Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Defending Cloud Infrastructure with Cloud Security Suite

Jayesh Singh Chauhan

0 vote(s)

Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the major organizations have entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern.

While AWS, GCP & Azure provide you protection with traditional security methodologies and have a neat structure for authorization/configuration, their security is as robust as the person in-charge of creating/assigning these configuration policies. As we all know, human error is inevitable and any such human mistake could lead to catastrophic damage to the environment.

Few vulnerable scenarios:

- Your security groups/policies, password policy or IAM policies are not configured properly
- S3 buckets and Azure blobs are world-readable
- Web servers supporting vulnerable ssl ciphers
- Ports exposed to public with vulnerable services running on them
- If root credentials are used
- Logging or MFA is disabled

And many more such scenarios...

Knowing all this, audit of cloud infrastructure becomes a hectic task! There are a few open source tools which help in cloud auditing but none of them have an exhaustive checklist. Also, collecting, setting up all the tools and looking at different result sets is a painful task. Moreover, while maintaining big infrastructures, system audit of server instances is a major task as well.

CS Suite is a one stop tool for auditing the security posture of the AWS/GCP/Azure infrastructures and does OS audits as well. CS Suite leverages current open source tools capabilities and has custom checks added into one tool to rule them all.

Cloud Security Suite is an open source which adheres to GPL V3 (GNU General Public License v3.0).

The major features include:

- Simple installation with support of python virtual environment and docker containers
- GCP Infra Audit
- Initiate all tools/audit checks in one go
- AWS Infra Audit:

Easify your “open source setup” pain.
Compilation of all audit checks in one place
Centralised portable reports
Audits individual systems

- AWS Instance Audit
IP based auditing
Region independent Audit (Public IP)
Supports both public and private IPs for Default region
Automatic Report Generation and Fetching
Portable HTML report

- JSON output
- Integration of AWS Trusted Advisor
- Azure Infra Audit
- Azure IP based Auditing
- Report generation of the Diff between the current and last scan

The talk is going to be a demo based talk where exploitation of vulnerable cloud infrastructure will be shown and how they can be proactively mitigated using the Cloud Security Suite(Co-author).

===

Jayesh Singh Chauhan is a security professional with more than 6 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored CS-Suite, OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat Asia 2018, BlackHat EU 2017, c0c0n 2017, 2015, 2013, GES 2014 and Ground Zero 2015. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.