Bryce Galbraith ©2015, All Rights Reserved 1
Client Access
The Achilles’ Heel of the Cloud
The SANS Institute
Bryce Galbra...
Bryce Galbraith ©2015, All Rights Reserved 2
Who am I?
• A professional (ethical) hacker
• Contributing author of, Hacking...
Bryce Galbraith ©2015, All Rights Reserved 3
Great quote (1)
"There's a war out there, old friend.
A world war. And it's n...
Bryce Galbraith ©2015, All Rights Reserved 4
Great quote (2)
"The world isn't run by weapons
anymore, or energy, or money....
Bryce Galbraith ©2015, All Rights Reserved 5
Front page moments
• Everywhere you look, major incidents
– National secrets,...
Bryce Galbraith ©2015, All Rights Reserved 6
The Actors
• There are many actors
– Nation states (APT)
– Organized crime
– ...
Bryce Galbraith ©2015, All Rights Reserved 7
So, what do we do about it?
• Clearly there’s a problem
– Advanced adversarie...
Bryce Galbraith ©2015, All Rights Reserved 8
Industry Focus
Bryce Galbraith ©2015, All Rights Reserved 9
Bryce Galbraith ©2015, All Rights Reserved 10
Meanwhile…
Bryce Galbraith ©2015, All Rights Reserved 11
Attackers choose the path of
least resistance…
Bryce Galbraith ©2015, All Rights Reserved 12
Unfortunately, endpoint
security is “terrifically weak”
Bryce Galbraith ©2015, All Rights Reserved 13
The Attacks (1)
• Man-in-the-middle
– ARP cache poisoning (LAN)
• Ettercap, ...
Bryce Galbraith ©2015, All Rights Reserved 14
The Attacks (2)
• Redirection
– DNS spoofing
– HTTP request hi-jacking
• Att...
Bryce Galbraith ©2015, All Rights Reserved 15
The Attacks (3)
• What about SSL/TLS to the cloud?
– Authenticates site (via...
Bryce Galbraith ©2015, All Rights Reserved 16
The Attacks (4)
• Code injection
– Once SSL/TLS has been stripped away,
arbi...
Bryce Galbraith ©2015, All Rights Reserved 17
The Attacks (5)
• Session side-jacking
– With SSL/TLS removed, the session
t...
Bryce Galbraith ©2015, All Rights Reserved 18
The Attacks (6)
• Cellular man-in-the-middle
– Numerous demonstrations at va...
Bryce Galbraith ©2015, All Rights Reserved 19
Extending the Attacks
• Imagine what an attacker could do if they were in
th...
Bryce Galbraith ©2015, All Rights Reserved 20
Industry Focus
Bryce Galbraith ©2015, All Rights Reserved 21
Bryce Galbraith ©2015, All Rights Reserved 22
Summary
• The cloud is here to stay…
• Assuming we can actually secure it
(b...
Bryce Galbraith ©2015, All Rights Reserved 23
Client Access
The Achilles’ Heel of the Cloud
The SANS Institute
Bryce Galbr...
Upcoming SlideShare
Loading in …5
×

Client access is the Achillies' heel of the cloud

2,276
-1

Published on

As everyone moves their sensitive zeros and ones to the cloud, it seems that many organizations have forgotten about the terrific vulnerabilities facing the clients accessing the cloud. This presentation illustrates some of these risks.

Published in: Technology, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,276
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
54
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Client access is the Achillies' heel of the cloud

