The document outlines the fundamentals of cybersecurity, cloud computing, and ethical hacking practices. It highlights various threats to cloud security, such as data breaches and account hijacking, while emphasizing the importance of regulatory standards and security measures. Additionally, it discusses the role of tools like AWS Shield and AWS WAF in protecting cloud resources and managing access control.

1. Let's prepare for what's next, and not what was last...
Keet Malin Sugathadasa
Software Engineer
Sysco Labs
Cyber Security and
Cloud Computing

2. • What is Cyber Security?
• Cryptanalysis
• Computer Hacking
• Cloud Computing Architecture
• Cloud Security
• Notorious 9 threats in cloud computing
• AWS Cloud Security
AGENDA

3. Cyber Security
Are we really secure?

4. Best Practices and Measures
taken to protect a computer or
a computer system, against an
unauthorized access or attack
• Hardware, Software, Data...
• Security Standards
• Ethical Hacking
• Best Practices
CYBER SECURITY
Cyber Security

5. • Interruption
• Interception
• Modification
• Fabrication
Threats and Attacks on Security
CYBER SECURITY

6. • Confidentiality (Privacy)
• Integrity (Trust)
• Availability
The CIA in Computer Security
CYBER SECURITY

7. Cryptanalysis
Analyzing and breaking encryption schemes

8. This uses a simple file containing
words that can be surprisingly
found in a dictionary.
• “Iamthebest”
• “Iloveblahblah”
CRYPTANALYSIS
Dictionary Attacks

9. dictionary + non-dictionary words
by working through all possible
alpha-numeric combinations
• “aaaa901”
• “Iloveblahblah2233a”
CRYPTANALYSIS
Brute Force Attack

10. Keeps a table of hashes for all
possible password combinations.
Adding salts will make this task
even tougher
• “aaaa901”
• “fsdfwer232532”
CRYPTANALYSIS
Rainbow Table Attack

11. Ask the user for his or her
password. A phishing email leads
the unsuspecting reader to a faked
portal and collect credentials
• Sending a fake email related to
bank payments
CRYPTANALYSIS
Phishing

12. Social engineering takes the whole
‘ask the user’ concept outside of
the inbox that phishing tends to
stick with and into the real world.
• Call a person posing as a bank
or other security guy
CRYPTANALYSIS
Social Engineering

13. Computer Hacking
Cyber war is the new battlefield now...

14. Anonymous
Your ignorance is our Power...

15. • Trojans
• Backdoors
• Sniffers
• Rootkits
• Exploits
• Buffer overflows
• SQL injection
Hacking Technologies
COMPUTER HACKING

16. • Reconnaissance (“Gathering information about a potential target”)
• Scanning (“Using the info gathered during reconnaissance to examine
the network”)
• Gaining access (“Owning the system”)
• Maintaining access (“Backdoors, Rootkits, Trojans”)
• Covering tracks (“Alter log entries, removing alarms”)
5 Phases in Computer Hacking
COMPUTER HACKING

17. Hacker Classes
COMPUTER HACKING

18. • Discuss the need for testing
• Sign an NDA
• Tiger team prepares a schedule for testing
• Conduct tests
• Analysis and report preparation
• Present the report to the client
Conducting Ethical Hacking
COMPUTER HACKING

19. Legality in Sri Lanka
COMPUTER HACKING
source: http://www.slcert.gov.lk/Downloads/Acts/Computer_Crimes_Act_No_24_of_2007(E).pdf

20. Cloud Computer Architecture
Cloud is not magic, It’s just another computer...

21. Definition of Cloud Computing - NIST
CLOUD COMPUTING ARCHITECTURE
source:
https://ww
w.nist.gov/

22. Service Models
CLOUD COMPUTING ARCHITECTURE

23. Cloud Security Basics
Security is a process, not a product...

24. Security in the cloud is much like
security in your on-premises data
centers - only without the costs of
maintaining facilities and
hardware.
In the cloud, you don’t have to manage
physical servers or storage devices.
Instead, you use software-based
security tools to monitor and
protect the flow of information into
and of out of your cloud resources.
CLOUD SECURITY BASICS
Cloud Security

25. How Secure is the Cloud?
CLOUD SECURITY
source: https://www.youtube.com/watch?v=8g0NrHExD3g
Layer 1:
• Perimeter Defense
Layer 2:
• Clear Zone
Layer 3:
• Facility facade/ reception area
Layer 4:
• Hallway/ Escorted Area/ Gray Space
Layer 5:
• Data Center Room/ White Space
Layer 6:
• Data Center Cabinet/ White Space

26. CLOUD SECURITY
Strict Regulatory Standards Security Tools
Confidentiality DDoS Mitigation

27. Key Security Aspect in Cloud
CLOUD SECURITY
• Network Security
↳ Firewall
• Configuration Management
• Data Encryption
• Access Control
• Monitoring and Logging

28. Notorious Nine Threats
Cloud Security Alliance (CSA)

29. 1. Data Breaches
2. Data Loss
3. Account or Service Traffic Hijacking
4. Insecure Interfaces and APIs
5. Denial of Service
6. Malicious Insiders
7. Abuse of Cloud Services
8. Insufficient Due Diligence
9. Shared Technology Vulnerabilities
NOTORIOUS NINE THREATS

30. AWS Cloud Security
Amazon Web Services Cloud Platform

31. AWS CLOUD SECURITY
Shared Responsibility

32. AWS Shield
AWS CLOUD SECURITY
• AWS Shield is a managed Distributed Denial
of Service (DDoS) protection service
• AWS Shield provides always-on detection and
automatic inline mitigations that minimize
application downtime and latency
• Happens real-time (No support needed)

33. AWS WAF
AWS CLOUD SECURITY
• AWS WAF is a web application firewall that
helps protect your web applications from
common web exploits
• AWS WAF gives you control over which traffic
to allow or block to your web applications
• block common attack patterns, such as SQL
injection or cross-site scripting

34. AWS IAM
AWS CLOUD SECURITY
• Access Control
• Use AWS Identity and Access Management
(IAM) to control users' access to AWS services
• Create and manage users and groups, and
grant or deny access

35. 1. AWS Artifact
2. AWS Certificate Manager
3. Amazon Cloud Directory
4. AWS CloudHSM
5. Amazon Cognito
6. AWS Directory Service
7. Amazon GuardDuty
8. Amazon Inspector
9. And many more...
AWS CLOUD SECURITY
source: https://aws.amazon.com/products/security/

36. Think twice
before you
connect

37. Thank you