[Cloud Architect] 12. Defensive Security in the Cloud
Overview
In this lesson, we will explore methodologies to incorporate defensive security when designing a cloud architecture.
We will identify tools and methods to help safeguard applications and data in the cloud at the various stages of an application's life cycle.
We will also look at an example deployment pipeline that incorporates these common security practices.
By the end of the lesson you will have a better understanding of:
- How to identify misconfigurations that can lead to vulnerabilities
- How to identify and guard against malicious activity
- How to design a deployment pipeline that ensures that security practices are implemented early on.
Common Threat Vectors
Before we delve into tools and techniques, let's first get a better feel for the common threat vectors that affect cloud environments.
External Threats
Let us look at the attack surface of a cloud environment from the perspective of an actor who is on the internet and does not have access to the private network space of our cloud environment.
Public Facing Web Applications
Attackers will attempt to exploit application related vulnerabilities such as those found in the OWASP top 10.
Cloud architects and engineers designing cloud environments need to ensure that any external web applications are defended appropriately. Teams should also perform security and penetration testing on applications to reduce risks prior to deployment.
Public Facing Server Infrastructure
Aside from web applications, any other server infrastructure such as bastion hosts, databases, etc are prime targets for attackers. Any resources, such as these, need to have additional hardening and isolation from other internal resources that host sensitive data. At a high level, the use of these types of resources and exposing them to the internet should be avoided, limited, and restricted.
The AWS API and Console
Due to the inherent nature of the public cloud being public, access to the AWS API for managing cloud services is public facing. If this access is compromised, an attacker could gain control of your environment and start managing your resources from anywhere!
Public Facing Infrastructure and the AWS API are Both Common Targets of Internet-Based Attackers
Internal Threats
Although it is important to defend our external public facing perimeter, it is equally important to assume those same threats can potentially exist within the private network. Internal attackers may also have gained access to instances and hosts running in the cloud and will attempt to install and run malware or access data on cloud instances.
The threat is compounded if an attacker or a piece of malicious software has gained network access to other private networks that are connected to your cloud environment. To prevent this, it is critical that cloud hosts are hardened and set up to restrict access even if they are not public facing.
The AWS API can also become a target if attackers gain access to internal code repositories that mistakenly hold API keys and other secrets.
Identifying Threats and Vulnerabilities
The goal of this entire course is to design cloud architectures so that the likelihood of any of these types of attacks, both external and internal, are reduced or eliminated.
In previous lessons we looked at how to implement best practices around securing cloud networks, access to the API, and storing our data securely. In this lesson, we want to take that a step further so that we can identify vulnerabilities and identify and block suspicious behaviour.
Checking Infrastructure as Code for Vulnerabilities
With any software that is developed, the cost to remediate and the impact of finding defects is much lower when identified earlier in the life cycle rather than later.
This also applies to code that defines cloud infrastructure or infrastructure as code. Infrastructure as code should be tested prior to deployment to ensure that it will do what it is intended to do and to ensure that any potentially insecure configurations are identified early on.
Static Code Analysis for Infrastructure as Code
Static code analysis for finding application security vulnerabilities is not a new concept. However, this concept also applies to code that defines cloud infrastructure or infrastructure as code. Infrastructure as code should be tested prior to deployment to ensure that it will do what it is intended to do and to also ensure that any potentially insecure configurations are identified early on.
These insecure configurations should be treated as vulnerabilities and dealt with as such. Many times organizations will check these configurations post deployment, however it is important to add this check during the development phase to ensure that vulnerabilities are investigated and remediated.
Open Source Resources
There are many open source projects which allow you to construct security policies and then check terraform or cloudformation template code for any security related configurations which are out of compliance with your security requirements as defined in the policies.
CloudFormation
Terraform
Terraform is much more widely used infrastructure as code language, so there are more options including:
In addition to open source options, many of the major commercial cloud security products offer infrastructure as code scanning as part of their product platform including prisma cloud, cloud conformity, fugue, terraform cloud etc.
Additional Considerations
When implementing infrastructure as code scanning in your DevOps pipeline there are a few additional considerations to keep in mind.
Scan Configuration Management Code and DockerFiles
Scanning Code for OS / VM / Docker images in addition to Cloud or AWS Configuration Docker files, Ansible, Puppet, Chef, etc should ensure that configurations are in-line with security standards that have been established by the organization.
Scan on Code Check-in or Prior to Deployment
This depends on the tool selected, such as, during a terraform plan. If security related violations are found, your process should be set up to notify the appropriate parties and halt the pipeline from progressing.