  1. 1. Bryce Galbraith ©2015, All Rights Reserved 1 Client Access The Achilles’ Heel of the Cloud The SANS Institute Bryce Galbraith, Principal Instructor https://www.linkedin.com/in/bgalbraith Twitter @brycegalbraith bryce@layeredsec.com This presentation is available at: http://www.slideshare.net/brycegalbraith/
  2. 2. Bryce Galbraith ©2015, All Rights Reserved 2 Who am I? • A professional (ethical) hacker • Contributing author of, Hacking Exposed • Co-author of Foundstone’s, Ultimate Hacking course series • The founder of Layered Security • Certified instructor and course author with the SANS Institute • Frequent speaker, blogger, Tweeter https://www.linkedin.com/in/bgalbraith
  3. 3. Bryce Galbraith ©2015, All Rights Reserved 3 Great quote (1) "There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think…it's all about the information!”
  4. 4. Bryce Galbraith ©2015, All Rights Reserved 4 Great quote (2) "The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data. It's all just electrons.” -- Cosmo from, “Sneakers” (1992)
  5. 5. Bryce Galbraith ©2015, All Rights Reserved 5 Front page moments • Everywhere you look, major incidents – National secrets, intellectual property, PII, lost revenue, expensive cleanups, embarrassment, shame and numerous other negative effects… – Even bankruptcy (e.g. DigiNotar) – Continuous stream of announcements – No one seems to be immune – Many don’t even realize they are compromised – People are losing their zeros and ones, in mass
  6. 6. Bryce Galbraith ©2015, All Rights Reserved 6 The Actors • There are many actors – Nation states (APT) – Organized crime – Hacktivists – Terrorists – Cyber punks – Insiders…
  7. 7. Bryce Galbraith ©2015, All Rights Reserved 7 So, what do we do about it? • Clearly there’s a problem – Advanced adversaries – Limited budgets and staff – Limited management support – Infinite complexities – Effective security is hard (and expensive) • The solution? – Move it to the cloud! (a.k.a. outsourcing ;-)
  8. 8. Bryce Galbraith ©2015, All Rights Reserved 8 Industry Focus
  9. 9. Bryce Galbraith ©2015, All Rights Reserved 9
  10. 10. Bryce Galbraith ©2015, All Rights Reserved 10 Meanwhile…
  11. 11. Bryce Galbraith ©2015, All Rights Reserved 11 Attackers choose the path of least resistance…
  12. 12. Bryce Galbraith ©2015, All Rights Reserved 12 Unfortunately, endpoint security is “terrifically weak”
  13. 13. Bryce Galbraith ©2015, All Rights Reserved 13 The Attacks (1) • Man-in-the-middle – ARP cache poisoning (LAN) • Ettercap, Cain & Abel, Subterfuge, arpspoof, etc. – LAN, WLAN, cellular networks, etc. • Nation-in-the-middle – Governments, ISPs, etc. • One of the most powerful positions – “All your bits are belong to us!”
  14. 14. Bryce Galbraith ©2015, All Rights Reserved 14 The Attacks (2) • Redirection – DNS spoofing – HTTP request hi-jacking • Attack vectors – Send to spoofed sites and trick users into giving up credentials – Exploit victims with Metasploit or SET • auxiliary/spoof/wifi/airpwn (and dnspwn) • auxiliary/server/browser_autopwn • Social Engineering Toolkit (can clone sites)
  15. 15. Bryce Galbraith ©2015, All Rights Reserved 15 The Attacks (3) • What about SSL/TLS to the cloud? – Authenticates site (via a certificate) – Encrypts the HTTP transactions – Fundamentally important to protecting most cloud-based services • Can be completely stripped away… – sslstrip by Moxie Marlinspike • http://www.thoughtcrime.org/software/sslstrip/ • It only strips HTTPS to/from the client, not the cloud.
  16. 16. Bryce Galbraith ©2015, All Rights Reserved 16 The Attacks (4) • Code injection – Once SSL/TLS has been stripped away, arbitrary code can be injected – In either direction – Ettercap, BeEF, xssf, etc. • Keyloggers, Metasploit exploits, steal cookies, modify page content, redirect victims browser and many other nasty things… • http://bellard.org/jslinux/ (JavaScript Linux distro!)
  17. 17. Bryce Galbraith ©2015, All Rights Reserved 17 The Attacks (5) • Session side-jacking – With SSL/TLS removed, the session token representing the user is exposed – Once side-jacked, the attacker can simply submit an HTTP Request using the token value and they are in! – Bypasses many authentication methods – Cookie Cadger • https://www.cookiecadger.com/
  18. 18. Bryce Galbraith ©2015, All Rights Reserved 18 The Attacks (6) • Cellular man-in-the-middle – Numerous demonstrations at various hacker conferences over the past few years – it works – At DEFCON they dropped rootkits on Android cell phones all weekend • Client-side malware is still prevalent – Can easily log credentials or session tokens to the cloud resources • http://www.flexispy.com/ • http://www.technologyreview.com/view/429394/placeraider -the-military-smartphone-malware-designed-to-steal-your- life/
  19. 19. Bryce Galbraith ©2015, All Rights Reserved 19 Extending the Attacks • Imagine what an attacker could do if they were in the middle of the Internet – Nation states, ISPs, etc. • Certificate Authority (CA) trust issues  • Government officials can demand access to data and providers may have very little recourse, if any – Which country does your data reside in? • Spear-phishing attacks to steal user/admin credentials to the cloud – “One click is all it takes…” - http://goo.gl/e5tfA2 • The HB Gary incident (blended attack)
  20. 20. Bryce Galbraith ©2015, All Rights Reserved 20 Industry Focus
  21. 21. Bryce Galbraith ©2015, All Rights Reserved 21
  22. 22. Bryce Galbraith ©2015, All Rights Reserved 22 Summary • The cloud is here to stay… • Assuming we can actually secure it (big assumption), our data is relatively secure, in the cloud. • The problem is, it doesn’t stay there… • We have to acknowledge this and work diligently to protect our zeros and ones wherever they end up.
  23. 23. Bryce Galbraith ©2015, All Rights Reserved 23 Client Access The Achilles’ Heel of the Cloud The SANS Institute Bryce Galbraith, Principal Instructor https://www.linkedin.com/in/bgalbraith Twitter @brycegalbraith bryce@layeredsec.com This presentation is available at: http://www.slideshare.net/brycegalbraith/
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×