SlideShare ist ein Scribd-Unternehmen logo

Securing the cloud and your assets

Als PPTX, PDF herunterladen
Marcus Dempsey
Marcus Dempsey

Talk about the cloud and how you can go about keeping your assets secure.

Technologie
1 von 11
The cloud & securing your assets Marcus Dempsey
Shameless plug Marcus Dempsey • 24+ years working in IT • Managing Director for TeraByte IT • Penetration tester • Offensive Security Wireless Professional • Certified Ethical Hacker • Computer Hacking Forensic Investigator • F1 fan
Why use the cloud? • Managed services • Flexibility in deploying and scaling assets • Disaster recovery in a box • Pay as you go spending • Version and document control • Automatic updating of services • Environmentally friendly • Increased security controls • Infrastructure as a service • Platform as a service • No standing in a cold isle at the datacentre
Cloud Providers
What are the dangers? • Intrusion • Data theft • Possible loss of reputation • Bankruptcy • Insider attacks • No control over vendor outages • Automatic updates may cause incompatibility issues • Disgruntled employee • Lack or loss of overall visibility of service health
Securing your assets • Installation of endpoint anti-virus software • Only allowing inbound / outbound traffic for what’s needed • Keep machines patched and up to date (including base build images) • Restrict privileged user access to specific users only • Make use of auditing, login / logout, privilege changes etc. • Make use of two-factor authentication especially for high-level accounts • Regular penetration testing (internal / external) • Strong certificates which have 2048bit or greater keys and SHA256 • Encrypt traffic between endpoints (HTTPS, IPSEC) • Microsoft environments, use Windows Server Update Services (WSUS)
Mistakes that are made • Not updating client applications (Java / Adobe) • Not updating Operating Systems • Opening access to SSH, RDP to the world • Not having well defined security controls / policies in place • Use of weak or common passwords • Not disabling unused accounts • Not planning for expansion and resilience from day one • Not patching critical exploits / 0day
25 common passwords of 2014 123456 password 12345 12345678 qwerty 123456789 1234 Baseball Dragon football 1234567 monkey letmein abc123 123123 111111 mustang access shadow master michael superman 696969 batman trustno1
Things that make sysadmins cry
More information Amazon AWS • http://aws.amazon.com/whitepapers/aws-security-best-practices • http://aws.amazon.com/security Microsoft Azure • http://blogs.msdn.com/b/mast/archive/2013/02/05/security-best- practices-for-windows-azure.aspx • http://blogs.msdn.com/b/usisvde/archive/2012/03/07/windows-azure- security-best-practices-part-1-the-challenges-defense-in-depth.aspx Vulnerability News • https://technet.microsoft.com/en-us/security/cc307424.aspx • https://cve.mitre.org/ • http://www.securityfocus.com/vulnerabilities
Any Questions?

Empfohlen

CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoNCCOMMS
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Practical Defense
Practical DefensePractical Defense
Practical DefenseSean Whalen
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 

Empfohlen

CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoNCCOMMS
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Practical Defense
Practical DefensePractical Defense
Practical DefenseSean Whalen
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
Serverless Functions OR Microservices
Serverless Functions OR MicroservicesServerless Functions OR Microservices
Serverless Functions OR MicroservicesRadu Vunvulea
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Monitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteMonitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteDave Rendón
 
Enterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesEnterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesThousandEyes
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkAlgoSec
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack SecuredJohn Kinsella
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirAMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirVMware
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes
 
10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public Cloud10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public CloudIntuit Inc.
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoNCCOMMS
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentAlgoSec
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 

Weitere ähnliche Inhalte

Was ist angesagt?

