Cloud Security Suite - One stop tool for AWS & GCP Security Audit

ZKM_Vortragssaal
Jayesh Singh Chauhan
Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the major organizations have entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern. While AWS and GCP provide you protection with traditional security methodologies and has a neat structure for authorization/configuration, their security is as robust as the person in-charge of creating/assigning these configuration policies. As we all know, human error is inevitable and any such human mistake could lead to catastrophic damage to the environment. Few vulnerable scenarios: - Your security groups, password policy or IAM policies are not configured properly - S3 buckets are world-readable - Web servers supporting vulnerable ssl ciphers - Ports exposed to public with vulnerable services running on them - If root credentials are used - Logging or MFA is disabled And many more such scenarios... Knowing all this, audit of cloud infrastructure becomes a hectic task ! There are a few open source tools which help in cloud auditing but none of them have an exhaustive checklist. Also, collecting, setting up all the tools and looking at different result sets is a painful task. Moreover, while maintaining big infrastructures, system audit of server instances is a major task as well. CS Suite is a one stop tool for auditing the security posture of the AWS & GCP infrastructure and does OS audits as well. CS Suite leverages current open source tools capabilities and has custom checks added into one tool to rule them all. The major features include: - Simple installation with support of python virtual environment and docker containers - GCP Audit - Initiate all tools/audit checks in one go - AWS Infra Audit: Easify your “open source setup” pain. Compilation of all audit checks in one place Centralized portable reports Audits individual systems - AWS Instance Audit IP based auditing Region independent Audit (Public IP) Supports both public and private IPs for Default region Automatic Report Generation and Fetching Portable HTML report - JSON output - Integration of AWS Trusted Advisor
Detailed Outline of the Presentation: - Introduction to the cloud and how it is being adapted by small and large firms. - Gartner quadrant showing how much stake AWS and GCP have among all cloud service providers. - Why more and more firms are migrating to cloud providers. - Default security offered by AWS and GCP. - What doesn't get covered due to misconfiguration of services done by DevOps/ITOps team. - What are the consequences of these misconfigurations. - How major firms have been exposed to the same threats and have fallen prey. - How this can be fixed ? Either by hiring a third party or using open source tools. - Third party security company costs money and involves providing your access to that company. - Open source requires a lot of research and involves successful configuration of all the tools. - How cloud secuity suite solves the above stated problems. - Showcasing the research done to integrate the available open source tools, addition of custom checks to help audit the infra further. Also, how easy it is to get the tool up and running. (Demo) - Showcase the OS audit capability of the tool where it can scan the OS of an instance belonging to the same infrastructure.(Demo) - Showcasing the report structure and how portable they are. (Demo) - Virtual environment and docker support. - Q&A - End

Additional information

Type Talk
Language English

More sessions

5/10/18
obelix
ZKM_Medientheater
What to hack: die Eröffnung der GPN18
5/10/18
jackmccrack
ZKM_Medientheater
Trolle sind die GPN-Helfer durch die es erst möglich wird so eine Veranstaltung auf die Beine zu stellen. Damit alle auf dem gleichen Stand sind und die Abläufe kennen gibt es eine kurze allgemeine Einführung. Fragen können direkt gestellt werden oder per Trollsystem, Mail, IRC/hackint, ...
5/10/18
Princess Punzel
HfG_Workshoproom
Ein GameJam ist ein Spiel-entwicklungs-Schnellhack, bei dem in einer vorgegebenen Zeitspanne (48h) Spiele entwickelt werden, die dann am Samstag gemeinsam präsentiert und getestet werden. Ziel ist es, innerhalb kürzester Zeit funktionierende (digitale) Prototypen zu entwickeln. Dabei stehen Inspiration, Innovation und kreative Experimente mit digitalen Technologien im Vordergrund. Wir haben motivierte Designer aus dem GameLab an der Hand, die sich freuen würden, mit euch zusammen geilo Spiele ...
5/10/18
ZKM_OpenHUB
Programmiert eigene Schlangen und lasst sie gegeneinander antreten!
5/10/18
Gerhard Klostermeier
HfG_Studio
Eine kleine Einführung und Übersicht über typische RFID/NFC-Techniken aus der Perspektive eines Pentesters.
5/10/18
Dennis
ZKM_Vortragssaal
Es wird gezeigt wie man die internen Elemente von FPGAs kreativ verwenden kann um Angriffe auf elektrischer Ebene von einem Teil innerhalb des Chips auf einen anderen Teil durchzuführen. Die Grundlagen zu FPGAs und entsprechenden Seitenkanal-Angriffen werden natürlich auch erklärt.
5/10/18
Leilah
ZKM_AckerSpace
Wenn du dich brennend für etwas interessierst, warum sollten das nicht auch andere tun? Trau dich den Talk, der in dir schlummert, einzureichen! Dieser Talk erklärt, welche Vorraussetzungen du nicht brauchst und warum es für uns wichtig ist, dass du dich traust.