All presentation slides for the Chicago AWS user group meetup held at Mediafly on June 24, 2014. Thanks to speakers:
Ben Hagen, Senior Cloud Security Engineer at Netflix @benhagen
Bryan Murphy, Technical Architect at Mediafly @bryanmurphy
Aaron Botsis, Lead Product Manager at ThreatStack @aaronb
Mattew Long, Founder and CEO at roZoom, Inc @mlong168
Thanks to sponsors:
Hosts: Mediafly
Beers and drinks: ThreatStack
Pizza: el el see
Organizers: CohesiveFT
See you in July!
RSVP here: http://www.meetup.com/Chicago-Amazon-Web-Services-Group/
3. 6:00 pm Introductions
6:10 pm Lightning Talks
!
Live from DC! - Ben Hagen, Senior Cloud Security Engineer
at Netflix @benhagen
"Securing your AWS installation" - Bryan Murphy,Technical
Architect at Mediafly @bryanmurphy
"Advanced Monitoring and Detection on Linux-based
workloads in AWS" - Aaron Botsis, Lead Product Manager at
ThreatStack @aaronb
"AWS Security best practices" - Mattew Long, Founder and
CEO at roZoom, Inc @mlong168
!
6:30 pm Q & A
7:00 pm Networking, drinks and pizza
Agenda Sponsored by
Hosted by
#AWSChicago
4. “Live from DC!”
!
Ben Hagen
Senior Cloud Security Engineer at Netflix
!
Tweet: @benhagen
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago
5. “Securing your AWS installation”
!
Bryan Murphy
Technical Architect at Mediafly
!
Tweet: @bryanmurphy
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago
16. “Advanced Monitoring and
Detection on Linux-based
workloads in AWS”
!
Aaron Botsis
Lead Product Manager at ThreatStack
!
Tweet: @aaronb
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago
19. who is logging into my (machines|applications|SaaS accounts)
!
what are they are running
!
of running apps, what are making network activity, and where
!
every kernel module loaded
every library
every file created/modified/removed
everything!!!!
but why stop there?
26. step 2:
build behavior
profiles
does apache always spawn a shell?
does that shell always switch privs to root?
does root always make network connections to China?
28. step 3:
anomalies help
prevent
devs know app best
behavior deviations help identify attack new vectors
create rules to looks for known misbehavior
disable behavioral detection programmatically
38. To ensure a secure global infrastructure, AWS configures infrastructure components
and provides services and features you can use to enhance security, such as the
Identity and Access Management (IAM) service, which you can use to manage users
and user permissions in a subset of AWS services. To ensure secure services, AWS
offers shared responsibility models for each of the different type of service that we
offer:
● Infrastructure services
● Container services
● Abstracted services
44. Security Best Practices
AWS OS-Level Access to EC2
● Options for security of encryption keys:
○ Store of on encrypted media
○ CloudHSM
○ LDAP/IAM Bridge: http://bit.ly/1lNlgV8
○ Gazzang: http://bit.ly/1lNkO9m
● Options for Os-Level Authentication
○ LDAP/Active Directory/Kerbose, etc..
○ Two-Factor auth: Google Authenticator (http:
//bit.ly/1lNtwo5),Wikid, RSA
○ LDAP/IAM Bridge: http://bit.ly/1lNlgV8
45. Security Best Practices
Protecting Data at Rest
For regulatory or business requirement reasons, you might want to further protect your data
at rest stored in Amazon S3, on Amazon EBS, Amazon RDS, or other services from AWS.
● Accidental information disclosure
● Data integrity compromise
● Accidental deletion
● System, infrastructure, hardware or software
availability
48. Security Best Practices
Protecting Data at Rest: RDS/Databases/EMR,etc
● Ensure you encrypt any sensitive information on disk or at
the database level
● Always segment out data layer from application layer
● If access if require from outside of AWS regions or
network, make sure you use SSL or VPC to encrypt data