From Zero to Secure in One Minute

Presented at Black Hat Asia 2015, Unknown date/time (Unknown duration)

Cloud instances lifecycles are changing fast and forces us to improve the way we secure those IaaS instances. Nowadays we can find servers that are installed, launched, process data and terminate - all within a range of minutes. This new accelerated lifecycle makes traditional security processes such as periodic patches, vulnerability scanning, hardening, and forensics impossible. In this accelerated lifecycle, there are no maintenance windows for patches or ability to mitigate vulnerability, so the security infrastructure must adapt to new methods. In this new thinking, we require automation of instance security configuration, hardening, monitoring, and termination. Because there are no maintenance windows, Servers must be patched before they boot up, security configuration and hardening procedures should be integrated with server installation and vulnerability scanning and mitigation processes should be automatic. In this presentation, we announce a new open source tool called "Cloudefigo" and explain how it enables accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instance into an encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo, we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption key repositories for secure server's communication. The result of those techniques is cloud servers that are resilient, automatically configured, with reduced attack surface.

Presenters:

• Moshe Ferber
  Moshe Ferber is an information security entrepreneur and one of the corner stones of the information security industry in Israel, With over 20 years experience in various industry leading positions. Currently Mr. Ferber focuses in promoting innovation in the Israeli startups scene as an investor, lecturer and evangelist for various security topics.
• Nir Valtman - NCR
  Nir is employed at NCR Corporation as the Enterprise Security Architect of NCR Retail. Before the acquisition of Retalix by NCR, he was Chief Security Officer of R&D at the company. As part of his previous positions in the last decade, he worked as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant, and a Technological Trainer. While in these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing, and development for personal/internal applications. In addition, Nir released an open source anti-defacement tool called AntiDef and wrote a publication about QRbot, an iPhone QR botnet POC he developed. Nir has a BSc in Computer Science but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.

Links:

• https://www.blackhat.com/asia-15/briefings.html#Valtman
• https://www.youtube.com/watch?v=nknwsqP01F0
• https://www.blackhat.com/docs/asia-15/materials/asia-15-Valtman-From-Zero-To-Secure-In-One-Minute.pdf

Similar Presentations:

• ToorCon San Diego 17 (2015) / From 0 to secure in 1 minute
• AppSec USA 2015 / Security as Code: A New Frontier
• DEF CON 23 (2015) / From 0 To Secure In 1 Minute - Securing IAAS