Cloud Wars: Episode II - Attack of the Packets

preview_player
Показать описание
The transition from on-premise to cloud-hosted networking is complicated. Many organizations fail because they attempt to replicate their on-premise networks in the cloud, rather than redesigning cloud networks that take advantage of new features and security controls. Join SANS Instructors Eric Johnson and Brandon Evans for a session discussing cloud-native networking architecture designs, features, and security controls that can help you avoid building an unmanageable cloud network.

Join the co-authors of SEC510: Public Cloud Security: AWS, Azure, and GCP, Brandon Evans and Eric Johnson in this 3-part Live Stream Series

Part 3 - April 27 | 2 pm ET | 1800 UTC

Brandon Evans
Brandon works for Zoom Video Communications, in which he leads their internal Application Security training. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. He’s a contributor to the OWASP Serverless Top 10 Project and a co-leader for the Nashville OWASP chapter. Brandon is lead author for SEC510: Public Cloud Security: AWS, Azure, and GCP and a contributor and instructor for SEC540: Cloud Security and DevOps Automation.

Eric Johnson
Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevSecOps Automation and a co-author and instructor for SEC510: Public Cloud Security: AWS, Azure, and GCP. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys.

FREE SANS CloudSecNext 2022 Summit coming up! May 3 - 4 US Pacific Time
Two Days of Highly Technical Summit Talks: CloudSecNext Summit presentations are curated and designed around specific analytical techniques and capabilities, through case studies and firsthand experience, that can be utilized to properly create and maintain cloud security in your organization.

SEC510: Public Cloud Security: AWS, Azure, & GCP

GIAC Public Cloud Security Certification (GPCS)

Twitter: @SANSCloudSec
LinkedIn: SANS Cloud Security
Рекомендации по теме
Комментарии
Автор

Dang this was a good session...Thanks Brandon and Eric.

BobBob-qmbm
Автор

That's actually quite interesting. Utilizing another VPC and Jenkins to get access to the first VPC and from there exfiltrating the information through SSH. Jenkins has to be compromised first in order to establish the SSH. Egress is actually pretty free in terms of restrictions, so it is quite easy to exfiltrate the data once you get hold of it. This exfiltration of data should be reasonably easy to detect, as terabytes of data leaking out of an application server is very unnatural. We can either have a logging system in place to keep track of what/how much is being sent or we can perhaps set up a layer 7 application, like a firewall, to detect the unusual data transferring. The default rule for AWS seems to allow egress relatively loosely.

aryamargax
join shbcf.ru