Upload File

defending your workloads against the next zero-day vulnerability 

  • Home
  • Technology
  • Defending your workloads against the next zero-day vulnerability 
50
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Defending your workloads against the next zero-day vulnerability Justin Foster @justin_foster CTO & GM, Cloud Workload Security Trend Micro ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Upload: amazon-web-services

Post on 05-Aug-2015

322 views

Category:

Technology


0 download

Report

Tags:

TRANSCRIPT

1. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Defending your workloads against the next zero-day vulnerability Justin Foster @justin_foster CTO & GM, Cloud Workload Security Trend Micro 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 The Story More at aws.trendmicro.com 2012 re:Invent SPR203 : Cloud Security is a Shared Responsibility http://bit.ly/2012-spr203 2013 re:Invent SEC208: How to Meet Strict Security & Compliance Requirements in the Cloud http://bit.ly/2013-sec208 SEC307: How Trend Micro Build their Enterprise Security Offering on AWS http://bit.ly/2013-sec307 2014 re:Invent SEC313: Updating Security Operations for the Cloud http://bit.ly/2014-sec313 SEC314: Customer Perspectives on Implementing Security Controls with AWS http://bit.ly/2014-sec314 3. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Traditional Responsibility Model You Physical Infrastructure Network Virtualization Operating System Applications Data Service Configuration More at aws.amazon.com/security 4. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Shared Responsibility Model AWS Physical Infrastructure Network Virtualization You Operating System Applications Data Service Configuration More at aws.amazon.com/security 5. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Shared Responsibility Model AWS Physical Infrastructure Network Virtualization You Operating System Applications Data Service Configuration More at aws.amazon.com/security 6. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 PCI DSS Level 1 SOC 1/ISAE 3402 SOC 2 SOC 3 ISO 9001 IRAP (.au) FIPS 140-2 CJIS CSA FERPA HIPAA FedRAMP (SM) DoD CSM 1-2, 3-5 DIACAP ISO 27001 MTCS 3 ITAR MPAA G-Cloud Section 508/VPAT FISMA Shared Responsibility Model More at aws.amazon.com/compliance/ 7. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Shared Responsibility Model AWS Physical Infrastructure Network Virtualization You Operating System Applications Data Service Configuration More at aws.amazon.com/security 8. Vulnerability Respond Repair 9. Vulnerability 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved 10. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 by Andreas Lindh (@addelindh) 11. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 bash is a common command line interpreter 12. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 a:() { b; } | attack 10 | 10 vulnerability. Widespread & easy to exploit 13. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 1989 Fantastic summary by David A. Wheeler at http://www.dwheeler.com/essays/shellshock.html#timeline 14. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 1989 By Norlando Pobre 15. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 By Gavin Stewart 1989 16. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 By VersusLiveQuizShow 1989 17. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 "MicroTAC" by Redrum0486 at English Wikipedia 1989 18. Time Since Last Event Event Action Action Timeline 1989-08-05 8:32 Added to codebase 27 days, 10:20:00 Released to public 9141 days, 21:18:35 Initial report React Clock starts 1 day, 22:19:13 More details React 2 days, 7:30:12 Official patch :: CVE-2014-6271 Patch 4 days, 5:49:25 5 days, 9:16:35 Limited disclosure :: CVE-2014-6271 React 2 days, 4:37:25 More details React 3:44:00 More details React 0:27:51 Public disclosure React 0:36:30 More details React 19. Important Shellshock Events Time Since Last Event Event Action Action Timeline 1989-08-05 8:32 Added to codebase 27 days, 10:20:00 Released to public 9141 days, 21:18:35 Initial report React Clock starts 2 days, 7:30:12 Official patch :: CVE-2014-6271 Patch 4 days, 5:49:25 3:29:09 Official patch :: CVE-2014-7169 Patch 9 days, 19:17:00 3:15:00 Official patch :: CVE-2014-7186, CVE-2014-7187 Patch 4 days, 17:30:00 1 day, 11:55:00 Official patch :: CVE-2014-6277 Patch 1 day, 11:55:00 2 days, 20:24:00 Official patch :: CVE-2014-6278 Patch 2 days, 20:24:00 20. 24h 48h 72h Attack Source IP CVE-2014-6271, 7169, 6277, 6278 Disclosure 21. 24h 48h 72h Attack Source IP CVE-2014-6271, 7169, 6277, 6278 Disclosure 22. 24h 48h 72h Disclosure Attack Source IP CVE-2014-6271, 7169, 6277, 6278 23. Respond 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Day 1 24. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 aws.amazon.com/architecture : Web application hosting 25. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 aws.amazon.com/architecture : Web application hosting 26. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 TCP : 443TCP : 443 TCP : 4433TCP : 4433 Primary workflow for our deployment 27. IAM Roles 28. AWS IaM Review 29. Security Groups 30. AWS Security Group Review 31. Network Segmentation 32. AWS Network Review 33. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS VPC Checklist Review IAM roles Security groups Network segmentation Network access control lists (NACL) More in the Auditing Security Checklist for Use of AWS, media.amazonwebservices.com/AWS_Auditing_Security_Checklist.pdf 34. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 TCP : 443TCP : 443 TCP : 4433TCP : 4433 Primary workflow for our deployment 35. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 HTTPSTPS Intrusion prevention can look at each packet and then take action depending on what it finds 36. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 aws.amazon.com/architecture : Web application hosting 37. Intrusion Prevention in Action 38. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Review All instances covered Workload appropriate rules Centrally managed Security controls must scale out automatically with the deployment 39. Repair 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Day 2 40. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 aws.amazon.com/architecture : Web application hosting 41. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 All instances deployment from task-specific AMI TCP : 443TCP : 443 TCP : 4433TCP : 4433 42. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Workflow should be completely automated Instantiate DestroyConfigure AMI Creation Workflow Bake Instantiate Test 43. AMI Creation 44. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 aws.amazon.com/architecture : Web application hosting 45. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Instances tend to drift from the known good state, monitoring key files & processes is important AMI Instance AlertIntegrity Monitoring 46. Integrity Monitoring 47. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Keys Respond Review configuration Apply intrusion prevention Repair Patch vulnerability in new AMI Leverage integrity monitoring 48. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Keys Visibility Security Time 49. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Thank You. This presentation will be loaded to SlideShare the week following the Symposium. http://www.slideshare.net/AmazonWebServices AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015


