securing the cloud and your assets
TRANSCRIPT
![Page 1: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/1.jpg)
The cloud & securing your assets
Marcus Dempsey
![Page 2: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/2.jpg)
Shameless plugMarcus Dempsey
• 24+ years working in IT• Managing Director for TeraByte IT• Penetration tester• Offensive Security Wireless Professional• Certified Ethical Hacker• Computer Hacking Forensic Investigator• F1 fan
![Page 3: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/3.jpg)
Why use the cloud?• Managed services• Flexibility in deploying and scaling assets• Disaster recovery in a box• Pay as you go spending• Version and document control• Automatic updating of services• Environmentally friendly• Increased security controls• Infrastructure as a service• Platform as a service• No standing in a cold isle at the datacentre
![Page 4: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/4.jpg)
Cloud Providers
![Page 5: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/5.jpg)
What are the dangers?• Intrusion• Data theft• Possible loss of reputation• Bankruptcy• Insider attacks• No control over vendor outages• Automatic updates may cause incompatibility issues• Disgruntled employee• Lack or loss of overall visibility of service health
![Page 6: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/6.jpg)
Securing your assets• Installation of endpoint anti-virus software• Only allowing inbound / outbound traffic for what’s needed• Keep machines patched and up to date (including base build images)• Restrict privileged user access to specific users only• Make use of auditing, login / logout, privilege changes etc.• Make use of two-factor authentication especially for high-level accounts• Regular penetration testing (internal / external)• Strong certificates which have 2048bit or greater keys and SHA256• Encrypt traffic between endpoints (HTTPS, IPSEC)• Microsoft environments, use Windows Server Update Services (WSUS)
![Page 7: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/7.jpg)
Mistakes that are made• Not updating client applications (Java / Adobe)• Not updating Operating Systems• Opening access to SSH, RDP to the world• Not having well defined security controls / policies in place• Use of weak or common passwords• Not disabling unused accounts• Not planning for expansion and resilience from day one• Not patching critical exploits / 0day
![Page 8: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/8.jpg)
25 common passwords of 2014123456password1234512345678qwerty1234567891234BaseballDragonfootball1234567monkeyletmein
abc123
123123111111mustangaccessshadowmastermichaelsuperman696969batmantrustno1
![Page 9: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/9.jpg)
Things that make sysadmins cry
![Page 10: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/10.jpg)
More informationAmazon AWS• http://aws.amazon.com/whitepapers/aws-security-best-practices• http://aws.amazon.com/security
Microsoft Azure• http://
blogs.msdn.com/b/mast/archive/2013/02/05/security-best-practices-for-windows-azure.aspx
• http://blogs.msdn.com/b/usisvde/archive/2012/03/07/windows-azure-security-best-practices-part-1-the-challenges-defense-in-depth.aspx
Vulnerability News• https://technet.microsoft.com/en-us/security/cc307424.aspx• https://cve.mitre.org/• http://www.securityfocus.com/vulnerabilities
![Page 11: Securing the cloud and your assets](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58f29a961a28ab0e0c8b4595/html5/thumbnails/11.jpg)
Any Questions?