Cloud Recon

These days many organizations have migrated at least some of their IT services to a cloud environment. Cloud adaptation could be as basic as the use of Microsoft Office 365 on some workstations, or it could be much more comprehensive, such as the use of a fully integrated Azure or Amazon AWS infrastructure. With this increased importance comes an increased level of risk as well, which needs to be taken into account when allocating resources to security tasks. This is especially when it comes to regular penetration testing and vulnerability scanning of cloud services.

Reconnaissance and enumeration: When it comes to penetration testing and vulnerability scanning, knowledge is everything. The more information an attacker has about a targeted organization, the easier and further the system can be compromised. From a defensive perspective, the more information an entity has  about the network; the better an organization can protect and monitor it. There are many ways to gather this required information, both passively (reconnaissance) and actively (enumeration).

DNS Records: The first step in (public) cloud reconnaissance is to identify whether the target is using any cloud services and if so, which services they are. The best way to do this is to query specific DNS records. DNS MX Records are used to direct email to a company’s e-mail servers for processing, which means they hold important information. If the records point to for instance, the target is likely using Office 365 for e-mail services. Many other service providers require the same type of authentication. If there is a DNS TXT record named amazonses for instance, the target is likely to use Amazon Simple Email Service. More information is available as well via CNAME, SPF and DFS records. There are a lot of tools available that can easily extract the required DNS information. Nmap, DNSEnum, and DIG are some of the tools that come pre-installed with Kali Linux .

Network and Application Scanning:  Traditional tools such as Nmap and Kismet scan the cloud perimeter without any issues. What is new, however, is that a cloud target is located within a shared network, owned by the Cloud Service Provider (CSP). To avoid any impact on other customers and any defensive or legal action from the CSP, always ask (you should always do this!) for written approval before starting scans, both to and from a cloud instance.

Cloud Specialized Tools: Development of new and adapted reconnaissance, enumeration and exploitation tools, specialized in targeting public cloud providers has been limited. However, there are a few useful cloud specific reconnaissance tools though. For instance, Azurite is a reconnaissance and visualization tool that gives a good understanding of which Azure services are in use and how they are connected. An interesting development from the offensive side is the use of bots that search sites like GitHub for uploaded code, accidentally containing cloud account access (API) keys.

Vulnerability scanning:  Finally, the most comprehensive, but the noisiest method or network reconnaissance is the use of a vulnerability scanner. Such a scanner simply runs through a standard or customized profile of passive and active scans and lists the detected vulnerabilities, sometimes alongside remediation actions. Such a scanner could be placed inside the cloud instance, such as the Qualys Virtual Scanner Appliance for Amazon AWS. Another option is to use the security services of the Cloud Service Provider, for instance in the form of Amazon Inspector. As with network scanning, prior written authorization from the Cloud Service Provider is required.

It is increasingly important for any company to know what network and security information is publicly accessible via the Internet. After proactively gathering this information, actions can be taken to limit the exposure and with that, the security risks. Regular scans of the perimeter, analysis, and clean-up of DNS records, taking obsolete services and cloud instances offline; there is much an organization could do to be proactive from a security perspective. In the end, it is critical to know what company data is out there so it can be best protected from malicious entities.



Three Criteria for Evaluating Public Cloud Storage Providers

Prior to selecting a public cloud service provider, it is essential that you understand what each vendor offers and how their services can best meet your organization’s needs. A move to the public cloud is a major shift in an organization’s architecture, and it provides many computing and performance benefits that are not available from a locally installed storage network. But before selecting a public cloud storage provider, you must ensure its offerings are a good fit for your organization. Some factors to consider:

Cost.  In many cases, monthly billing may be the least expensive option. However, understanding how much public cloud storage your company needs upfront will make cost guidance with vendors easier.  Especially, knowing the types of applications that will be hosted in the cloud will also affect the total cost. Knowing how these applications work will enable you to determine if storage will go up slightly based on transactions and the amount of bandwidth (upload/download) used.

