implementing security and incident response with the elb
play

Implementing Security and Incident Response with the ELB Miguel - PowerPoint PPT Presentation

Sep 03, 2023 •318 likes •666 views

Implementing Security and Incident Response with the ELB Miguel Zenon Nicanor L. Saavedra SECURITY ENGINEER github.com/zzenonn linkedin.com/in/zzenonn t h s Module Define Elastic Load Balancing Overview Understand different ELB security

  1. Implementing Security and Incident Response with the ELB Miguel Zenon Nicanor L. Saavedra SECURITY ENGINEER github.com/zzenonn linkedin.com/in/zzenonn

  2. t h s Module Define Elastic Load Balancing Overview Understand different ELB security features Understand how to use auto-scaling groups for DDoS protection Demonstrate incident response techniques behind a load balancer

  3. Load Balancers

  4. Distributes incoming traffic across instances Performs health checks on instances Scales without disrupting overall flow of requests

  5. Security Benefits of an ELB Single point of contact and first line of defense Authentication management End-to-end encryption using TLS for HTTPS

  6. Types of Load Balancers Network Load Application Load Classic Load Balancer Balancer Balancer

  7. Types of Load Balancers Network Load Application Load Balancer Balancer

  8. Application vs. Network Load Balancer Advanced load balancing of HTTP and Load balancing of TCP, TLS, and HTTPS traffic UDP traffic Operates at the request level Operates at the network level (Layer 7) (Layer 4)

  9. Comparison of Load Balancers VS VS. Ne Netw twork k Load ad Bal alan ancer Ap Applicati tion Load ad Bal alan ancer Application Presentation Transport Network Session • Operates at Layer 4 • Operates at Layer 7 • Load balancing of TCP packets • Routes traffic based on content of the requests • For high-performance applications • Provides user authentication • Integrates with AWS Shield Advanced • Integrates with AWS Certificate Manager, AWS WAF, and AWS Shield Advanced

  10. Public vs. Private ELB Availability Zone Av Av Availability Zone Pu Public subnet 1 2 Inbound Rule Allow TCP Port 443 Webtier EL We ELB B Security ty Group Source: 0.0.0.0/0 (Any) Private subnet Pr Av Availability Zone Av Availability Zone 1 2 Inbound Rule Allow TCP Port 80 We Webtier Se Securit ity Group Source: Webtier ELB Security Group Inbound Rule Allow TCP Port 8088 Ap Apptier EL ELB B Security ty Group Source: Webtier Security Group Inbound Rule Allow TCP Port 8088 Ap Apptier Se Securit ity Group Source: Apptier ELB Security Group Inbound Rule Allow TCP Port 3306 Da Datatier Se Securit ity Group Source: Apptier Security Group

  11. ELB TLS Options TLS Termination TLS Termination & Renegotiate HTTPS HTTPS HTTPS HTTPS EC2 EC2 Encrypted Encrypted Unencrypted Encrypted Security Group Security Group Elastic Load Balancing Elastic Load (Terminate TLS & Re-negotiate) Balancing TLS Pass Through EC2 Encrypted Encrypted Security Group Elastic Load Balancing (no termination)

  12. Globomantics’ Needs

  13. ALB: Path-based Routing Availability Availability Zone A Zone B globomantics.com Profile Pr Profile Pr /profile /msgs Ms Msgs Ms Msgs Application Load /posts Po Posts Po Posts Balancer

  14. What about authentication?

  15. ALB: Authentication Target Application Application Load Balancer HTTPS Listener 1. Unauthenticated request Action Action 2. Redirect to Open ID Provider Authenticate- Forward oidc 4. Authenticated Session Identity Headers 3. Authenticate User OpenID Provider

