The document outlines an AWS Chicago meetup featuring talks on security practices in AWS, including presentations from experts on topics such as securing AWS installations and advanced monitoring techniques. It emphasizes the importance of encryption, access control, and automated security testing to protect sensitive data in the cloud. The event includes networking opportunities and a Q&A session to discuss AWS security best practices.

1. Organizer
!
Margaret Walker
CohesiveFT
!
!
Tweet: @MargieWalker
#AWSChicago
Sponsored by
Hosted by
#AWSChicago

2. !
AWS Chicago Meetup
!
July?

3. 6:00 pm Introductions
6:10 pm Lightning Talks
!
Live from DC! - Ben Hagen, Senior Cloud Security Engineer
at Netflix @benhagen
"Securing your AWS installation" - Bryan Murphy,Technical
Architect at Mediafly @bryanmurphy
"Advanced Monitoring and Detection on Linux-based
workloads in AWS" - Aaron Botsis, Lead Product Manager at
ThreatStack @aaronb
"AWS Security best practices" - Mattew Long, Founder and
CEO at roZoom, Inc @mlong168
!
6:30 pm Q & A
7:00 pm Networking, drinks and pizza
Agenda Sponsored by
Hosted by
#AWSChicago

4. “Live from DC!”
!
Ben Hagen
Senior Cloud Security Engineer at Netflix
!
Tweet: @benhagen
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago

5. “Securing your AWS installation”
!
Bryan Murphy
Technical Architect at Mediafly
!
Tweet: @bryanmurphy
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago

6. Safe Harbor Statement: Our discussions may include predictions, estimates or other information that might be considered
forward-looking. While these forward-looking statements represent our current judgment on what the future holds, they
are subject to risks and uncertainties that could cause actual results to differ materially. You are cautioned not to place
undue reliance on these forward-looking statements, which reflect our opinions only as of the date of this presentation.
Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these
forward- looking statements in light of new information or future events. Throughout today’s discussion, we will attempt to
convey some important factors relating to our business that may affect our predictions. © 2006-2014 Mediafly, Inc. | Confidential
Infrastructure Security Best Practices
On Amazon Web Services
Bryan Murphy

7. © 2006-2014 Mediafly, Inc. | Confidential
Mediafly, Inc.
Technical Architect
Back-end services, video processing, scaling and architecture
Mobitrac, Inc.
Senior Developer
Travelling salesman problem, routing algorithms, and mapping
RBC/Centura Mortgage
Lead Web Developer
Online loan officer hosting platform and rate search engine
Who am I?

8. © 2006-2014 Mediafly, Inc. | Confidential
Who are we?
“The Content Mobility Cloud”
We process and store highly sensitive content for Fortune 500 customers, and
deliver that content to white-labeled mobile apps and the web
• Sales presentations and selling collateral
• Pre-release/pre-air video
Customers include:
• Global banks
• Leading consumer-packaged goods companies
• TV and theatrical studios
Small, passionate, growing team
• We are hiring! Search mediafly careers

9. © 2006-2014 Mediafly, Inc. | Confidential
Infrastructural Security
Three major areas:
Content Infrastructure Operations
● Keeping content
encrypted from
ingest through
delivery
● E.g. key exchange,
at-rest encryption,
DRM, more
● Hardening server
security while
ensuring reliability,
performance and
low cost
● E.g. users and
roles, VPC, server
bootstrapping
● Ensuring
procedures and
personnel keep
content secure
● E.g. managing
account
termination,
principles of least
privilege

10. © 2006-2014 Mediafly, Inc. | Confidential
Secure All Communication
The cloud is a hostile environment
• Service limitations (no private load balancers,
security group limits)
• Network limitations (no multicast, no shared ip
addresses, etc.)
• Noisy neighbors
• Malicious third parties
What to do:
• SSL/TLS everywhere
• Encrypt: transports, configuration, data, binaries
• Use standard tools (openssl/gnupg)
• Implement authorization for internal services

11. © 2006-2014 Mediafly, Inc. | Confidential
Authorization and Access Control
Restricted Access
• Many credentials, limited permissions
• Restricted one-time-use accounts or accounts
with expiration where possible
Protecting Credentials
• Use public key cryptography
• Store encrypted credentials in source control
IAM Accounts vs. Roles
• Roles: good for isolated servers, boot
• Accounts: good for services, users
DENIED!

