This document summarizes a presentation on cloud server security given by Zohar Alon, co-founder and CEO of Dome9. The presentation covered who is responsible for cloud security, the need for multi-factor authentication and web application firewalls, logging and analyzing logs, and using firewalls to lock down and automate security across cloud servers. Dome9 provides a solution to automate and centralize security management across cloud servers.
CNIC Information System with Pakdata Cf In Pakistan
The Practitioner's Guide to Cloud Security
1. CloudExpo Europe – London, January 2013
The Practitioners Guide to
Cloud Security
London, January 2013
Zohar Alon
@zoharalon
Co-Founder & CEO
Dome9 – Secure Your Cloud™
2. Me, and my company
Zohar Alon – Co-Founder & CEO
Creator of Check Point’s Provider-1 & SP product lines
Over 20 years of security & IT experience.
Cloud Server Security Management
Automate and centralize security across an unlimited
number of cloud, dedicated, and virtual private servers
Dome9 – Secure Your Cloud™
4. 1 day and 86,000
attempts later…
Dome9 – Secure Your Cloud™
5. There are more than 30 million
Cloud, VPS & Dedicated Servers
Most of these servers are vulnerable to attack
– Admins leave ports open to connect to their servers
– Hackers use these same open ports to gain access
Most of these servers’ security is unmanageable
– Sprawled across multiple private & public clouds
– Operating systems are a virtual buffet
Most of the ‘available’ security doesn’t work
– Service providers lack expertise & focus to build it
– Security vendors have business models that don’t fit
and/or technology that doesn’t migrate and scale
Dome9 – Secure Your Cloud™
7. The Practitioners Guide
Part 1 – Responsibility
• Most don’t know who’s Who’s Responsible?
responsible for cloud security
– 42% say they wouldn’t know
if their cloud was hacked 33% 31%
– 39% think their provider
would tell them
• Security is everybody’s 36%
responsibility
– accept and share it!
• Security is your responsibility
– Deal with it! Customer Provider Both
Ponemon Cloud Security Research Study
Dome9 – Secure Your Cloud™
8. The Practitioners Guide
Part 2 – Authentication
• If Anyone can login
consider Multi-Factor
authentication to
harden access
• Simple mobile app
integration, w/ QR
code support & SMS
backup
Dome9 – Secure Your Cloud™
11. The Practitioners Guide
Part 3 - WAF
• WAF: Web Application Firewall
– Protects Web services, sites and applications
– Monitor the requests to the web layer
– Brute-force Login, Span Bots, SQL injections, etc.
• Easy to enable – No Install!
– Provides added security layer w/o overhead
• Every Web App Will Use one
– CloudFlare, Incapsula or Akamai
– Bonus I – site is faster
– Bonus II – DDOS mitigation capabilities
Dome9 – Secure Your Cloud™
12. The Practitioners Guide
Part 4 – Log
• You saw how many insights we get from the
logs. You need to store and analyze them.
• We use several vendors for this – each for a
different use-case:
– Splunk & SplunkStorm
– SumoLogic
– Loggly
– LogEntries
Dome9 – Secure Your Cloud™
13. The Practitioners Guide
Part 5 – Firewall
• Take Control on your security policies
– You do much more when it comes to the office firewall
• Close All (admin) Ports – Open Dynamically
– Open them only for whom, and for as long as is needed.
• Don’t rely on static scopes
– Too much management overhead and risk.
• Aggregate & Centralize firewall management
– Across regions, providers and applications
• At Dome9, we eat our own dog food
– On Amazon, Verison’s Terrermark and Rackspace
Dome9 – Secure Your Cloud™
15. Dome9: How it Works
Automated Cloud Server Security
Manage OS firewall (via
Agent) and virtual firewall
(via API) across all cloud
servers
Enable on-demand, time-
based secure access leases
per server, source & time
Automatically close server
access when lease expires
Stop attackers from
targeting open admin ports
via brute force attacks and
exploits
Dome9 – Secure Your Cloud™
16. Dome9 Central
Simplified Security Management
Time-Based Controls
1-Click Secure Access
Multi-Cloud Management
Dome9 – Secure Your Cloud™
17. Wrap Up
① Take Responsibility
② Harden Authentication
③ Use a Web Application Firewall
④ Log, Log, Log, Log, Log… and Analyze
⑤ Lockdown and Automate the Server Firewalls…
with Dome9!
Dome9 – Secure Your Cloud™
Dome9 – Server firewall management platform, brought in a SaaS subscription model.1,500 customers since launch last yearBased in Tel Aviv, with offices in the Bay AreaFocused on managing security for cloud, dedicated and VPSSpeaking today is a unique opportunity becauseDome9 is both a security company and an e-commerce companyAll of our transactions are done online and like you, have to be secured. Making sure the transaction and our infrastructure is secure is ultra critical, especially for us since we are a security company.Many of our customers are also e-commerce companies, which gives us a nice glimpse into the types of concerns they have and the threats they face
Q: What is this ?A: Brute force attack in action (by a nice Malaysian guy) on a test server at Amazon, set up by one of our developers Any success ?
Integrating with MyDigipass:Took more time to audit and review than to actually implement the integration.Took a single developer less than a day to implement.After spending a fixed (small) amount of time it is great to see the service keeps improving while doing noting on our side (example – device authorization)
Let’s get back to our poor server.I do not remember writing this url , so I searched a bit…
Apparently this is a new exploit called Elastix 2.2. LFIThis exploit is of type – directory traversal/ local file inclusion. This specific one is quite new – about 1 month old.Thank you my Lao friend for sharing such a new exploit with me.This leads us to our next part
Remember the server from slide 1 ?Q: What happened here ?A: I just used our own product to properly configure that server’s firewall
-Describe- By now, you understand what we do, now let’s dive into our dilemmas and challenges