sapna singh @sapnas1ngh - sans.org · § google dork § brute-force § permutation § s3 acls § s3...
TRANSCRIPT
![Page 1: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/1.jpg)
Attacking & Defending AWS S3 Bucket
Sapna Singh@Sapnas1ngh
![Page 2: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/2.jpg)
2
Agenda
1. Introduction
2. Shared Responsibility Model
3. About AWS S3
4. S3 Breaches & Reasons
5. S3 Customer Responsibility
6. S3 Access Control Mechanism
7. S3 Attack Scenario
8. S3 Security Best Practices
9. S3 Monitoring & Logging
![Page 3: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/3.jpg)
3
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
Who is really responsible for cloud security??
Major Cloud Security Providers• Amazon Web Services• Microsoft Azure• Google Cloud• IBM Cloud• Oracle Cloud
S3 Attack Scenario
S3 Security Best Practices
Service Models in Cloud• Infrastructure as a service (IaaS)• Platform as a service (PaaS)• Software as a service (SaaS)
![Page 4: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/4.jpg)
4
Moving to the cloud does NOT make YOU secure by default
Customer benefits from the Cloud vendors Security and Compliance efforts
There are several areas where security is the customer’s responsibility
Identity and Access Management is almost always the customer’s responsibility
Shared Responsibility Model
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 5: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/5.jpg)
5
AWS Shared Responsibility Model
AWS Global Infrastructure (Regions, Availability Zones, Edge Locations)
Compute Storage Database Networking
Encryption/Network Traffic Monitoring
Platform/Application/Identity & Access Management
Operating Systems/Network/Firewall Configuration
Customer Data
CustomerResponsible for security IN the
cloud
AWSResponsible for security
OF the cloud
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 6: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/6.jpg)
6
Amazon Simple Storage Service
• Simple Storage Service
• Cost effective object storage
• Highly scalable, reliable, durable and fast
• Security compliance and audit Bucket with objects
Bucket Object
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 7: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/7.jpg)
7
AWS S3 Security Breaches
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 8: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/8.jpg)
8
Reasons for AWS S3 Breaches
Misconfiguration Too many APIs
No Data classificationLack of Governance
Human error
Introduction
About AWS S3S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack ScenarioS3 Security Best Practices
Third Party Integration
![Page 9: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/9.jpg)
9
AWS S3 Customer Responsibilities
What data to storeHow to store it
Whether or not to encrypt data
Who has access to data
What security features/tools to be used
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 10: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/10.jpg)
10
S3 Access Control Mechanism
• Identity and Access Management (IAM)
• S3 Bucket Policy
• S3 Access Control List (ACL)
• Pre-signed url
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 11: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/11.jpg)
11
Identity and Access Management (IAM)
Role AWS Services
User Group Permission
User
Group
• Centralized and powerful tool for authentication and authorization
• Attached to users, groups or roles• IAM policies specify what actions are
allowed or denied on what AWS resources
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 12: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/12.jpg)
12
S3 Bucket Policies
• Bucket Policies are attached to S3 bucket
• Bucket Owner controls the S3 bucket policies
• Access control remains within S3 environment
• Primarily used for Data sharing or web based access
{ "Version": "2012-10-17", "Id":
"Policy1542652449582", "Statement":[
{ "Sid":
"Stmt1542652447726", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject",
"Resource":"arn:aws:s3:::myfirstpublickbucketfortest/*"
} ]
}
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 13: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/13.jpg)
13
S3 Access Control List
• ACL is legacy control• ACLs are applied to bucket or
object level• ACLS grant access (cant explicit
deny)• More fine-grained then bucket
policy
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 14: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/14.jpg)
14
Attack Scenario: AWS S3 Bucket
Recon
Scanning
Exploitation
§ HTML inspection§ HTTP response§ Google dork§ Brute-force§ Permutation
§ S3 ACLs§ S3 Bucket policies§ S3 IAM
§ List§ Read§ Upload§ Download§ Delete
S3 ACLS§ READ§ Write§ READ_ACP§ Write_ACP§ FULL_control
S3 Bucket Policies§ s3:DeleteObject§ s3:GetObject§ s3:GetObjectAcl§ s3:PutObject§ s3:PutObjectAcl§ s3:CreateBucket§ s3:DeleteBucket§ s3:ListBucket§ s3:GetBucketAcl§ s3:DeleteBucketPolicy
IAM§ IAM users/groups§ Pre-signed urls
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
ExploitationScanning
![Page 15: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/15.jpg)
15
S3Scanner
Target bucket name, domain name, S3 urls, bucket:region Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 16: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/16.jpg)
16
S3Scanner
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 17: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/17.jpg)
17
AWS-CLI
High Level command with AWS CLI API Level commands with AWS CLI
§ cp§ ls§ mb§ mv§ presign§ rb§ rm§ sync§ website
§ copy-object§ create-bucket§ create-multipart-upload§ delete-bucket§ delete-bucket-analytics-configuration§ delete-bucket-encryption§ delete-bucket-lifecycle§ delete-bucket-policy§ delete-bucket-replication§ delete-bucket-website§ delete-object§ delete-objects§ delete-public-access-block§ get-bucket-acl§ get-bucket-website§ get-object§ get-object-acl
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 18: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/18.jpg)
18
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 19: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/19.jpg)
19
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 20: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/20.jpg)
20
• Least Privilege
• IAM
• Bucket Policy
• Bucket ACL
• Pre-signed url
• Amazon S3 Public Block
• Encryption
• Replication
S3 Security Best Practices
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 21: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/21.jpg)
21
Amazon S3 Block Public Access
• Amazon S3 Block Public access ensures S3 buckets and objects do not have public access.
