36. ADD YOUR
BRAND HERE
@stuhirstinfosec
So perhaps you can perform:
DescribeInstances and RunInstances with no
checks
But TerminateInstance can only be where
aws:MultiFactorAuthAge is < X
minutes
57. ADD YOUR
BRAND HERE
• Restrict traffic to internal IPs for protocols such as
SSH
• Use NACL’s to block ports
• Avoid the dreaded 0.0.0.0/0
• Use ELB's SGs wisely to restrict EC2’s access to
the Internet
• Trusted Advisor will help you!
79. ADD YOUR
BRAND HERE
• Start with basics - what do you
care about
• Establish a risk framework
• Look out for the banana skins!
• Automate as much as you can
• Leverage the tooling
• Have fun!
• RECRUIT!
80. ADD YOUR
BRAND HERE
So what have I learnt these last 2-3 years?
* Your journey has to start somewhere!
* Changing businesses takes real time and graft. And
it’s painful!
* Try and get the major stakeholders around the table
regularly to collaborate - this takes effort!
* Cloud is HARD and often COMPLEX
* Recruitment is absolutely KEY!
* TEACHING EACH OTHER IS KEY ALSO!!!
85. ADD YOUR
BRAND HERE
Want to know more?
Cloud Security Forum on Slack - DM ME ON
TWITTER!
AWS Arsenal - open source tools
https://github.com/stuhirst/awssecurity
AWS Vulnerability & Risk list
https://github.com/stuhirst/awssecurity/blob/master/risksan
dvulns.md