Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Leoswaldo Macias - Protecting your App in the ...
Search
DevOpsDays GDL
February 21, 2020
Technology
0
320
Leoswaldo Macias - Protecting your App in the Cloud
DevOps Days GDL 2020 - February 20th
DevOpsDays GDL
February 21, 2020
Tweet
Share
More Decks by DevOpsDays GDL
See All by DevOpsDays GDL
Julian Limon - Aligned autonomy: How clarity on outcomes gets us to self-organized teams that win
devopsdaysgdl
0
520
Jorge Castro - Building DevOps Ways of Working at large Enterprise through learning, collaboration and Gamification experiences: Continuous WoWs, DevUps and Feedback
devopsdaysgdl
0
350
Salvador Elizarraras - Five Ways to Improve Team Performance
devopsdaysgdl
0
240
Tommy Adams - Cutting the Cord: Letting Your Remote Team Run Free
devopsdaysgdl
0
240
Cameron Motevasselani - Extending Spinnaker for the Enterprise
devopsdaysgdl
0
310
Jesus Contreras - Containers y DevTools en AWS
devopsdaysgdl
0
290
Liz fong-Jones - Production Excellence
devopsdaysgdl
0
340
Mofizur Rahman - Knative: Serverless Computing on Kubernetes
devopsdaysgdl
0
350
Ra Acosta - SAFe Journey 5.0
devopsdaysgdl
0
250
Other Decks in Technology
See All in Technology
Scale Security Programs with Scorecarding
ramimac
0
430
ゴリラ.vim #36 ~ Vim x SNS ~ スポンサーセッション
yasunori0418
1
340
OTel meets Wasm: プラグイン機構としてのWebAssemblyから見る次世代のObservability
lycorptech_jp
PRO
1
300
RDRA3.0を知ろう
kanzaki
2
430
エンジニア幼年期の終わり
rebase_engineering
1
110
GigaViewerにおけるMackerel APM導入の裏側
7474
0
460
アプリケーションの中身が見える!Mackerel APMの全貌と展望 / Mackerel APMリリースパーティ
mackerelio
0
440
コードの考古学 〜労務システムから発掘した成長の糧〜
kenta_smarthr
1
1.1k
大手企業のAIツール導入の壁を越えて:サイバーエージェントのCursor活用戦略
gunta
6
730
Node−RED で Ollama を使ったローカルLLM(node-red-contrib-ollamaを利用) / ビジュアルプログラミングIoTLT vol.20
you
PRO
0
140
大規模PaaSにおける監視基盤の構築と効率化の道のり
lycorptech_jp
PRO
0
170
AIエージェントデザインパターンの選び方
almondo_event
0
140
Featured
See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
25
2.8k
The World Runs on Bad Software
bkeepers
PRO
68
11k
Facilitating Awesome Meetings
lara
54
6.4k
Optimizing for Happiness
mojombo
378
70k
How STYLIGHT went responsive
nonsquared
100
5.6k
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
The Language of Interfaces
destraynor
158
25k
Navigating Team Friction
lara
186
15k
Code Reviewing Like a Champion
maltzj
523
40k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
A better future with KSS
kneath
239
17k
Transcript
Protecting your App in the Cloud @LeoswaldoMacias
Misconception
Shared Responsibility Model
“If you have access to change it then it is
yours, if not, then it’s theirs”
Incident Prevention A process to set instruments/tools/services to avoid possible
threats or impacts during an attack Incident Response Plan What to do when once we are impacted
Compliance Updates Maintain your instances up to date (OS, Libraries)
Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret
Network: Content Delivery Network CDN Content Delivery Network Your App
WAF
Network: Web Application Firewalls Firewall Layer 3 and 4 WAF
Contains Layer 7 attacks by inspecting for: • SQL Injections • XSS • Origin Geographically requests • String appearances • … and more
At least you know How soon or late? What are
the actions taken?
Incident Response Plan • Preparation • Detection • Containment •
Investigation • Recovery • Lesson Learn
Preparation Log everything you can (this will also help for
auditing) • Application Logs • Server Logs • Network Logs (Traces) • Access Logs and more Design the infrastructure to prevent single point of failure
Detection Monitoring and Alerting • Behaviour rules like traffic spikes,
CPU and Memory consumption • Traffic from countries not served • Sign in failures Page System :(
Containment Use automated processes to isolate any further impact like:
• Creating Network rules Make sure the impacted surface does not grow
Investigation • Analyze logs and timelines • Check which alarming
systems triggered • Check Dashboards
Recovery Get your environment to normal state
Lessons Learned Make sure all missings are documented and ARs
are assigned and tracked
Take Away #1 All applications are subject to exploits
Take Away #2 I’d rather invest more money on security
checks, tools, automation, than risking customer/company data
Take Away #3 Security is a shared responsibility to be
carried among all company employees, not only the Security crew
Thanks! @LeoswaldoMacias
[email protected]
devopsdaysgdl
ramimac
yasunori0418
lycorptech_jp
kanzaki
rebase_engineering
7474
mackerelio
kenta_smarthr
gunta
you
almondo_event
caitiem20
eileencodes
bkeepers
lara
mojombo
nonsquared
tanoku
destraynor
maltzj
erikaheidi
kneath
![Thanks! @LeoswaldoMacias [email protected]](https://files.speakerdeck.com/presentations/ab51c71ce2b6400f80ac8eaf2e44a58b/slide_19.jpg){kind=link}