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 22: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/22.jpg)
22
Bucket Permissions
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 23: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/23.jpg)
23
Bucket Permissions
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 24: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/24.jpg)
24
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 25: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/25.jpg)
25
Bucket Permissions
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 26: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/26.jpg)
26
Bucket Access Status
•Everyone has access to one or more of the following: List objects, Write objects, Read and write permissions.Public
•The bucket is not public, but anyone with the appropriate permissions can grant public access to objects.Objects can be public
•The bucket and objects do not have any public access.Buckets and objects not public
•Access is isolated to IAM users and roles in this account and AWS service principals because there is a policy that grants public access.
Only authorized users of this account
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 27: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/27.jpg)
27
Use Server-Side Encryption• Amazon S3-Managed Keys (SSE-S3)
• AWS KMS-Managed Keys (SSE-KMS)
• Customer-Provided Keys (SSE-C)
Use Client-Side Encryption• Use an AWS KMS-managed customer master key
• Use a client-side master key
Default Encryption• AES-256
• AWS-KMS
Encryption
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 28: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/28.jpg)
28
• Secure business critical data
• Comply with compliance requirements
• CRR overwrites the access control list
• Provide full access to the owner of the replica
• Maintain object copies under different ownership
• Segregation of rights between the original copy and the replica
Cross Region ReplicationIntroduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 29: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/29.jpg)
29
What Else?
• Review open buckets regularly• Use S3 inventory• Enable MFA delete• Enable bucket versioning• Enable bucket logging
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 30: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/30.jpg)
30
Monitoring & Logging
• Log all API calls for S3 bucket
• Log all configuration changes
• Monitor all changes to S3 policy changes
• Track all application accessing S3
• Set up incident use cases for S3 bucket
• Monitor malicious behavior
• Event-driven security
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 31: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/31.jpg)
31
Cloud Watch
AWS MacieTrusted Advisor
Guard DutyCloud Trail
Cloud Config
Monitoring and Logging
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 32: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/32.jpg)
32
SDK
AWS Console Management
AWS CLI
AWS Cloud Trail
S3 Cloud Trail
AWS CloudTrail increases visibility into user and resource activity by recording AWS Management Console actions and API calls
SIEM
S3 Bucket
Cloud Watch
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 33: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/33.jpg)
33
AWS Guard Duty
VPC
Cloud Trail
Route 53
Guard Duty Cloud Watch Lamda Function
WAF
NACL
SNS
Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help protect AWS accounts and workloads
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 34: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/34.jpg)
34
AWS Trusted Advisor
AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories:
§ IAM Use§ Amazon S3 Bucket
Permissions§ MFA on Root Account§ Amazon EBS Public
Snapshots§ Amazon RDS Public
Snapshots§ Security Groups-Specific
Ports Unrestricted
Cost Optimization Performance Security
Fault Tolerance Service Limits
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 35: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/35.jpg)
35
AWS Trusted Advisor Report for AWS S3
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 36: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/36.jpg)
36
AWS Macie
Macie analyzes and processes data stored in Amazon S3 buckets.
§ Analyze and Process data in S3 bucket
§ Classify sensitive and business-critical data stored
§ Uses ability of CloudTrail for capturing API activity for S3 object
§ Continuous monitor and discover new data
S3 Bucket AWS Macie Review alerts on Dashboard
Introduction
About AWS S3
S3 Breaches and Reasons
S3 Access Control Mechanism
Monitoring and logging for S3
Shared Responsibility Model
Queries
S3 Customer Responsibility
Agenda
S3 Attack Scenario
S3 Security Best Practices
![Page 37: Sapna Singh @Sapnas1ngh - sans.org · § Google dork § Brute-force § Permutation § S3 ACLs § S3 Bucket policies § S3 IAM § List § Read § Upload § Download § Delete S3 ACLS](https://reader030.vdocuments.us/reader030/viewer/2022041220/5e09c3b2763bdc6041429929/html5/thumbnails/37.jpg)
Q&A !!