SlideShare ist ein Scribd-Unternehmen logo

Securing the cloud and your assets

Als PPTX, PDF herunterladen
Marcus Dempsey
Marcus Dempsey

Talk about the cloud and how you can go about keeping your assets secure.

Technologie
1 von 11
The cloud & securing your assets Marcus Dempsey
Shameless plug Marcus Dempsey • 24+ years working in IT • Managing Director for TeraByte IT • Penetration tester • Offensive Security Wireless Professional • Certified Ethical Hacker • Computer Hacking Forensic Investigator • F1 fan
Why use the cloud? • Managed services • Flexibility in deploying and scaling assets • Disaster recovery in a box • Pay as you go spending • Version and document control • Automatic updating of services • Environmentally friendly • Increased security controls • Infrastructure as a service • Platform as a service • No standing in a cold isle at the datacentre
Cloud Providers
What are the dangers? • Intrusion • Data theft • Possible loss of reputation • Bankruptcy • Insider attacks • No control over vendor outages • Automatic updates may cause incompatibility issues • Disgruntled employee • Lack or loss of overall visibility of service health
Securing your assets • Installation of endpoint anti-virus software • Only allowing inbound / outbound traffic for what’s needed • Keep machines patched and up to date (including base build images) • Restrict privileged user access to specific users only • Make use of auditing, login / logout, privilege changes etc. • Make use of two-factor authentication especially for high-level accounts • Regular penetration testing (internal / external) • Strong certificates which have 2048bit or greater keys and SHA256 • Encrypt traffic between endpoints (HTTPS, IPSEC) • Microsoft environments, use Windows Server Update Services (WSUS)
Mistakes that are made • Not updating client applications (Java / Adobe) • Not updating Operating Systems • Opening access to SSH, RDP to the world • Not having well defined security controls / policies in place • Use of weak or common passwords • Not disabling unused accounts • Not planning for expansion and resilience from day one • Not patching critical exploits / 0day
25 common passwords of 2014 123456 password 12345 12345678 qwerty 123456789 1234 Baseball Dragon football 1234567 monkey letmein abc123 123123 111111 mustang access shadow master michael superman 696969 batman trustno1
Things that make sysadmins cry
More information Amazon AWS • http://aws.amazon.com/whitepapers/aws-security-best-practices • http://aws.amazon.com/security Microsoft Azure • http://blogs.msdn.com/b/mast/archive/2013/02/05/security-best- practices-for-windows-azure.aspx • http://blogs.msdn.com/b/usisvde/archive/2012/03/07/windows-azure- security-best-practices-part-1-the-challenges-defense-in-depth.aspx Vulnerability News • https://technet.microsoft.com/en-us/security/cc307424.aspx • https://cve.mitre.org/ • http://www.securityfocus.com/vulnerabilities
Any Questions?

Empfohlen

CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoNCCOMMS
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Practical Defense
Practical DefensePractical Defense
Practical DefenseSean Whalen
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 

Empfohlen

CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoNCCOMMS
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Practical Defense
Practical DefensePractical Defense
Practical DefenseSean Whalen
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
Serverless Functions OR Microservices
Serverless Functions OR MicroservicesServerless Functions OR Microservices
Serverless Functions OR MicroservicesRadu Vunvulea
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Monitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteMonitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteDave Rendón
 
Enterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesEnterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesThousandEyes
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkAlgoSec
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack SecuredJohn Kinsella
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirAMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirVMware
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes
 
10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public Cloud10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public CloudIntuit Inc.
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoNCCOMMS
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentAlgoSec
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 

Weitere ähnliche Inhalte

Was ist angesagt?

