Embed Size (px)
Citation preview
演讲题目
Penetrat ion Test ing the
Cloud
Thank You
• Cloud Connect China
• Sponsors
• Department 83
• Peoples Republic of China
Background
• Vlad Gostomelsky
• Managing Consultant
• Penetration Tester 16+ years
• Spirent Communications
• Banks, Vehicles, ICS, Wireless, Embedded Systems, Satellites, Power Generation
Assumptions
• Currently deployed cloud hosting
• Plan to transition to cloud hosted data center
Advantages
• Overhead Costs
• Pay only for what’s used
• Elastic Capacity
• Agile
• Infrastructure as a Service
Model
• Public
• Private
• Community
• Hybrid
Attack Surface
• External Attacks
• Internal Attacks
Cloud Attack Surface
• External Attacks
• Internal Attacks
• Provider
• Misconfiguration
• Hypervisor Attacks
• Government/National Security Letters
External Attacks
• Front End
• Exposed Interfaces
• Misconfigurations
• Malicious Clients
Internal Attacks
• Malicious Employees
• Disgruntled former Employees
• Incompetence
Provider Attacks
• Hypervisor
• Trust
• Routing
• Certificates
Hypervisor Attacks
• Vulnerability in the virtualization platform
• Known 0 days
• Transparency from Providers
• Auditing
• Code Review
Routing
• DOS/DDOS
• Preferred DNS
• Shunning
• False BGP Route advertising
• Load Balancing
• Content Injection
Certificates
• Certificate Authority
• Forged Certificates
Public Cloud
• Shared Environment
• Malicious Clients
• Profiling
• Crossover Attacks
• Increased Exposure due to Other Services
Private Cloud
• Isolated Environment
• Profiling
Differences
Conventional Attacks
• Exposed Services
• API
• Unauthenticated API Calls
Admin Interface
• Malicious Insiders
• Misconfiguration
• Routing Errors
Internal IPs
• Compromise
• Entrench
• Pivot
• Repeat
Testing
• Upload Malicious Hypervisor
• Back-Doored OS
• Ability to download and examine OS
• Transparency
• Pivot
Migration
• Most vulnerable point
• All data virtualized
• Unsupervised transfer
• Potential for tampering
Migration Done Right
• Process
• Plan
• Audit
• Verification
