE” (Pseud. George RUSSELL). Dark Weeping

Scheper-Hughes, Nancy. 1992. Death Without Weeping (Book Chapter)

Weeping Myall Woodlands - Department of the Environmentenvironment.gov.au/.../files/weeping-myall-woodlands.pdf · Weeping Myall Woodlands ... wildlife corridors and habitat refuge