Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Shared Responsibility In Action

1,087 views

Published on

An examination of how the shared responsibility model for cloud security works in the real world.

Using practical examples, you'll see how security responsibilities are balanced between the consumer (you the user) and the provider.

Published in: Software
  • Get Paid To Manage Facebook Fan Pages! Facebook Fan Page Workers Required - Start Immediately. ♣♣♣ https://tinyurl.com/rbrfd6j
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Are you literally FEEDING your diabetes putting this one "health" food on your dinner plate? This is important. You must stop eating this food today or you could be doubling the speed at which your diabetes progresses... ■■■ http://scamcb.com/bloodsug/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I love you Ben you’ve literally saved my life! Lets just say I was in a lot of trouble financially until I found you.Now I’m in complete AWE every time I open my betting account it’s like the numbers aren’t real, that’s why I’m constantly withdrawing the cash lol.God bless you Ben! and thank you so much for allowing me access to this amazing service. ♣♣♣ http://t.cn/A6vAxKsh
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Can you earn $7000 a month from home? Are you feeling trapped by your life? Stuck in a dead-end job you hate, but too scared to call it quits, because after all, the rent's due on the first of the month, right? Are you ready to change your life for the better? ♣♣♣ http://t.cn/AisJWzdm
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Businesses pay you up to $25 per hour to be on Twitter? ■■■ http://t.cn/AieXiXbg
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Shared Responsibility In Action

  1. 1. SHARED RESponsibility in action @marknca
  2. 2. Mark Nunnikhoven Vice President, Cloud & Emerging Technologies Trend Micro @marknca
  3. 3. Modelling security on AWS
  4. 4. TRADITIONAL ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization
  5. 5. SHARED ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization Security Groups Network Config More info on the model is available at h‫מּ‬p://aws.amazon.com/security
  6. 6. SHARED ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization Security Groups Network Config Verify Compliance information available at h‫מּ‬p://aws.amazon.com/compliance
  7. 7. Physical Network Virtualization Operation System Application Data DIY SaaSIaaS PaaS *you
  8. 8. BETTER SERVICE TYPES From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Infrastructure Abstract Container
  9. 9. SERVICE Examples Fantastic reference by AWS’ Mark Ryland at h‫מּ‬p://4mn.ca/ZZeDbA Service Type *aaS SQS, S3, Route53 Abstract SaaS RDS, EMR, OpsWorks Container PaaS EC2, EBS, VPC Infrastructure IaaS
  10. 10. Less responsibilities
  11. 11. More responsibilities Less responsibilities
  12. 12. Options : Responsibilities
  13. 13. Re:Boot
  14. 14. Critical embargoed bug discovered in Xen, details at h‫מּ‬p://4mn.ca/1rcXTTN
  15. 15. A small percentage on instances scheduled for a reboot
  16. 16. ACTIONS TO TAKE From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Nothing for cloud-native architectures Manage availability For EC2 Nothing for Multi-AZ instances Standard maintenance window for single instances For RDS
  17. 17. POODLE
  18. 18. CVE-2014-3566 : Padding Oracle On Downgraded Legacy Encryption
  19. 19. A‫מּ‬ack forces an older cipher choice. Details at h‫מּ‬p://4mn.ca/1EYfBEA
  20. 20. ACTIONS TO TAKE From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Select a non-affected cipher suite For ELB Enable TLS_FALLBACK_SCSV Disable support for SSL 3.0* For Web Servers
  21. 21. Shellshock
  22. 22. More info on bash is available at h‫מּ‬p://www.gnu.org/soﬞware/bash/
  23. 23. 10/10 vulnerability. Widespread & easy to exploit (){}; attacka:() { b; } | a‫מּ‬ack;
  24. 24. ACTIONS TO TAKE Update bash Use an intrusion prevent system For EC2
  25. 25. Applied at the boundary Majority of security controls are traditionally applied at the boundary
  26. 26. Same controls applied in the AWS Cloud, now to each instance Applied to each instance
  27. 27. Options : Responsibilities
  28. 28. @marknca Thank you.Learn more at testdrive.trendmicro.com

×