A one-year perspective on exposed in-memory key-value stores
T Fiebig, A Feldmann, M Petschick - … of the 2016 ACM Workshop on …, 2016 - dl.acm.org
T Fiebig, A Feldmann, M Petschick
Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active …, 2016•dl.acm.orgToday's highly-scalable low-latency Web services rely on in-memory key-value stores. While
they are essential to improve Web service performance they should not be exposed to the
Internet. Security problems range from data leakage to remote code execution. In this paper
we use a year long data set of exposed Redis and memcached instances to highlight the
magnitude (about 200K) of the problem, document new transitive attacks, and explore
misconfiguration patterns. We find that the number of exposed instances is constantly on the …
they are essential to improve Web service performance they should not be exposed to the
Internet. Security problems range from data leakage to remote code execution. In this paper
we use a year long data set of exposed Redis and memcached instances to highlight the
magnitude (about 200K) of the problem, document new transitive attacks, and explore
misconfiguration patterns. We find that the number of exposed instances is constantly on the …
Today's highly-scalable low-latency Web services rely on in-memory key-value stores. While they are essential to improve Web service performance they should not be exposed to the Internet. Security problems range from data leakage to remote code execution. In this paper we use a year long data set of exposed Redis and memcached instances to highlight the magnitude (about 200K) of the problem, document new transitive attacks, and explore misconfiguration patterns. We find that the number of exposed instances is constantly on the rise and that even severe problems only lead to temporal decreases. However, by correlating misconfiguration patterns we can explain significant changes in the number of exposed systems.
ACM Digital Library