CSS17: Dallas - The AWS Shared Responsibility Model in Practice
Your SlideShare is downloading.
×
Check these out next
Recommended
More Related Content
Slideshows for you (20)
Viewers also liked (16)
Similar to Shared Responsibility In Action (20)
More from Mark Nunnikhoven (10)
Recently uploaded (20)
Shared Responsibility In Action
- 1. SHARED RESponsibility in action @marknca
- 2. Mark Nunnikhoven Vice President, Cloud & Emerging Technologies Trend Micro @marknca
- 3. Modelling security on AWS
- 4. TRADITIONAL ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization
- 5. SHARED ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization Security Groups Network Config More info on the model is available at hמּp://aws.amazon.com/security
- 6. SHARED ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization Security Groups Network Config Verify Compliance information available at hמּp://aws.amazon.com/compliance
- 7. Physical Network Virtualization Operation System Application Data DIY SaaSIaaS PaaS *you
- 8. BETTER SERVICE TYPES From AWS’ Mark Ryland talk at hמּp://4mn.ca/ZZeDbA Infrastructure Abstract Container
- 9. SERVICE Examples Fantastic reference by AWS’ Mark Ryland at hמּp://4mn.ca/ZZeDbA Service Type *aaS SQS, S3, Route53 Abstract SaaS RDS, EMR, OpsWorks Container PaaS EC2, EBS, VPC Infrastructure IaaS
- 10. Less responsibilities
- 11. More responsibilities Less responsibilities
- 12. Options : Responsibilities
- 13. Re:Boot
- 14. Critical embargoed bug discovered in Xen, details at hמּp://4mn.ca/1rcXTTN
- 15. A small percentage on instances scheduled for a reboot
- 16. ACTIONS TO TAKE From AWS’ Mark Ryland talk at hמּp://4mn.ca/ZZeDbA Nothing for cloud-native architectures Manage availability For EC2 Nothing for Multi-AZ instances Standard maintenance window for single instances For RDS
- 17. POODLE
- 18. CVE-2014-3566 : Padding Oracle On Downgraded Legacy Encryption
- 19. Aמּack forces an older cipher choice. Details at hמּp://4mn.ca/1EYfBEA
- 20. ACTIONS TO TAKE From AWS’ Mark Ryland talk at hמּp://4mn.ca/ZZeDbA Select a non-affected cipher suite For ELB Enable TLS_FALLBACK_SCSV Disable support for SSL 3.0* For Web Servers
- 21. Shellshock
- 22. More info on bash is available at hמּp://www.gnu.org/soﬞware/bash/
- 23. 10/10 vulnerability. Widespread & easy to exploit (){}; attacka:() { b; } | aמּack;
- 24. ACTIONS TO TAKE Update bash Use an intrusion prevent system For EC2
- 25. Applied at the boundary Majority of security controls are traditionally applied at the boundary
- 26. Same controls applied in the AWS Cloud, now to each instance Applied to each instance
- 27. Options : Responsibilities
- 28. @marknca Thank you.Learn more at testdrive.trendmicro.com
