Can You Hear Me, Can You See My Screen?
Jesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.
Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It’s an awesome approach to detecting breaches. I’ve used something similar for years myself before I found them. Check them out. But wait, there’s more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It’s awesome. If you don’t do something like this, instead you’re likely to find out that you’ve gotten breached the very hard way. So, check it out. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You’ll know which one of those you fall into. Take a look. I’m a big fan. More to come from Thinkst Canary weeks ahead.
Jesse: It is 2021. Conference calls and remote meetings have the same decade-old problems. Connection drops, asking if anyone can hear us, asking if anyone can see our screen, even though we can clearly see the platform is in sharing mode with our window front and center. Why is this so hard? We live in the golden age of the cloud.
Shouldn’t we be easily connecting and sharing like we’re in the same room rather than across the planet? Yes we should. Sure, there have been improvements, and now we can do high-quality video, connect dozens or hundreds of people from everywhere on a webinar, and usually most of us can manage a video meeting with some screen sharing. I don’t understand how we can have Amazon Chime, WebEx, Teams, Zoom, Google Meet—or whatever it’s called this month—GoToMeeting, Adobe Connect, FaceTime, and other options, and still not have a decent way for multiple people to see and hear one another and share a document, or an application, or screen without routine problems. All of these are cloud-based solutions.
Why do they all suck? When I have to use some of these platforms, I dread the coming meeting. The worst I’ve seen is Amazon Chime—yes, that’s you, Amazon—Microsoft Teams—as always—and Adobe Connect. Oof. The rest are largely similar with more or less the same features and quality, except FaceTime, which is still only a personal use platform and not so great for conferences for work. I just want one of these to not suck so much.
Meanwhile in the news. How to Make Your Next Third-Party Risk Conversation Less Awkward. You know that moment. Someone asks a question at the networking event. The deafening silence while you stare at the floor trying to find a way to get out of embarrassing yourself. Do your future self a favor and do some work before this happens again. You’ll feel better and you’ll have better visibility while improving your security posture.
5 Vexing Cloud Security Issues. Unlike the tips and best practices list, this one is a ‘don’t be stupid’ type list. Some of these are foundational basic security steps. Watch out for the zombies.
Attackers Increasingly Target Linux in the Cloud. Linux is the most common cloud-hosted OS. It shouldn’t be surprising that it’s the most common platform to attack, as well. Secure and monitor your cloud hosts closely. This is also a good reason to consider pushing toward a dynamic services model without traditional operating system footprints.
Top 5 Best Practices for Cloud Security. Oh, yay. Another top number list for newbs. We all need reminding of the basics of best practices, especially as they evolve. Are you doing these five things? Why not?
Announcer: Have you implemented industry best practices for securely accessing SSH servers, databases, or Kubernetes? It takes time and expertise to set up. Teleport makes it easy. It is an identity-aware access proxy that brings automatically expiring credentials for everything you need, including role-based access controls, access requests, and the audit log. It helps prevent data exfiltration and helps implement PCI and FedRAMP compliance. And best of all, teleport is open-source and a pleasure to use. Download teleport at goteleport.com. That’s goteleport.com.
Jesse: Zix Releases 2021 Mid-Year Global Threat Report. I suggest looking at the whole report, however, know attackers are using email, SMS and text messages, and customizing phishing more than ever before. Your people are going to see more social engineering attacks, so be sure everyone understands the basics of what types of things not to say on the phone and the usual about not following URLs in messages and emails.
The big three innovations transforming cloud security. CASB, SASE, and CSPM—pronounced ‘cazzbee’ ‘sassy’ and, well, nothing fancy for CSPM that rolls off the tongue, so just use the letters—are your new friends. With the three of these used for your cloud environment, you’ll have better visibility and control of your risk profile and security posture.
The Benefits of a Cloud Security Posture Assessment. Okay, so we’ve covered CSPM some, but you need a CSPA before you implement your CSPM. I tried to use more acronyms but I ran out of energy. Seriously, an assessment of your risks and security posture are invaluable. Without it, you may be missing vital areas that leave you exposed.
How to Maintain Accountability in a Hybrid Environment. If you support delivery of services to mobile apps, you should consider the security of the client end as relates to your application. You could get caught by some nasty surprises, no matter how secure your server environment appears to be.
6 Cloud Security Must-Haves–with Help from CSPM, CWPP or CNAPP. Gartner loves making up—I mean defining, new markets so they can invent new acronyms and sell us yet another Magic Quadrant subscription. Sadly, it’s the lens through which we must view the industry because media and vendors rely too much on Gartner Magic Quadrants.
The hybrid-cloud security road map. Migrating some or all of our services to the cloud can feel like scaling an inverted cliff with butter on our hands, but it’s easier than you think. Sometimes we just need some gentle guidance on an approach that might work for us.
How Biden’s Cloud Security Executive Order Stacks Up to Industry Expectations. US President Biden’s Executive Order number 14028, “Executive Order on Improving the Nation’s Cybersecurity” is surprisingly relevant to the real problems we face in cybersecurity every day. If you don’t have time or energy to read the entirety of the 24-page document, you should understand the impact of it. Hint: it’s a good thing for security.
Cloud Security: Adopting a Structured Approach. Sure, the basics are largely the same as security in non-cloud environments. However, there are new ways to implement much of these security measures, and if you aren’t careful, you will miss all the new ways you must protect your resources and services that either change or are wholly new in the cloud.
The Overlooked Security Risks of the Cloud. It’s easy to think moving things to the cloud offloads work and lowers our risk profiles. Don’t forget there are tradeoffs. We have to do more and different security things to ensure our services, data, and users are protected.
And now for the Tip of the Week. Lock down your AMIs. If you have Amazon Machine Images—or AMIs—be sure they aren’t available to other people. Even if these don’t have your proprietary information in them, they do disclose your foundational EC2 image, so attackers can more easily tailor their approach to get into your real infrastructure. Ensure your AMI permissions are restrictive so the public can’t touch them.
Go to your AWS Console, EC2, and then AMIs. Select your AMIs, and then Actions, Modify Image Permissions, and then add your accounts. And that it for the week, folks. Securely yours, Jesse Trucks.
Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.
Announcer: This has been a HumblePod production. Stay humble.
Join the newsletter
Cloud Security For Humans
Meanwhile in Security is a production of The Duckbill Group. Check out our other publications, Last Week in AWS, Screaming in the Cloud, and AWS Morning Brief.
© The Duckbill Group, 2021