AWS security issues show up in tech news fairly often. Today, we talk with someone who wrote about AWS services other than S3 that were found exposed to the public. Could that be some of your services?
Could be. The numbers are pretty impressive. Stay tuned, and find out how to determine whether or not your EBS snapshots, RDS snapshots, AMIs, or ElasticSearch clusters are accidentally public.
Our guest is Scott Piper, an AWS security consultant for Summit Route. You can follow him on Twitter at @0xdabbad00.
We start by exploring the types of AWS resources that can be unintentionally exposed to the public Internet, how to find them, and how to lock them down.
Then we talk about general practices such as vulnerability scanning, how to minimize human error when configuring AWS services, and drill into options such as CloudMapper and Security Monkey, open-source tools to help administrators find and control AWS resources.
Show Links:
Scott Piper on Twitter
Scott Piper’s blog – Duo.com
Scott Piper on GitHub – GitHub
Beyond S3: Exposed Resources on AWS – Duo.com
flAWS Challenge
CloudMapper – GitHub
CloudTracker – GitHub
Netflix Security Monkey – GitHub
Datanauts 086: AWS Identity & Access Management Policies – Packet Pushers
Datanauts 106: Controlling AWS Costs – Packet Pushers
.png)
More
Religion & Spirituality
Education
Arts and Design
Health
Fashion & Beauty
Government & Organizations
Kids & family
Music
News & Politics
Science & Medicine
Society & Culture
Sports & Recreation
TV & Film
Technology
Philosophy
Storytelling
Horror and Paranomal
True Crime
Leisure
Travel
Fiction
Crypto
Marketing
History
Comedy
Arts
Games & Hobbies
Business
Motivation