  16. Globomantics’ Needs

  17. NLB: UDP and Static IP VOIP VO 5600/UDP 5600/UDP VOIP VO 5 6 0 0 / U D P VO VOIP

  18. Summary of Load Balancers Classic Application Network Load Balancer Load Balancer Load Balancer Protocols HTTP, HTTPS TCP, UDP, TLS TCP, TLS/SSL, HTTP, HTTPS Platforms VPC VPC EC2-Classic, VPC Logging Health checks TLS offloading Path-based routing Static/elastic IPs User authentication

  19. Mitigating DDoS Attacks

  20. Denial of Service Attack An explicit attempt by an attacker to prevent legitimate use of a service

  21. Distributed Denial of Service Many machines performing DoS actions

  22. Distributed Denial of Service La Layer 3 & 4 Attacks La Layer 7 7 Attacks Application Presentation Network Transport Session • UDP Reflection • HTTP Flood • Slow loris • SYN Flood • ICMP Flood

  23. s h s Minimize the attack surface DDoS Mitigation Safeguard exposed resources Strategies Be ready to scale and absorb the attack

  24. Sample Architecture Security Groups VPC Availability Zone B NAT Public subnet Private subnet Protected subnet Gateway RDS Standby App Servers Web Servers DB instance 172.16.0.0 172.16.1.0 Internet 172.16.2.0 Gateway Routers and Availability Zone A route tables NAT Gateway Web Servers App Servers RDS Master DB instance ELB Public subnet Private subnet Protected subnet Subnets

  25. Sample Architecture Security Groups VPC Availability Zone B NAT Public subnet Private subnet Protected subnet Gateway RDS Standby App Servers Web Servers DB instance 172.16.0.0 172.16.1.0 Internet 172.16.2.0 Gateway Routers and Availability Zone A route tables NAT Gateway Web Servers App Servers RDS Master DB instance ELB Public subnet Private subnet Protected subnet Subnets

  26. Sample Architecture Security Groups Auto Scaling Auto Scaling VPC Availability Zone B NAT Public subnet Private subnet Protected subnet Gateway RDS Standby App Servers Web Servers DB instance 172.16.0.0 172.16.1.0 Internet 172.16.2.0 Gateway Routers and Availability Zone A route tables NAT Gateway Web Servers App Servers RDS Master DB instance ELB Public subnet Private subnet Protected subnet Subnets

  27. “Isn’t scaling expensive?”

  28. AWS DDoS Mitigation AWS Shield AWS Shield Advanced

  29. AWS DDoS Mitigation Always on (Free) All Shield features Automatic Layer 3 and 4 Protection ELB+EC2 Protection Integrates with Cloudfront Cost Protection 24/7 Response Team Comes with free WAF

  30. Responding to Incidents

  31. Incident and Globomantics Customer Hacker Engineer

  32. t h s Respond to an incident on an Demo EC2 instance Document an instance for quarantine using tags Isolate an incident for further investigation All using the CLI

  33. t h s Summary Load balancers - Security features - Design patterns DDoS Protection Instance isolation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response Investing in new talent & capabilities Incident response Cyber intelligence Digital forensics Security architecture Identity management

609 views • 42 slides
Incident Response & Evidence Incident Response & Evidence Incident Response &

Incident Response & Evidence Incident Response & Evidence Incident Response &

Incident Response & Evidence Incident Response & Evidence Incident Response & Evidence Incident Response & Evidence Management Management Management Management CIPS Brandon Chapter November 28 2002 Dr. Marc Rogers PhD,

629 views • 27 slides
Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security

Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security

Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security Engineer/Incident Responder Open source contributor (github.com/javuto) Former IBM, Facebook, Uber and Airbnb Current BitMEX Agenda Part 1:

981 views • 59 slides
Incident Response and Forensics in your Pyjamas When security incidents happen, you often have to

Incident Response and Forensics in your Pyjamas When security incidents happen, you often have to

Incident Response and Forensics in your Pyjamas When security incidents happen, you often have to respond in a hurry to gather forensic data from the resources that were involved. You might need to grab a bunch of hard drives and physically visit