Serverless Functions OR Microservices
Serverless Functions OR MicroservicesServerless Functions OR Microservices
Serverless Functions OR MicroservicesRadu Vunvulea
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Monitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteMonitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteDave Rendón
 
Enterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesEnterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesThousandEyes
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkAlgoSec
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirAMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirVMware
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes
 
10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public Cloud10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public CloudIntuit Inc.
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoNCCOMMS
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentAlgoSec
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 

Was ist angesagt? (20)

Serverless Functions OR Microservices
Serverless Functions OR MicroservicesServerless Functions OR Microservices
Serverless Functions OR Microservices
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Monitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteMonitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management Suite
 
Enterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesEnterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best Practices
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirAMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at Zendesk
 
10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public Cloud10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public Cloud
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami Laiho
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challenges
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
 

Ähnlich wie Securing the cloud and your assets

The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Imran Zahid Hussain Dalvi
Imran Zahid Hussain DalviImran Zahid Hussain Dalvi
Imran Zahid Hussain DalviImran Dalvi
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?Precisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the applicationMatthew Saltzman
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserverMicro Focus
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your systemRevital Lapidot
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your systemRevital Lapidot
 
SnapComms Technical overview
SnapComms Technical overviewSnapComms Technical overview
SnapComms Technical overviewSnapComms
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 

Ähnlich wie Securing the cloud and your assets (20)

The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Imran Zahid Hussain Dalvi
Imran Zahid Hussain DalviImran Zahid Hussain Dalvi
Imran Zahid Hussain Dalvi
 
CipherGraph Cloud VPN
CipherGraph Cloud VPNCipherGraph Cloud VPN
CipherGraph Cloud VPN
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
 
Dakotacon 2017
Dakotacon 2017Dakotacon 2017
Dakotacon 2017
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
SnapComms Technical overview
SnapComms Technical overviewSnapComms Technical overview
SnapComms Technical overview
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overview
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 

Kürzlich hochgeladen

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Kürzlich hochgeladen (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Securing the cloud and your assets

  • 1. The cloud & securing your assets Marcus Dempsey
  • 2. Shameless plug Marcus Dempsey • 24+ years working in IT • Managing Director for TeraByte IT • Penetration tester • Offensive Security Wireless Professional • Certified Ethical Hacker • Computer Hacking Forensic Investigator • F1 fan
  • 3. Why use the cloud? • Managed services • Flexibility in deploying and scaling assets • Disaster recovery in a box • Pay as you go spending • Version and document control • Automatic updating of services • Environmentally friendly • Increased security controls • Infrastructure as a service • Platform as a service • No standing in a cold isle at the datacentre
  • 5. What are the dangers? • Intrusion • Data theft • Possible loss of reputation • Bankruptcy • Insider attacks • No control over vendor outages • Automatic updates may cause incompatibility issues • Disgruntled employee • Lack or loss of overall visibility of service health
  • 6. Securing your assets • Installation of endpoint anti-virus software • Only allowing inbound / outbound traffic for what’s needed • Keep machines patched and up to date (including base build images) • Restrict privileged user access to specific users only • Make use of auditing, login / logout, privilege changes etc. • Make use of two-factor authentication especially for high-level accounts • Regular penetration testing (internal / external) • Strong certificates which have 2048bit or greater keys and SHA256 • Encrypt traffic between endpoints (HTTPS, IPSEC) • Microsoft environments, use Windows Server Update Services (WSUS)
  • 7. Mistakes that are made • Not updating client applications (Java / Adobe) • Not updating Operating Systems • Opening access to SSH, RDP to the world • Not having well defined security controls / policies in place • Use of weak or common passwords • Not disabling unused accounts • Not planning for expansion and resilience from day one • Not patching critical exploits / 0day
  • 8. 25 common passwords of 2014 123456 password 12345 12345678 qwerty 123456789 1234 Baseball Dragon football 1234567 monkey letmein abc123 123123 111111 mustang access shadow master michael superman 696969 batman trustno1
  • 9. Things that make sysadmins cry
  • 10. More information Amazon AWS • http://aws.amazon.com/whitepapers/aws-security-best-practices • http://aws.amazon.com/security Microsoft Azure • http://blogs.msdn.com/b/mast/archive/2013/02/05/security-best- practices-for-windows-azure.aspx • http://blogs.msdn.com/b/usisvde/archive/2012/03/07/windows-azure- security-best-practices-part-1-the-challenges-defense-in-depth.aspx Vulnerability News • https://technet.microsoft.com/en-us/security/cc307424.aspx • https://cve.mitre.org/ • http://www.securityfocus.com/vulnerabilities