Tech Talk on Incident Response in the Cloud

Tech Talks: Hardening AWS Environments

The recent Tech Talk, formally entitled Hardening AWS Environments; Automating Incident Response, drew an audience filled with heavy hitters from the local networking and security-oriented tech world including respected former SOU Computer Security & Computer Forensics Professor, Lynn Ackler. Andrew Krug captivated them all.

He began his presentation by explaining that his current personal project involves creating games online that teach people how to hack sites in order to understand the mentality of actual hackers and, thus, learn how to defeat their threats. Andrew and his cohorts, Joel Ferrier (Ashland, OR) and Alex McCormack (Nashville, TN) are hoping to present their project at one of the upcoming security conferences in Las Vegas this summer (Black Hat: July 30 – August 4; DEFCON: August 4-7). We hope their proposal is accepted!

Andrew launched his speech by explaining that Amazon Web Services is the largest cloud offering available; having the capability to host and resell all of the other cloud providers on top of their infrastructure, accounting for 80% of traffic through peer exchanges online in the Continental U.S. today—and, therefore, making AWS a significant target.

As a preface to the details of his talk, he described some AWS-related terms and concepts (Regions, Availability Zones, Instances, Identity & Access Management [IAM], and S3 Buckets) to bring everyone into the secure networking realm and provide a frame of reference for his presentation. He went on to present an example scenario describing the course of events that take place during a hack. His suggestion for Incident Response Staff: Follow your Incident Plan; if you don’t have one, create one. The OODA Loop (Observe>Orient>Decide>Action) is the path to follow in fighting an attack.

Watch the video on the RogueTechHub YouTube Channel for details.

Andrew wrapped his talk with a collection of guidelines for security teams to prepare their response to incidents in the cloud:

  • Explore the AWS Console
  • Turn on auditing to provide a cloud trail
  • Don’t use root credentials
  • Create Tripwires using CloudWatch Metrics (alarms based on thresholds)
  • Isolate your stacks; use VPCs
  • Use cool new features, like AWS Config
  • If you’re storing in S3, use Bucket Logs and Versioning
  • Leverage CI Services and Devops for out-of-band management

Thanks to Andrew and his associates for producing this excellent tool to help everyone understand how to respond to incidents in the cloud, and to Andrew, specifically, for volunteering his time to speak to our group.

Following his talk, Andrew sent this link to an article about Amazon’s Web Services boosting the company’s earnings for the year; $1.07 per share, ahead of 58 cents per share that were expected…wow! Almost double. Impressive!

UPCOMING TECH EVENTS AT SOU:

Our next Tech Talk is scheduled for Tuesday, May 24, 2016 (12:30 – 1:30 p.m. in SU319). Brandon Kirkland will talk about techniques and strategies he employs to get website visitors to do what you want them to do while visiting your website. He’ll also talk about how User eXperience (UX), while not specifically defining Conversion Rate Optimization (CRO), does play a large role in the CRO Process. Brandon will encourage class participation while examining a few local business websites, with the class evaluating the UX/CRO for those websites.

Our next Tech Workshop is scheduled for Thursday, May 12, 2016 (3:30 – 5:30 p.m. in MA110). Randy “Refactron” Coulman will conduct the workshop and demonstrate, through a combination of hands-on exercises and mob programming, how to refactor code on a particularly messy codebase. This essential skill will prove invaluable in a programming career—and may even help you get your next programming position!

JOIN US!