12. © 2006-2014 Mediafly, Inc. | Confidential
Isolate Services and Customers
Isolation
• Isolate services and environments from each other
using bulkheads
• Examples: VPN, ssh proxy, REST API, message
queues
Stateless Servers
• Deliver credentials as needed using public key
cryptography
• Execute in sandbox
• Purge sandbox on completion

13. © 2006-2014 Mediafly, Inc. | Confidential
Verification
Automated Security Testing
Regular Audits
• Manual internal audits
• Third party automated testing
• Third party security audits
Logging
Monitoring

14. © 2006-2014 Mediafly, Inc. | Confidential
Infrastructural Security is a Balancing Act
Secure Flexible

15. © 2006-2014 Mediafly, Inc. | Confidential
Thank you!
Bryan Murphy
twitter.com/bryanmurphy
twitter.com/mediafly

16. “Advanced Monitoring and
Detection on Linux-based
workloads in AWS”
!
Aaron Botsis
Lead Product Manager at ThreatStack
!
Tweet: @aaronb
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago

17. ADVANCED SECURITY
MONITORING FOR
THE CLOUD
Aaron Botsis
@aaronb, @threatstack

19. who is logging into my (machines|applications|SaaS accounts)
!
what are they are running
!
of running apps, what are making network activity, and where
!
every kernel module loaded
every library
every file created/modified/removed
everything!!!!
but why stop there?

20. but aaron, why?

22. !
prevention fails

23. thanks, aaron

24. step 1:
audit all of the things
logins
processes
network activity
file access
kernel modules
shared libraries

25. // `curl google.com` emits this:
!
{
id: 1018103008,
start: 1399236274,
end: 1399236275,
duration: 1,
protocol: 'tcp',
byte_count: 1195,
packet_count: 11,
src_ip_numeric: 3232300674,
dst_ip_numeric: 1127355157,
src_ip: '192.168.254.130',
dst_ip: '67.50.19.21',
src_port: 37814,
dst_port: 80
}
by thinking inside the box

26. step 2:
build behavior
profiles
does apache always spawn a shell?
does that shell always switch privs to root?
does root always make network connections to China?

27. ..by thinking outside
the box

28. step 3:
anomalies help
prevent
devs know app best
behavior deviations help identify attack new vectors
create rules to looks for known misbehavior
disable behavioral detection programmatically

29. Why DevOps.!
(…a tangent)

30. bonus: detection

31. thank you.

32. “AWS Security best practices”
!
Mattew Long
Founder and CEO at roZoom, Inc
!
Tweet: @mlong168
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago

34. About Me
President & CEO @roZoom
Twitter @mlong168
Linkedin: http://linkd.in/T90u7l

35. AWS Security: Act One

38. To ensure a secure global infrastructure, AWS configures infrastructure components
and provides services and features you can use to enhance security, such as the
Identity and Access Management (IAM) service, which you can use to manage users
and user permissions in a subset of AWS services. To ensure secure services, AWS
offers shared responsibility models for each of the different type of service that we
offer:
● Infrastructure services
● Container services
● Abstracted services

39. Infrastructure Services

40. Container Services

41. Abstracted Services

42. Security Best Practices
AWS Management Console/IAM

43. Security Best Practices
AWS Management Console: Enable Two Factor Authentication

44. Security Best Practices
AWS OS-Level Access to EC2
● Options for security of encryption keys:
○ Store of on encrypted media
○ CloudHSM
○ LDAP/IAM Bridge: http://bit.ly/1lNlgV8
○ Gazzang: http://bit.ly/1lNkO9m
● Options for Os-Level Authentication
○ LDAP/Active Directory/Kerbose, etc..
○ Two-Factor auth: Google Authenticator (http:
//bit.ly/1lNtwo5),Wikid, RSA
○ LDAP/IAM Bridge: http://bit.ly/1lNlgV8

45. Security Best Practices
Protecting Data at Rest
For regulatory or business requirement reasons, you might want to further protect your data
at rest stored in Amazon S3, on Amazon EBS, Amazon RDS, or other services from AWS.
● Accidental information disclosure
● Data integrity compromise
● Accidental deletion
● System, infrastructure, hardware or software
availability

46. Security Best Practices
Protecting Data at Rest: S3

47. Security Best Practices
Protecting Data at Rest: EBS

48. Security Best Practices
Protecting Data at Rest: RDS/Databases/EMR,etc
● Ensure you encrypt any sensitive information on disk or at
the database level
● Always segment out data layer from application layer
● If access if require from outside of AWS regions or
network, make sure you use SSL or VPC to encrypt data

49. Security Best Practices
Protecting Data in Transit

50. Security Best Practices
Network Layering

51. Security Best Practices
Other Topics
● DDoS Protection: Black Swan, Cloudflare, Cloudfront
● Monitoring and Alerting: Garylog2, Fluentd, Splunk,
Cloudtrail
● Unified Threat Management : AlienVault
● Vulnerability Scanning: MetaSploit, Nessus
● IDS: Snort, OSSEC
● Web Application Firewalls: Imperva, Modsecurity
● Data Loss Prevention
● AWS VPC or Direct connect for on-premise network
access
● AWS Trusted Advisor Scanning or Nessus

53. Credits
Credits go to the following:
AWS Security Best Practices: http://bit.
ly/T97y3I

54. Q & A
!
!
Pizza’s almost here!
!
!
Sponsored by
Hosted by
#AWSChicago