558 views • 28 slides
2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Theodore J. Kobus, III Casie D. Collignon Leader, Privacy and Data Protection Practice

448 views • 23 slides
Cyber security technology consulting, incident response and applied research company with a

Cyber security technology consulting, incident response and applied research company with a

Cyber security technology consulting, incident response and applied research company with a focus on services for specialized public service providers, finance industry and corporations with high data sensitivity. NRDCS.L T TIMETABLE FOR

612 views • 12 slides
TBD Challenges for Digital Forensics and Incident Response on Virtualization and Cloud Computing

TBD Challenges for Digital Forensics and Incident Response on Virtualization and Cloud Computing

TBD Challenges for Digital Forensics and Incident Response on Virtualization and Cloud Computing Platforms Introduction Christopher Day, Chief Security Architect, Terremark Responsible for Terremarks global information security services

332 views • 30 slides
Implementing Security Control Loops in Security Autonomous Response Networks Hristo Dimitrov SNE

Implementing Security Control Loops in Security Autonomous Response Networks Hristo Dimitrov SNE

Introduction Research Questions Proof of Concept Results Conclusions Questions? Implementing Security Control Loops in Security Autonomous Response Networks Hristo Dimitrov SNE University of Amsterdam & TNO Supervisors: Marc X. Makkes

408 views • 25 slides
Incident Response: Goals of Incident Management Steps to Preparation Risk Assessment

Incident Response: Goals of Incident Management Steps to Preparation Risk Assessment

6/19/2015 Incidents Are Not Necessarily Emergencies Incident Laboratory Incidences and An event thats likely to have adverse consequences Emergency Response Programs Emergency Unanticipated circumstances resulting in

564 views • 5 slides
Effective Incident Response Security Orchestration and Automation (SOAR) Miguel Carrero Tammy

Effective Incident Response Security Orchestration and Automation (SOAR) Miguel Carrero Tammy

Effective Incident Response Security Orchestration and Automation (SOAR) Miguel Carrero Tammy Tolbert MicroFocus ArcSight and Siemplify Addressing the needs of SOCs, including: Relieving resource constraints by automating

476 views • 19 slides
Introduction to Incident Response Renana Friedlich, National Incident Response Leader March 2016

Introduction to Incident Response Renana Friedlich, National Incident Response Leader March 2016

Introduction to Incident Response Renana Friedlich, National Incident Response Leader March 2016 Agenda Evaluation of Cybersecurity risks The attackers playbook Case study What can you do today Page 2 Evaluation of

622 views • 12 slides
Implementing the IODEF at the CERT/CC Roman Danyliw <rdd@cert.org> INCH IETF 55

Implementing the IODEF at the CERT/CC Roman Danyliw <rdd@cert.org> INCH IETF 55

Implementing the IODEF at the CERT/CC Roman Danyliw <rdd@cert.org> INCH IETF 55 Incident Reporting Forms CERT Coordination Center (CERT/CC) Federal Computer Incident Response Capability (FedCIRC) National

437 views • 9 slides
BIRT BIRT Liaisons Incident Response Incident Follow-Up Q&A 1 2 PURPOSE OF

BIRT BIRT Liaisons Incident Response Incident Follow-Up Q&A 1 2 PURPOSE OF

5/20/2014 COURSE OUTLINE Purpose Building Incident Response Team Expectations BIRT BIRT Liaisons Incident Response Incident Follow-Up Q&A 1 2 PURPOSE OF BIRT PURPOSE OF BIRT Prepare units to respond to a

342 views • 4 slides
and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR

and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR

SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR SECURITY Presenter Brian Draper, DHS NCCIC HIRT Slides and recording will be posted by

429 views • 18 slides
Logs in Incident Response Mitigating Risk. Automating Compliance. 1 LogLogic Confidential

Logs in Incident Response Mitigating Risk. Automating Compliance. 1 LogLogic Confidential

