Security in a shared infrastructure

Download Report

Transcript Security in a shared infrastructure 

Security in a shared
infrastructure
Björn Brolin
What’s the security policy
• What is Your assets?
• The unique information and function of Your IT-services
• Who is in control of those assets?
• Some companies don’t even have a single employee left
• Do You have a security policy?
• Most have but…
• Does it really apply to the people in control of Your assets
What’s the security policy
• We’re good, we have a written agreement that the
partner will follow our security policy
• Lets say the partner have more than a hundred customers.
Is it even realistic to assume they can comply with
everyones policy
• We’re good, we use cloud services
• No security policy required?
Access entanglement
Customer
2
Customer
1
Customer
3
Partner
Access entanglement
• Information leakage
• RDP mapped devices
• Shared management of IT-resources
• Shared access to backend infrastructure
• Unauthorized access
• RDP mapped devices again
Access entanglement
• Weak security settings
• Skipping certificate validation
• Difficult to solve what CA:s to trust
• Jumphosts can make a huge difference
• But will also lead to a more complex administration
Azure web hosting plan modes
under the hood
• The new portal allows for shell command execution
• Specifically stated that privileged commands are
limited
• Difficult to screen filter every command with
potential security implications
• Virtual Machine is close to identical regardless of
hosting plan
Just enough administration, Just in
time
• JEA: Package certain administrative tasks and restrict
its use
• JIT: Admin rights are available only at certain times.
Just enough administration
LSA protection and identity theft
• Lslsass revisited
• Terminal session connect using /restrictedAdmin
• DisableRestrictedAdmin
• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\
• Debated in the security community as a weakness because it enables
passing the hash to the remote desktop service
• RunAsPPL
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
• Lsass is created as a protected process
• 3:rd party lsass extensions will not load any more unless they are
signed correctly
Brave new world, F*ck Security!! :)
• Everything gets more interconnected every day
• End user equipment is no longer considered to be
strictly for business use
• In this fast changing environment, what is the
obvious strategy
• Holding back might strand important projects to a degree
so that they fail
• Focus the security efforts wisely
Thank You For Your Time
Björn Brolin
[email protected]