securing the cloud and your assets

Download Securing the cloud and your assets

Post on 16-Apr-2017




1 download

Embed Size (px)


PowerPoint Presentation

The cloud & securing your assetsMarcus Dempsey


Shameless plugMarcus Dempsey

24+ years working in ITManaging Director for TeraByte ITPenetration testerOffensive Security Wireless ProfessionalCertified Ethical HackerComputer Hacking Forensic InvestigatorF1 fan

Why use the cloud?Managed servicesFlexibility in deploying and scaling assetsDisaster recovery in a boxPay as you go spendingVersion and document controlAutomatic updating of servicesEnvironmentally friendlyIncreased security controlsInfrastructure as a servicePlatform as a serviceNo standing in a cold isle at the datacentre


Cloud Providers

What are the dangers?IntrusionData theftPossible loss of reputationBankruptcyInsider attacksNo control over vendor outagesAutomatic updates may cause incompatibility issuesDisgruntled employeeLack or loss of overall visibility of service health

Securing your assetsInstallation of endpoint anti-virus softwareOnly allowing inbound / outbound traffic for whats neededKeep machines patched and up to date (including base build images)Restrict privileged user access to specific users onlyMake use of auditing, login / logout, privilege changes etc.Make use of two-factor authentication especially for high-level accountsRegular penetration testing (internal / external)Strong certificates which have 2048bit or greater keys and SHA256Encrypt traffic between endpoints (HTTPS, IPSEC)Microsoft environments, use Windows Server Update Services (WSUS)

Mistakes that are madeNot updating client applications (Java / Adobe)Not updating Operating SystemsOpening access to SSH, RDP to the worldNot having well defined security controls / policies in placeUse of weak or common passwordsNot disabling unused accountsNot planning for expansion and resilience from day oneNot patching critical exploits / 0day

25 common passwords of 2014123456password1234512345678qwerty1234567891234BaseballDragonfootball1234567monkeyletmein


Things that make sysadmins cry

More informationAmazon AWS

Microsoft Azure

Vulnerability News


Any Questions?

View more >