shared security in aws
TRANSCRIPT
![Page 1: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/1.jpg)
Shared Security in AWS
March 2017
Peter GordonCloud Security Architect APAC
![Page 2: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/2.jpg)
Agenda
• Shared Security Model recap• Common threats & consequences• Ransomware and the cloud• Mapping controls to the SSM
![Page 3: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/3.jpg)
Sophos and AWS
• Sophos is a Security Competency Partner• Have had the UTM on the AWS Marketplace since 2011• Solutions that integrate with several AWS services
Auto ScalingAmazon S3CloudFormationElastic Load Balancing
![Page 4: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/4.jpg)
Customer is responsible for security ‘in’ the
Cloud
AWS takes care of the security ‘of’ the Cloud
AWS Shared Security Model overview
![Page 5: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/5.jpg)
Common threats
•Web application attacks, such as SQLi and XSS• DoS and DDoS• Ransomware• Exploits• Brute force attacks
![Page 6: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/6.jpg)
Consequences
• Data breacho User data / passwordso Financial infoo Now mandatory disclosure in Australia (for some)
• Loss of data o Encryption by ransomware
• Hijacked servers o Used as malware delivery serverso Participation in DDoS attackso Stepping stone to bigger target
• Time and cost of restoration of systems and data
![Page 7: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/7.jpg)
7
Servers are critical assets
• Corporate / proprietary data on network shares•Web site content• Higher value targets for ransomware• Performance and availability critical for servers
![Page 8: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/8.jpg)
Ransomware and AWS – really?
• Traditionally an end point problem, but…o Mapped drives get hit tooo Compromised web servers may be used
to spread the malwareo Some attacks encrypt web server fileso Can be delivered through an exploit kito Brute force RDP attacks
![Page 9: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/9.jpg)
Anatomy of a Ransomware Attack
Exploit Kit or Spam with Infection
Command & Control Established
Local Files are Encrypted
Ransomware deleted, Ransom
Instructions delivered
![Page 10: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/10.jpg)
10
Why customers need more security
• Security Groups and NACLso Port or IP filteringo No traffic or application visibilityo Unable to prevent attacks in trusted
portso No malware protection = no
ransomware protection
• Security vendorso Application controlo Forward proxy with filteringo Web Application Firewall*o Stateful Firewall and IPSo Anti-Malwareo Traffic visibility
![Page 11: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/11.jpg)
Security Controls to address Shared Security Model
Application Security
Data Encryption
Access Control
VPC / SG / NACL
AWS Web Services
DatabaseStorageComputeNetworking
Application Updates
HIPSCustomer is expected to add protection layers
WAF
VPN
NGFW Outbound Proxy
Host Hardening
Customer updates OS and Applications
Availability ZonesRegions
Edge Locations
AWS Global Infrastructure
OS Updates NIPS
AV/NG
Customer configures AWS security features
Customer is responsible for security ‘in’ the
Cloud
AWS takes care of the security ‘of’ the Cloud
App Control
![Page 12: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/12.jpg)
Further Mitigations
• Backup, backup, backup…• Block communications to C&C servers• Monitor and block encryption behaviour on servers• Reduce attack surface - Server lockdown / application
whitelisting• Patch your ec2 instances! OS and Applications• DDoS mitigation services (e.g. AWS Shield)• Other regular corporate security controls
• User education and user security controls (email etc)
![Page 13: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/13.jpg)
What is Sophos doing?
• Various deployments of UTM (FW/WAF/IPS/VPN/Proxy)o Standaloneo HAo Auto-scaling
• Server host protection integrates with AWS• Phishing education for users
![Page 14: Shared Security in AWS](https://reader035.vdocuments.net/reader035/viewer/2022062503/58ecf3eb1a28ab331b8b468d/html5/thumbnails/14.jpg)
14