Architecture services. Providers offer different storage replication options. For example, some services replicate your data to multiple data centers that are geographically distributed. You should review these in detail to determine how each one could potentially affect your architecture and compliance, especially for storage of sensitive financial and personal data. Another consideration is how public cloud storage providers will back up data or have storage moved from less redundant disks to more redundant storage . Be sure to ask what type of hardware the provider uses, as well as the speed and IOPS of the storage.  Lastly, each cloud storage service provider offers certain unique services. Examples include cloud storage gateways, API management and long-term data storage. Review these to see which ones could help you manage your storage more efficiently.

Sovereignty and security. There are two major considerations when dealing with public cloud storage providers. Questions to ask include the following:

  • How does the provider handle ownership of your data?
  • How is data segmented in a public tenant space?
  • How is the data encrypted, and who has access to it?
  • In which region will your data be stored?
  • How is the data terminated if your organization decides to leave the public cloud service provider?

Failure to ask these questions could leave your organization feeling trapped by a provider.

When vetting public cloud storage providers, the security of its systems should be reviewed to see where it matches and, in many cases, possibly exceeds the security of your company’s internal storage network. Organizations in industries such as finance and healthcare must meet compliance standards for data that’s stored in the cloud. A cloud provider should have the appropriate documentation for meeting these standards. When making the move to public cloud storage, remember to include the security team and auditors in the decision-making process especially to help determine which compliance considerations are most important for your industry.

How To Be Secure When Working Remotely

Today, more and more companies have opened their doors and stepped outside the four corners of their office. Times have indeed changed and remote work is now slowly taking over.  For the employees who work from home they don’t need to spend for transportation and stress that comes with commuting. As for the employers having some of the staff work remotely means they no longer need to pay serious amounts of money for a huge office space as well as for the electricity consumption.

Despite the numerous benefits of going remote, there are serious risks that still come with this trend. Risks that if left unaddressed early could mean serious losses for companies. These risks involve losses of valuable, confidential data and sensitive information that are not for public consumption. Here, security awareness training is key to equip your employees with the right knowledge, tools, and mindset that will keep them from falling prey to cyber attacks outside. Some of the tools that will help achieve those goals of protecting valuable data and information are discussed next:

Virtual Private Networks. Similar to what a firewall does, VPNs protect your laptop’s data online, with the front end retaining the same security, functionality, and appearance despite being a Wide Area Network. VPNs combine encryption protocols and dedicated connections to create virtual P2P connections, which in turn keep hackers from accessing transmitted data that they may have managed to obtain. A number of VPN security protocols have been developed through the years each offering different features:

  • Point-to-Point Tunneling Protocol (PPTP). PPTP is a VPN protocol that is known to be flexible in terms of its ability to be installed in different kinds of operating systems. It is, however, incapable of performing an encryption; rather, what it does is encapsulate the data packet.
  • Transport Layer Security (TLS). This type of VPN is commonly used by service providers and online retailers. It features a “handshake method” which generates the cryptographic parameters that serve as a means for the two systems to create a secure connection, as well as authenticating the session and exchanging encryption keys.
  • Secure Shell (SSH). This type of VPN creates the VPN tunnel as well as the encryption that provides the protection to the former. This feature enables remote workers to safely transfer information by routing traffic from remote file servers, using of course, an encrypted channel.
  • Layer 2 Tunneling Protocol (L2TP)/IPsec. Similar to the PPTP, the L2TP is likewise incapable of encryption. Nevertheless, it compensates by creating the tunnel while the IPsec takes care of the encryption (as well as data integrity checks).
  • IP Security (IPsec). The partner of the L2TP, the IPsec can no less stand on its own as it operates in two modes: first, the tunneling mode, wherein it encrypts the data packet in its entirety, and second, the transport mode, wherein it only encrypts the data packet message.

Firewalls. A firewall software functions by filtering the information coming through the Internet connection and into your company’s computer system or private network, in the case of homes. Basically, it serves as a “checkpoint” wherein they bar packets of information that are flagged by filters.

Connectivity Guidelines. Business owners should come up with security standards and policies that all remote workers should follow to the dot, and without any compromise. These guidelines may include rules that prohibit remote workers from accessing unsecured connections, unrecognised Bluetooth connections, and the like.

Going Cloud. Another excellent option that is becoming more popular among companies that are looking to improve their remote security are web-based cloud solutions. Cloud-based solutions and apps tend to be compliant with industry regulations and generally data within the cloud is encrypted. Business owners and managers can also regulate the access abilities of their employees.