Automation The insider threat you didnt know you
- Slides: 37
Automation: The insider threat you didn’t know you had Cyber Wars – Day 2 (Technical) 2018 John Gleason Dev. Ops Engineer
About ISE Perspective • White box Analysts • Hackers; Cryptographers; RE Exploits • i. Phone; Android; Ford; Exxon; Diebold Research • Routers; NAS; Healthcare Customers • Companies with high value assets
About Me ISE for 6 months Previously with Accenture I write lots of Power. Shell Spend lots of time designing, building, and maintaining cloud environments
Introduction Automation is everywhere I leveraged my experience scripting games to automate IT systems My experience comes from: Automated compliance audit tools Automated orchestration systems CI/CD systems leveraging industry standard toolchains
Goals Describe common automation patterns / problems Classify these issues Pose questions for use in audits
Development Automation GIT Subversion TFVC Source and Version control systems automate the Business Logic of maintaining source code
Source control through a telescope “Central” system tracks all changes or modifications Keeps full history of changes Allows for simultaneous edits, coordinates conflict resolution Source code copied to developer machines for edit
Secrets in Source If you don’t have ANY go get yourself some refreshment But, for the rest of us…
What’s the Threat? One compromised development machine = Credentials to production systems exposed Which credentials? 1. 2. 3. 4. Database Admin/Debug functionality Encryption JWT Secrets, etc
Questions Does the problem exist in your organization? Do you know how to fix it if it does occur? * *Each system has their own way of handling this, I have included links to official documentation in the references
IT Operations
Example Architecture Web Tier App Tier
Example Architecture Web Tier App Tier
Example Architecture Web Tier App Tier
IT Operations Automated Process 1. Identify Patch Levels Example Assumptions 1. Infrastructure in place 2. Download Patches 3. Remove from load balancer 4. Maintain Proper sequence 5. Patch and Reboot 6. Test for Success 7. Return to load balancer 2. Actions require elevated rights
Approach Web Tier App Tier
Approach
Approach ?
What’s the threat? Hard to maintain Hard to teach Application account with admin creds Sustained or Recurring Outages
Resolution? Separate Application and Admin Identities
Questions Are independent systems within the application stack running with unique credentials, which only have the necessary rights to perform that systems tasks? Are there any accounts being used to programmatically manage or manipulate multiple layers of the application stack?
Infrastructure Automation tools can cause outages… But as systems scale, tools are necessary
Example Tool Server 1 Server 3 Server 2 Server 4 Web Tier App Tier
Needs tools at scale!
Example Tool Fixed
Tenants Always commit to source control Always peer review Always test in non-production environments
Questions Are scripts and tools, as well as the processes and procedures to leverage them, maintained in a version control system? Are scripts and tools, as well as the management processes, peer reviewed and each capability tested before it is implemented and used against production systems?
Security Auditing ?
Security Auditing Application scanning tool reported source code disclosure… … of Java. Script files. Code runs on the client
What happened? Maybe a default configuration? The report wasn’t reviewed
Auditing Tools Required component of security audits Must be interpreted by a human Otherwise, potential for disillusionment that could let vulnerabilities to go unresolved
Questions Were you involved in the process of interpreting results of an application security assessment to vet and corroborate issues discovered, and were any issues and their respective resolutions documented
Wrap Up Automation systems are software too Even small scripts count Defensive coding Teams and Tools
Our Links https: //securityevaluators. com https: //iotvillage. com https: //blog. securityevaluators. com/iselabs/home Contact Me Twitter: @johnnygtech Email: jgleason@securityevaluators. com
Resources https: //arstechnica. com/information-technology/2016/04/hacking-slack-accounts -as-easy-as-searching-github/ https: //help. github. com/articles/removing-sensitive-data-from-a-repository/ https: //subversion. apache. org/faq. html#removal Proprietary Icons https: //svn. apache. org/repos/asf/subversion/svn-logos/logo. html https: //git-scm. com/images/logos/downloads/Git-Icon-1788 C. png https: //visualstudio. microsoft. com/team-services/
THANK YOU!
- Insider threat automation
- Which of the following are reportable behavioral indicators
- Potential insider threat indicators cyber awareness
- Preconditions for an insider threat
- Insider threat awareness training powerpoint
- King henry died mother didn't care much
- Didnt verb
- Remember to pay
- Didnt happen bet
- Lord byron didn't live a long life
- "know history know self"
- Dilan gorur
- Nothing formed against me shall stand
- Is the rspca a pressure group
- Aksi gorengan saham dan apa dampaknya pada pasar modal
- Avoiding insider trading training
- Insider score
- Accidental insider trading
- Insider and outsider system of corporate governance
- Insider dealing
- Kreto investment company
- Caitlin grady
- Market abuse indicators
- Outside pressure groups
- Classic insider
- Insider research ethics
- Do you know about minecraft
- Knowit it
- You're a poet and you don't know it
- When you're blue and you don't know
- How to know if youre asexual
- Do you know who you are
- Follow you wherever you may go
- I hope the days come easy
- Hình ảnh bộ gõ cơ thể búng tay
- Frameset trong html5
- Bổ thể
- Tỉ lệ cơ thể trẻ em