Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

AWS Well-Architected Webinar Security - Ben de Haan

Download as PPTX, PDF
GoDataDriven
GoDataDriven

The security pillar encompasses the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. This presentation will provide in-depth, best-practice guidance for architecting secure systems on AWS.

Related slideshows

The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 
1 of 31
Well-architected Security Ben de Haan, Xebia Security Scaling security
Feedback Ben de Haan AWS Meetup regular, serverless enthusiast Security consultant/engineer @ Xebia Security https://www.linkedin.com/in/ben-de-haan-65423441/ bdehaan@xebia.com A bit about me and this Webinar 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
How to scale cloud security 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 1. Setting a secure baseline 2. Mastering IAM 3. Leveraging Infrastructure as Code 4. Improving Detection 5. Automating response
Guardrails, not gates Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
A secure baseline Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Leverage AWS accounts Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
AWS Organizations AWS Control Tower Organization Formation (https://github.com/OlafConijn/AwsOrganizationFormation) Creating a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Service Control Policies 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Allow only EU regions for non- global services Only allow access to billing data Only allow small EC2 instances Prod OU
Absence of evidence is not evidence of absence IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Master IAM flow
Can’t find an allow? Doesn’t mean it’s not there! (or can’t be added) IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Explicit deny can be safer …and easier to troubleshoot IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Explicit deny can be safer …and easier to troubleshoot IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
Test your SCPs (and other policies) IAM simulator & simulation account 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Attribute based access control
Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html
Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Why ABAC? • Scales better than ‘pure’ RBAC • Smaller/Fewer policies • (Resource limits… 🙃)
IAM resources 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Useful resources: • Policy evaluation logic • https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evalu ation-logic.html • Duo Parliament (Policy linter) • https://github.com/duo-labs/parliament/ • Policy simulator • https://policysim.aws.amazon.com
Leverage infrastructure as code Infrastructure as code: ‘Back-up of your infrastructure’ 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Leverage infrastructure as code Next step: Immutable infrastructure 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Leverage infrastructure as code Leverage pipelines Be mean to your code Don’t set pipelines to ‘God mode’! 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Improving detection Improving detection: Threat modeling 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Improving detection MITRE ATT&CK 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://attack.mitre.org/matrices/enterprise/cloud/aws/
Automating response Automate the basics 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response CloudTrail turned off?  Turn it back on (and alert)
Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Assist analyst when things get complicated
Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://github.com/awslabs/aws-security- automation/ Access denied responder
Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 1: Prevent Provide a secure baseline Get a black belt in IAM-fu Leverage infrastructure as code
Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 2: Detect Understand your threat model Tailor your detection
Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 3: Respond Automate the basics Assist analysts
Thanks for attending! Ben de Haan, Xebia Security

More Related Content

AWS Well-Architected Webinar Security - Ben de Haan

  • 1. Well-architected Security Ben de Haan, Xebia Security Scaling security
  • 2. Feedback Ben de Haan AWS Meetup regular, serverless enthusiast Security consultant/engineer @ Xebia Security https://www.linkedin.com/in/ben-de-haan-65423441/ bdehaan@xebia.com A bit about me and this Webinar 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 3. How to scale cloud security 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 1. Setting a secure baseline 2. Mastering IAM 3. Leveraging Infrastructure as Code 4. Improving Detection 5. Automating response
  • 4. Guardrails, not gates Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 5. A secure baseline Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 6. Leverage AWS accounts Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 7. Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 8. AWS Organizations AWS Control Tower Organization Formation (https://github.com/OlafConijn/AwsOrganizationFormation) Creating a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 9. Service Control Policies 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Allow only EU regions for non- global services Only allow access to billing data Only allow small EC2 instances Prod OU
  • 10. Absence of evidence is not evidence of absence IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Master IAM flow
  • 11. Can’t find an allow? Doesn’t mean it’s not there! (or can’t be added) IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 12. Explicit deny can be safer …and easier to troubleshoot IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 13. Explicit deny can be safer …and easier to troubleshoot IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
  • 14. Test your SCPs (and other policies) IAM simulator & simulation account 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 15. Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Attribute based access control
  • 16. Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html
  • 17. Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Why ABAC? • Scales better than ‘pure’ RBAC • Smaller/Fewer policies • (Resource limits… 🙃)
  • 18. IAM resources 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Useful resources: • Policy evaluation logic • https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evalu ation-logic.html • Duo Parliament (Policy linter) • https://github.com/duo-labs/parliament/ • Policy simulator • https://policysim.aws.amazon.com
  • 19. Leverage infrastructure as code Infrastructure as code: ‘Back-up of your infrastructure’ 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 20. Leverage infrastructure as code Next step: Immutable infrastructure 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 21. Leverage infrastructure as code Leverage pipelines Be mean to your code Don’t set pipelines to ‘God mode’! 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 22. Improving detection Improving detection: Threat modeling 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 23. Improving detection MITRE ATT&CK 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://attack.mitre.org/matrices/enterprise/cloud/aws/
  • 24. Automating response Automate the basics 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 25. Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response CloudTrail turned off?  Turn it back on (and alert)
  • 26. Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Assist analyst when things get complicated
  • 27. Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://github.com/awslabs/aws-security- automation/ Access denied responder
  • 28. Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 1: Prevent Provide a secure baseline Get a black belt in IAM-fu Leverage infrastructure as code
  • 29. Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 2: Detect Understand your threat model Tailor your detection
  • 30. Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 3: Respond Automate the basics Assist analysts
  • 31. Thanks for attending! Ben de Haan, Xebia Security