Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SecurityBoat SB Meetup Pune - November 2022

SecurityBoat SB Meetup Pune - November 2022

SecurityBoat SB Meetup Pune - November 2022
https://securityboat.in/events/sb-meetup-nov-2022/

Sankalp Sandeep Paranjpe

November 28, 2022
Tweet

More Decks by Sankalp Sandeep Paranjpe

Other Decks in Technology

Transcript

  1. Whoami Sankalp Sandeep Paranjpe A third year undergraduate student pursuing

    B.Tech. in CSE with specialization in Networks and Security Application and Cloud Security Enthusiast, a bug bounty hunter EC Council Certified CEH-Practical (Passed) EC Council Certified SOC Analyst (In Progress)
  2. Contents ◈ Cloud Computing ◈ AWS and its services ◈

    The Shared Responsibility Model in AWS ◈ AWS Security, identity, and Compliance Services ◈ AWS Incident Response ◈ Use Cases ◈ AWS Security – Best Practices
  3. Disadvantages of On-Premises Data Center •Higher Costs •Requires Extra IT

    Support •Limited Scalability •24x7 Monitoring •Less Accessibility •Risk of Data loss •No Disaster Recovery •No regular Data Backup
  4. Benefits of Cloud Computing ◈ On Demand Service ◈ Pay-as-you

    go ◈ Data Security ◈ Availability ◈ Accessibility ◈ High Speed – Quick Deployment ◈ Efficiency and Cost Reduction ◈ Scalability ◈ Disaster recovery
  5. Examples of Cloud Computing Types ◈ Infrastructure as a Service

    AWS – EC2 ◈ Platform as a Service AWS – Elastic Beanstalk Google App Engine ◈ Software as a Service AWS – Rekognition
  6. AWS Global Infrastructure A region is a cluster of data

    centers. Each region can have many Availability Zones. Separated from each other. Connected with high bandwidth, ultra-low latency networking. 29 Regions. 93 Availability Zones. 410+ Points of Presence.
  7. Elastic Cloud Compute - IaaS Elastic Capacity Elastic resource config/re-config.

    Elastic num of instances. Storing your data on Elastic Block Store Reliable Multiple locations Elastic IP Secure Firewall Config Virtual Private Cloud Performance Scaling the services using Auto Scaling group
  8. Infrastructure Protection ◈ AWS Shield Standard Free Service – Protects

    from Layer 3,4 Attacks Protects from SYN/UDP Floods – DDoS attacks ◈ AWS Shield Advanced Optional DDOS mitigation service 24/7 access to AWS DDoS response team ◈ AWS Web Application Firewall – WAF Protects from web app attacks Monitors HTTP, and HTTPS requests and block malicious requests. Protect from SQL Injection and Cross-site scripting Pre-configured rule groups for OWASP top 10, CVE, IP reputation List, Anonymous list etc.
  9. GuardDuty learns about AWS environment ◈ Network Activity ◈ Data

    Access Patterns ◈ API Calls ◈ Account Usage ◈ Uses Machine Learning Model, to determine if the new activity is considered normal or abnormal ◈ Generates findings for EC2, IAM, and S3.
  10. How it works? • CloudTrail Event Logs – Unusual API

    calls. • VPC Flow logs – unusual internal traffic, unusual IP Address. • DNS Logs – Compromised EC2 Instances.
  11. GuardDuty Findings ◈ Backdoor: EC2/C&Cactivity ◈ EC2 instance is communicating

    with the botnet command and control server ◈ Implies that the instance is compromised ◈ Cryptocurrency: EC2/BitcoinTool ◈ EC2 instance interacting with an IP Address associated with cryptocurrency activity ◈ Bitcoin Mining ◈ If the use-case is valid setup suppression rule. ◈ Discover: S3/MaliciousIPCaller S3 API to read or copy objects was invoked from a known Malicious IP address ◈ PenTest: S3/KaliLinux S3 API was invoked from kali Linux from your AWS Credentials.
  12. AWS Inspector ◈ Automated Security Assessments. ◈ Maintains Vulnerability Database.

    ◈ Only for EC2 Instances and container infrastructure. ◈ Reduce mean time to resolve (MTTR) vulnerabilities with automation. ◈ Vulnerability management with a fully managed and highly scalable service.
  13. Incident Response ◈ Incident response refers to an organization’s processes

    and technologies for detecting and responding to – cyber threats, security breaches cyberattacks. ◈ Goal of Incident Response: To prevent cyberattacks
  14. Incident Response Phases 1. Preparation 2. Detection and Analysis 3.

    Containment 4. Eradication 5. Recovery 6. Post-Event Activity
  15. Use Case- Exposed keys i) Determine the access associated with

    those keys ii) Invalidating the credentials iii) Invalidating any temporary credentials issued with the exposed keys iv) Restore the access with new credentials v) Review your AWS account
  16. Use Case- Compromised EC2 Instance There are certain recommended steps

    in such a scenario: i) Lock the instance down, capture metadata and detach it from any auto-scaling group. ii) Take the EBS Snapshot and add a tag as quarantine for investigation. iii) Memory Dump iv) Perform Forensic Analysis v) Terminate the instance
  17. AWS Security- Best Practices ◈ Secure your credentials ◈ Secure

    your Applications ◈ Backup a lot and test your recovery resources before you need them ◈ Understand the AWS Shared Responsibility Model ◈ Do not use root account credentials for day-to-day interactions with AWS! ◈ Activate multi-factor authentication (MFA) on the AWS account root user and any users with interactive access to AWS Identity and Access Management (IAM) ◈ Audit IAM users and their policies frequently ◈ Monitor your account and its resources