Date post: | 26-Jan-2017 |
Category: |
Engineering |
Upload: | rob-witoff |
View: | 272 times |
Download: | 2 times |
R o b W i t o f f , D i r e c t o r
CLOUD SECURITY & USABLE PROTECTIONS FROM REAL WORLD THREATS
coinbase.com
PRIVATE KEY PUBLIC KEY
1EBHA1ckUWzNKN7BMfDwGTx6GKEbADUozX
BITCOIN ADDRESS
Observe Orient Decide Act
coinbase.com
VPC
IAM
NACL
SecurityGroups
RouteTable
ShareSnapshotCloudtrail
Flow Logs
DENY
Geo
Volume
Misconfiguration
Data Exfiltration
Anomalous Activity
2015 Verizon Data Breach Investigations
Report
2/22 google trends search for “glibc”
2/22 google trends search for “glibc”
Friday → Weekend!
coinbase.com
“Asset Discovery”
“Digital Footprint Detection”
“Unknown Asset Indexing”
coinbase.com
30 Day Project
- Automation - Codification - Knowledge Sharing - Disaster Recovery
coinbase.com
30 day plan -> impact on automation AWS Cache, Discovery & Charting
5
0
Disclosure Feb 17, 2016_________________________________________________________________________________________________________________________
Discovery < July 13, 2015
?
“At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence
agencies”
https://www.schneier.com/blog/archives/2014/04/heartbleed.html
Secure By $$$ Optimization -or-
Secure By Design?
https://www.washingtonpost.com/blogs/the-switch/files/2014/02/mainroom.jpg
Secure by $$$ Optimization -or-
Secure by Design
coinbase.com
~99% of bitcoin will never touch a routable electron
… and neither should your root MFA tokens!
coinbase.com
https://github.com/coinbase/self-service-iam
Accessing User Data via Metadata Service SSRF
EC2 Instance
169.254.169.254
Resolution #1
Resolution #2!
coinbase.com
via @Lukasa https://github.com/kennethreitz/requests/issues/2008#issuecomment-40793099
coinbase.com
coinbase.com
1.Lookup IP Address 2.Validate IP Address Against RFC 6890 3.Make Request Bound to this Validated IP Address
Making A Safe Web Request inside Your Cloud
coinbase.com
Accessing User Data 1. Metadata Service SSRF
Accessing User Data 1. Metadata Service SSRF 2. AWS API
coinbase.com
coinbase.com
11911 actions x 471 servicesPolicies Are Hard
coinbase.com
11911 actions x 471 servicesPolicies Are Hard
instanceType ebsOptimized deviceMapping
shutdownBehavior userData
coinbase.com
11911 actions x 471 servicesPolicies Are Hard
instanceType ebsOptimized deviceMapping
shutdownBehavior userData
coinbase.com
coinbase.com
ec2:Describe* ec2:DescribeInstance ec2:DescribeInstanceAttribute
Write Explicit IAM Policies
coinbase.com
Cloud Can Be Very Secure
Insight Without Access
Security Through Consensus
Security Can Empower
coinbase.com@rwitoff
Thanks!