Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security Monkey Netflix’s Open Source Cloud Security Tracking System 
Ryan Hodgin 
@rhodgin
In the News
Background 
•Project started in 2011 to monitor security policies for Netflix’s AWS accounts (before AWS CloudTrail and Cl...
Simian Army Projects 
•Chaos Monkey 
•Chaos Gorilla 
•Chaos Kong 
•Janitor Monkey 
•Doctor Monkey 
•Compliance Monkey 
•La...
Security Monkey Key Features 
•Accesses AWS Cloud Resources through API calls and inspects them 
•Notifies team of changes...
Conceptual Design 
DB 
Web User Interface 
Watcher 
Auditor 
Notifier 
AWS Account Information and Services
User Interface - Settings
User Interface - Search
User Interface - Reports
User Interface – Identified Issue
User Interface – Justified Issue
Scheduler Log - Searching for Issues
Code Detecting Issues
DB Record for Issues
Security Monkey Technology 
•Written in Python 2.7 
•Flask Web Development Framework 
•AngularJS and Dart User Interface 
...
Security Monkey Architecture 
Database 
nginx proxy 
API Server 
Scheduler 
AWS 
Static Content 
Supervisor
DB Tables
AWS Services Currently Watched 
•Identity and Access Management 
•Security Groups – EC2 and RDS 
•Simple Storage Service (...
AWS Services Currently Audited 
•Identity and Access Management – User Only 
•Security Groups – EC2 and RDS 
•Simple Stora...
Audit Rules by Service 
•Identity and Access Management 
–User has active access keys (audit) 
•Simple Notification Servic...
Audit Rules by Service 
•Security Group 
–Security Group has more than 50 rules 
–Security Group contains large networks (...
Questions
Upcoming SlideShare
Loading in …5
×

Netflix security monkey overview

8,898 views

Published on

An overview of the Netflix Security Monkey Open Source tool. The presentation provides some background information, architectural overview, and screenshots showing the tool in action.

Published in: Software
  • Sex in your area is here: ♥♥♥ http://bit.ly/39mQKz3 ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating direct: ♥♥♥ http://bit.ly/39mQKz3 ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Netflix security monkey overview

  1. 1. Security Monkey Netflix’s Open Source Cloud Security Tracking System Ryan Hodgin @rhodgin
  2. 2. In the News
  3. 3. Background •Project started in 2011 to monitor security policies for Netflix’s AWS accounts (before AWS CloudTrail and CloudWatch) •Discussed in blog posts and tech conferences 2011-2013 •Used inside Netflix to manage several dozen AWS accounts •Part of the Simian Army set of projects
  4. 4. Simian Army Projects •Chaos Monkey •Chaos Gorilla •Chaos Kong •Janitor Monkey •Doctor Monkey •Compliance Monkey •Latency Monkey •Security Monkey
  5. 5. Security Monkey Key Features •Accesses AWS Cloud Resources through API calls and inspects them •Notifies team of changes or issues found •Maintains a history of settings •Provides a user interface to view issues and history •Allows for justification to be provided and tracked •Supports creation of new rules (code based) •Works across accounts (dozens for Netflix)
  6. 6. Conceptual Design DB Web User Interface Watcher Auditor Notifier AWS Account Information and Services
  7. 7. User Interface - Settings
  8. 8. User Interface - Search
  9. 9. User Interface - Reports
  10. 10. User Interface – Identified Issue
  11. 11. User Interface – Justified Issue
  12. 12. Scheduler Log - Searching for Issues
  13. 13. Code Detecting Issues
  14. 14. DB Record for Issues
  15. 15. Security Monkey Technology •Written in Python 2.7 •Flask Web Development Framework •AngularJS and Dart User Interface •Boto python AWS client •SQLAlchemy python DB client •Nginx proxy •PostgreSQL for DB storage •Runs on Ubuntu Linux and OS X
  16. 16. Security Monkey Architecture Database nginx proxy API Server Scheduler AWS Static Content Supervisor
  17. 17. DB Tables
  18. 18. AWS Services Currently Watched •Identity and Access Management •Security Groups – EC2 and RDS •Simple Storage Service (S3) •Elastic Load Balancers •Simple Notification Service (SNS) •Simple Queue Service (SQS)
  19. 19. AWS Services Currently Audited •Identity and Access Management – User Only •Security Groups – EC2 and RDS •Simple Storage Service (S3) •Simple Notification Service (SNS)
  20. 20. Audit Rules by Service •Identity and Access Management –User has active access keys (audit) •Simple Notification Service –Empty topic policy –Topic open to everyone –Friendly cross account access –Unknown cross account access •S3 – Object Storage –All users can access –All authenticated users can access –Unknown cross account access –Log delivery can access –Friendly account access
  21. 21. Audit Rules by Service •Security Group –Security Group has more than 50 rules –Security Group contains large networks (larger than /24) –Security Group subnet mask is /0 –Security Group completely open (0.0.0.0/0) to any network –Security Group completely open to VPC (10.0.0.0/8) •RDS Security Group –Security Group subnet mask is /0 –Security Group completely open (0.0.0.0/0) to any network –Security Group completely open to VPC (10.0.0.0/8)
  22. 22. Questions

×