From 0 to Secure in 1 Minute APPSEC IL 2015. Moshe Ferber CCSK, CCSP



Similar documents
From Zero to Secure in 1 Minute

How to Grow and Transform your Security Program into the Cloud

Cloud Courses Description

Cloud Security Training Days 3 and 4 Syllabus

Cloud Courses Description

Implementing Microsoft Azure Infrastructure Solutions

Software Defined Everything

ur skills.com

How an Open Source Cloud Will Help Keep Your Cloud Strategy Options Open

How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

This module explains the Microsoft Dynamics NAV architecture and its core components.

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Web Application Platform for Sandia

NEXT-GENERATION, CLOUD-BASED SERVER MONITORING AND SYSTEMS MANAGEMENT

Public Cloud Security: Surviving in a Hostile Multitenant Environment

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Security Inspection Inc. Solutions to secure your network

Practical Development with a Platform as a Service (PaaS) Beyond the Basics

Microsoft Implementing Microsoft Azure Infrastructure Solutions

Cloud Computing Security Requirements

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

OpenStack. Orgad Kimchi. Principal Software Engineer. Oracle ISV Engineering. 1 Copyright 2013, Oracle and/or its affiliates. All rights reserved.

eeye Digital Security Product Training

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

VICNET is G-Cloud7 GOV UK Supplier VISIT DIGITAL MARKET PLACE VICNETCLOUD VICNET CLOUD MIGRATION SERVICES

Protecting the un-protectable Addressing Virtualisation Security Challenges

McAfee Database Security. Dan Sarel, VP Database Security Products

Using SUSE Studio to Build and Deploy Applications on Amazon EC2. Guide. Solution Guide Cloud Computing.

hyperguard Defining a dwaf to secure cloud applications By Alexander Meisel, CTO and Co-Founder

CCSK Prep Course 2015

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises

Cloud Computing Business, Technology & Security. Subra Kumaraswamy Director, Security Architecture, ebay

Cloud Essentials for Architects using OpenStack

Assessing Risks in the Cloud

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Cloud and Data Center Security

Cloud Security Overview

Sessione di Studio AIEA 19 Giugno 2015

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Digi Device Cloud: Security You Can Trust

Hybrid Cloud Computing

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Cloud-Security: Show-Stopper or Enabling Technology?

Implementing Microsoft Azure Infrastructure Solutions

Nessus Agents. October 2015

Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Lecture 02b Cloud Computing II

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Navigating The World of Cloud Computing

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Security Issues in Cloud Computing

Availability Digest. HPE Helion Private Cloud and Cloud Broker Services February 2016

SERENA SOFTWARE Serena Service Manager Security

Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS)

BOOT CAMP MICROSOFT EXCHANGE SERVER 2013 (MSEXCH-BC)

Cloud Security and Data Protection

DevOps. Josh Preston Solutions Architect Stardate

Getting Started with Web Application Security

Software Defined Perimeter: Securing the Cloud to the Internet of Things

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Top 10 Cloud Risks That Will Keep You Awake at Night

Computer Forensics and Incident Response in the Cloud. Stephen Coty AlertLogic, AlertLogic_ACID

Microsoft Azure for IT Professionals 55065A; 3 days

CloudBerry Dedup Server

7 things you need to know about SQL Server 2008 R2

The Defense RESTs: Automation and APIs for Improving Security

Building Success on Acquia Cloud. Buyer s Guide

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) Introduction to Cloud Security. Taniya

Required Software Product List

OpenStack Cloud Migration : Migrating On-premise workloads to OpenStack Private Cloud

How to Keep a Cloud Environment Current, Secure and Available October 16, 2014

The New Style of IT. Rob McMahon. Director Cloud Computing HP General Western Europe

Protect Yourself in the Cloud Age

APPLICATION SECURITY: ONE SIZE DOESN T FIT ALL

Top Five Database Security and Compliance Resolutions for 2008

Product Overview. UNIFIED COMPUTING Managed Hosting Compute

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

CLOUD COMPUTING. When It's smarter to rent than to buy

Building Out Your Cloud-Ready Solutions. Clark D. Richey, Jr., Principal Technologist, DoD

Transition Your Windows Server 2003 Infrastructure to a Modern Cisco and Microsoft Solution

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

What CISOs Need to Know About Cloud Computing

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Managing Enterprise Devices and Apps using System Center Configuration Manager

Copyright 2013 enstratius, Inc.

