Cloud Security

Introduction and Concepts

Created by Don Onwunumah / @teopeurt

What makes me Qualified?


Background...


  • Security Infrastructure Deployments for Finance and Governments
  • White/Black/GreyHat?
  • Information Security Researcher
  • Cryptanalyst
  • Developer
  • Realist
  • ...

...more



  • Data Scientist
  • Distributed Systems
  • Web & Mobile Engineer
  • ...

Security - Whats the Point?



"I think it’s important to recognize that you can’t have 100 per cent security..."

Linux is the Cloud

Sorry Windows

Linux Security Overview


User Accounts & Access Control
Encryption
Logging & Intrusion detection
Basic Security Sys Admin

Not Covered but relevant...

Network: Port Scanners
Protecting Data-in-Transit (TLS/SSL)
Internet Security


.. If too complicated, outsource it ..


Use a PAAS!


Let's Begin..


User Accounts



User Accounts and Access Controls

Root Account controls all user accounts and can lock out one or more accounts at any time.

User Directories are segregated from system areas and each other.

Users can generate their own files, install own programs.

Each user is given a home directory and hard disk space, separate from system areas and other users.

Encryption


Linux can encrypt data during transit, shielding it from outsiders.

Logging and Intrusion Detection


Linux can't predict when
your host will come under attack, but it can record the attacker's
movements.

Basic Tips for Sys Admin



Minimize Packages to Minimize Vulnerability


    # /sbin/chkconfig --list |grep '3:on'

     # chkconfig serviceName off

     # yum -y remove package-name

     # sudo apt-get remove package-name         

Check Listening Network Ports



# netstat -tulpn         

Use Secure Shell(SSH)



    # vi /etc/ssh/sshd_config     

 - disable root login

 - only allow specific users

 - use version 2 protocol

Keep System updated


Centos/Redhat/
# yum updates
    # yum check-update     

Ubuntu/Debian
# apt-get update 

Enable Iptables (Firewall)


/etc/init.d/iptables – init script to start|stop|restart and save rulesets.
/etc/sysconfig/iptables – where Rulesets are saved.
/sbin/iptables – binary.


Review Logs Regularly

    
/var/log/message – Where whole system logs or current activity logs are available.
/var/log/auth.log – Authentication logs.
/var/log/kern.log – Kernel logs.
/var/log/cron.log – Crond logs (cron job).
/var/log/maillog – Mail server logs.
/var/log/boot.log – System boot log.
/var/log/mysqld.log – MySQL database server log file.
/var/log/secure – Authentication log.
/var/log/utmp or /var/log/wtmp : Login records file.
/var/log/yum.log: Yum log files.

Use SSH Keys


$ ssh-keygen -t rsa -C "your_email@example.com"
    # Creates a new ssh key, using the provided email as a label
    # Generating public/private rsa key pair.
    # Enter file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
    $ ssh-add id_rsa     

Questions?

Thank You