Serverless Functions OR Microservices
Serverless Functions OR MicroservicesServerless Functions OR Microservices
Serverless Functions OR MicroservicesRadu Vunvulea
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Monitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteMonitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteDave Rendón
 
Enterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesEnterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesThousandEyes
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkAlgoSec
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirAMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirVMware
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes
 
10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public Cloud10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public CloudIntuit Inc.
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoNCCOMMS
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentAlgoSec
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 

Was ist angesagt? (20)

Serverless Functions OR Microservices
Serverless Functions OR MicroservicesServerless Functions OR Microservices
Serverless Functions OR Microservices
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Monitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management SuiteMonitoreo en Azure con Operations Management Suite
Monitoreo en Azure con Operations Management Suite
 
Enterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best PracticesEnterprise Agents: Deployment Best Practices
Enterprise Agents: Deployment Best Practices
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirAMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at Zendesk
 
10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public Cloud10 Tips for Your Journey to the Public Cloud
10 Tips for Your Journey to the Public Cloud
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami Laiho
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challenges
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
 

Ähnlich wie Securing the cloud and your assets

The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Imran Zahid Hussain Dalvi
Imran Zahid Hussain DalviImran Zahid Hussain Dalvi
Imran Zahid Hussain DalviImran Dalvi
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?Precisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the applicationMatthew Saltzman
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserverMicro Focus
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your systemRevital Lapidot
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your systemRevital Lapidot
 
SnapComms Technical overview
SnapComms Technical overviewSnapComms Technical overview
SnapComms Technical overviewSnapComms
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 

Ähnlich wie Securing the cloud and your assets (20)

The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Imran Zahid Hussain Dalvi
Imran Zahid Hussain DalviImran Zahid Hussain Dalvi
Imran Zahid Hussain Dalvi
 
CipherGraph Cloud VPN
CipherGraph Cloud VPNCipherGraph Cloud VPN
CipherGraph Cloud VPN
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
 
Dakotacon 2017
Dakotacon 2017Dakotacon 2017
Dakotacon 2017
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
SnapComms Technical overview
SnapComms Technical overviewSnapComms Technical overview
SnapComms Technical overview
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overview
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Securing the cloud and your assets

  • 1. The cloud & securing your assets Marcus Dempsey
  • 2. Shameless plug Marcus Dempsey • 24+ years working in IT • Managing Director for TeraByte IT • Penetration tester • Offensive Security Wireless Professional • Certified Ethical Hacker • Computer Hacking Forensic Investigator • F1 fan
  • 3. Why use the cloud? • Managed services • Flexibility in deploying and scaling assets • Disaster recovery in a box • Pay as you go spending • Version and document control • Automatic updating of services • Environmentally friendly • Increased security controls • Infrastructure as a service • Platform as a service • No standing in a cold isle at the datacentre
  • 5. What are the dangers? • Intrusion • Data theft • Possible loss of reputation • Bankruptcy • Insider attacks • No control over vendor outages • Automatic updates may cause incompatibility issues • Disgruntled employee • Lack or loss of overall visibility of service health
  • 6. Securing your assets • Installation of endpoint anti-virus software • Only allowing inbound / outbound traffic for what’s needed • Keep machines patched and up to date (including base build images) • Restrict privileged user access to specific users only • Make use of auditing, login / logout, privilege changes etc. • Make use of two-factor authentication especially for high-level accounts • Regular penetration testing (internal / external) • Strong certificates which have 2048bit or greater keys and SHA256 • Encrypt traffic between endpoints (HTTPS, IPSEC) • Microsoft environments, use Windows Server Update Services (WSUS)
  • 7. Mistakes that are made • Not updating client applications (Java / Adobe) • Not updating Operating Systems • Opening access to SSH, RDP to the world • Not having well defined security controls / policies in place • Use of weak or common passwords • Not disabling unused accounts • Not planning for expansion and resilience from day one • Not patching critical exploits / 0day
  • 8. 25 common passwords of 2014 123456 password 12345 12345678 qwerty 123456789 1234 Baseball Dragon football 1234567 monkey letmein abc123 123123 111111 mustang access shadow master michael superman 696969 batman trustno1
  • 9. Things that make sysadmins cry
  • 10. More information Amazon AWS • http://aws.amazon.com/whitepapers/aws-security-best-practices • http://aws.amazon.com/security Microsoft Azure • http://blogs.msdn.com/b/mast/archive/2013/02/05/security-best- practices-for-windows-azure.aspx • http://blogs.msdn.com/b/usisvde/archive/2012/03/07/windows-azure- security-best-practices-part-1-the-challenges-defense-in-depth.aspx Vulnerability News • https://technet.microsoft.com/en-us/security/cc307424.aspx • https://cve.mitre.org/ • http://www.securityfocus.com/vulnerabilities