What Cloud computing means in real life

Outline SSS Microsoft Windows Server 2008 Hyper-V Virtualization

From Rivals to BFF: WAF & VA Unite OWASP The OWASP Foundation

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

McAfee Public Cloud Server Security Suite

Transcription:

From 0 to Secure in 1 Minute APPSEC IL 2015 Moshe Ferber CCSK, CCSP

#About Information security professional for over 20 years Popular industry speaker & lecturer (DefCon, BlackHat, Infosec and more) Co-Contributor for CCSK, CCSP and other cloud security initiative. Founded Cloud7, Managed Security Services provider (currently 2bsecure cloud services) Partner at Clarisite Your customer s eye view Partner at FortyCloud Make your public cloud private Member of the board at Macshava Tova Narrowing societal gaps Certified CCSK instructor for the Cloud Security Alliance. Certified CCSP instructor for ISC2. Co-Chairman of the Board, Cloud Security Alliance, Israeli Chapter

About the Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and Educational Programs Cloud providers & security professionals Certifications Awareness and Marketing The globally authoritative source for Trust in the Cloud CSA Israel: Community of security professional promoting responsible cloud adoption. To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing

About the talk Cloud security challenges and benefits And more specifically, using IaaS automation and orchestration features for increasing the security Dashboard Billing API Orchestration Hypervisor Controller Abstraction Physical Servers Network Storage

About the talk Provider administration Insecure instances Management console Side channel attack Cloud Attack Vectors Multi tenancy & virtualization Chain of supply Automation & API

Anatomy of a cloud hack

Anatomy of a cloud hack the BrowserStack story Shell shock vulnerability on unused server Found API key on hacked server Using API key opened a firewall rule and launch an instance Attached a backup volume to the instance Found database credential on backup device Connected to DB SOURCE: https://www.browserstack.com/attack-and-downtime-on-9-november

Do we have the right tools? Source: http://ifail.info/wp-content/uploads/2010/04/street_dentist_thumb.jpg?98bbf9

About Architecture the talk & Deployments is changing The billing cycle is reducing AUTO SCALING Micro-Services Architecture Google slashes cloud platform price again Microsoft will offer Azure by the minute to take on Amazon s cloud 1 hour 10 min DEV OPS Microsoft follows Google with by-the-minute cloud blending 1 min Continuous Delivery

About How the to talk do security when servers alive for 10 minutes? Patch management Maintenance windows Periodic vulnerability scanning Hardening

The image part with relationship ID rid2 was not found in the file. The image part with relationship ID rid2 was not found in the file. DON T LET SECURITY HOLD YOU DOWN Source: www.avon-barrier.co.uk

About the talk Introducing SOURCE: http://www.cloudefigo.org/ Based on the work made by Rich Mogull from Securosis https://github.com/securosis

Cloudefigo Lifecycle 1 Server launch 2 Server loads security configuration S3 3 Server encrypts disk volumes 4 Server scanned for vulnerabilities 5 Server moves to production

Components Object Storage Vulnerability Scanner Cloud-Init Configuration Management IAM Roles Volume Encryption

Instant Lifecycle Launch Terminate Update Production Control Scan

Wrapping Up The new software architecture and applications delivery in cloud module disrupts traditional correctives controls We need to adopt new thinking to automate security Think how security automation can help you in moving your infrastructure forward. Faster.

Questions Moshe Ferber @: moshe (at) onlinecloudsec.com w: www.onlinecloudsec.com in: www.linkedin.com/in/mosheferber t: @FerberMoshe www.cloudefigo.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information