A Nurses’ & Midwives’ Guide to Reasonable Workloads Committees · A Nurses’ & Midwives’ Guide to Reasonable Workloads Committees Reasonable workloads are required for nurses

Pursuing and Defending Chiropractic Malpractice …media.straffordpub.com/products/pursuing-and-defending...2018/12/13  · Pursuing and Defending Chiropractic Malpractice Claims:

Defending Defenders

Defending Foreclosure

Defending Diagnoses

Defending HKD

St. harles folder/SCSA... · 9 Defending Play Individual Defending (Pressure & Cover) Closing down the space, lines of recovery 10 Defending Play Collective Defending (Balance & Group)

Defending Elysium.doc

Vulnerability Management Attacks with Risk-Based Defending

Defending Contested Mortgage Foreclosure Litigationmedia.straffordpub.com/products/defending-contested-mortgage... · Defending Contested Mortgage Foreclosure Litigation ... wrongful

Defending Your Frontend

Power Edge workloads

Defending Substitution

A Nurses’ & Midwives’ Guide to Reasonable Workloads ... A Nurses’ & Midwives’ Guide to Reasonable Workloads Committees Reasonable workloads are required for nurses to assist

Defending Pipeline Drug Cases Handout (00090039.DOCX;1) · Web viewDefending Pipeline . Drug Cases . Defending Pipeline . Drug Cases . Defending Pipeline . Drug Cases . Defending

Defending your workloads with aws waf and deep security

Defending Parents

Defending aNew Domain · 2017-01-20 · Defending aNew Domain Computer networks themselves are not the only vulnerability. Software and hardware are at risk ofbeing tampered with

Academic Workloads

DEFENDING HOPE

Defending Infection

CUDA Cloud: Enabling HPC Workloads in OpenStack | …on-demand.gputechconf.com/.../S3214-Enabling-HPC-Workloads-Open… · Title: CUDA Cloud: Enabling HPC Workloads in OpenStack |

Defending My Design

Defending Your Workloads Against the Next Zero-Day Vulnerability

Thesis defending kmitl

Defending territories, Defending our lives

Running SAP Workloads

Defending Voice over IP Networks Defending Voice over IP Networks

Defending Prometheus

Defending Rawls

ESSAY DEFENDING WESTERN CIVILIZATION - Providenceprovidencemag.com/.../Mark-Tooley-Defending-Western-Civilization.pdf · Defending Western Civilization, once commonly called Christian

Defending diversity

LiveData with MemVerge Memory Machine · 2020. 11. 17. · Real-time Analytics Workloads AI/ML Workloads HPC Workloads Software Technologies Compute Technologies Data Technologies

Consolidating Oracle OLTP Workloads with XtremIO · Consolidating Oracle® OLTP Workloads with XtremIO 6 Background on OLTP Workloads Online transaction processing (OLTP) systems

Synthetic Enterprise Application workloads · Enterprise Application Workloads . Test Profile – IOPS & RT levels of different synthetic workloads . 6 . Composite Enterprise . Workloads