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA Director of Security Research LogLogic anton@loglogic.com Logs in Incident Response Mitigating Risk. Automating Compliance. 1 LogLogic Confidential Tuesday, June 27, 2006 Outline - I Incident

939 views • 78 slides
Incident Response and Information Sharing A Practical Approach Rapha el Vinot - TLP:GREEN May

Incident Response and Information Sharing A Practical Approach Rapha el Vinot - TLP:GREEN May

Incident Response and Information Sharing A Practical Approach Rapha el Vinot - TLP:GREEN May 22, 2015 The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response

407 views • 13 slides
Silicon Heterojunction Solar Cells Screen-printing: PECVD: intrinsic Ag front electrode PECVD: p

Silicon Heterojunction Solar Cells Screen-printing: PECVD: intrinsic Ag front electrode PECVD: p

W INDOW L AYERS FOR S ILICON H ETEROJUNCTION S OLAR C ELLS : Properties and Impact on Device Performance Johannes P. Seif UNSW, Sydney / SPREE Seminar 01.05.2019 Silicon Heterojunction Solar Cells Screen-printing: PECVD: intrinsic Ag front

858 views • 42 slides
Iterative Multi-document Neural Attention for Multiple Answer Prediction URANIA Workshop Genova

Iterative Multi-document Neural Attention for Multiple Answer Prediction URANIA Workshop Genova

Iterative Multi-document Neural Attention for Multiple Answer Prediction URANIA Workshop Genova (Italy), November, 28th, 2016 Claudio Greco, Alessandro Suglia, Pierpaolo Basile, Gaetano Rossiello and Giovanni Semeraro Work supported by the IBM

737 views • 32 slides
Event Detection from Video using Answer Set Programming Authors: Abdullah khan, Luciano Serafini,

Event Detection from Video using Answer Set Programming Authors: Abdullah khan, Luciano Serafini,

Event Detection from Video using Answer Set Programming Authors: Abdullah khan, Luciano Serafini, Loris Bozzato, Beatrice Lazzerini 1 Outline Objective Recognition of complex events from a simple events in videos. Methodology Object

483 views • 21 slides
Identity inference: generalizing person re-identification scenarios Svebor Karaman Andrew D.

Identity inference: generalizing person re-identification scenarios Svebor Karaman Andrew D.

Identity inference: generalizing person re-identification scenarios Svebor Karaman Andrew D. Bagdanov MICC - Media Integration and Communication Center University of Florence svebor.karaman@unifi.it, bagdanov@dsi.unifi.it 1st International

643 views • 29 slides
ApplyingTaintAnalysisandTheorem ProvingtoExploitDevelopment

ApplyingTaintAnalysisandTheorem ProvingtoExploitDevelopment

ApplyingTaintAnalysisandTheorem ProvingtoExploitDevelopment SeanHeelan,ImmunityInc. RECON2010 Me SecurityResearcherwithImmunityInc

1.33k views • 87 slides
The Purge Threat : Scien*sts thoughts on peta-scale

The Purge Threat : Scien*sts thoughts on peta-scale

The Purge Threat : Scien*sts thoughts on peta-scale usability Alexandra Holloway <fire@soe.ucsc.edu> Storage Systems Research Center + Assis*ve Technology

716 views • 32 slides
Estimating and Visualizing Language Similarities Using Weighted Alignment and Force-Directed

Estimating and Visualizing Language Similarities Using Weighted Alignment and Force-Directed

Estimating and Visualizing Language Similarities Using Weighted Alignment and Force-Directed Graph Layout Gerhard J ager April 24, 2012, Avignon joint work with Armin Buch, David Erschler & Andrei Lupas Gerhard J ager (T ubingen)

676 views • 28 slides
Cork Spirit of Freedom - Boys from the County Cork

Cork Spirit of Freedom - Boys from the County Cork

Source images - internet Cork Spirit of Freedom - Boys from the County Cork

944 views • 56 slides

More recommend