Table of Contents
As more and more enterprises are moving onto cloud for their IT operations. Gartner predicts that by year 2024 more than 60% of businesses would move they’re on-prem IT infrastructure onto IaaS (Infrastructure as a service). Cloud service providers such as Google, Amazon, Microsoft are highly secure but since they use a shared security model there is a big chance of security issues for hosted data such as cyber security and workload related concerns. Misconfigurations could lead to potential cyber security holes and it has impacted more than 90% businesses worldwide.
In today’s topic we will learn about cloud security misconfigurations, what are their hidden dangers, how to identify and fix them.
About Cloud Security Misconfigurations
Cloud misconfigurations could be gaps, errors which expose the environment to potential threats during cloud adoption. Cloud misconfigurations lead to security breaches, ransomware, malware or insider attacks. It is termed as a leading vulnerability by NSA. Misconfigurations in cloud computing environments are quite common due to multi-cloud deployment complexities. There is no one time fix for handling cloud misconfigurations however, implementing security procedures while building cloud ecosystems both security and DevOps teams can work jointly to reduce such instances to a considerable extent.
Common Cloud Misconfigurations and Their Fix
Let’s look at some common cloud misconfiguration mistakes which are prevalent and can be avoided by being more careful.
Unrestricted Inbound Ports
Open ports on the Internet is a big issue. High usage of UDP or TCP in cloud services lead to undue exposure. While migrating to a cloud environment ensure to have knowledge of the full range of open ports and block or disable the ones which are not required.
Unrestricted Outbound Ports
Data exfiltration, lateral movement and internal network scans are some signs of outbound open ports compromise. RDP and SSH having outbound access are a common cloud misconfiguration example. Limiting outbound ports with least privilege principle is an effective technique to handle such misconfiguration.
Secrets Management
API keys, passwords, encryption keys and admin credentials misconfiguration issues are serious concerns. To overcome this misconfiguration issue, it is important to maintain an inventory of all your secrets and regular reviews to ensure they are secure. You can use secret management solutions such as key vaults etc. to manage your secrets in a better way.
Monitoring and Logging Disabled
Lack of practices to enable, review, configure and monitor telemetry data provided by cloud providers which could lead to profound security issues
Leaving ICMP Open
Network device errors are reported using ICMP protocol but it is also used by hackers as an attack vector for DDOS (Denial of services). Hackers can overwhelm a network with ping flooding using ICMP so it is important to block it.
Automated Backups in an Insecure Manner
Non-encrypted backups are vulnerable to attacks. Backups required to be encrypted both at REST and in TRANSIT with limited permissions for restricted access.
Access to Storage
Storage objects should not be exposed for public access and access grant should be restricted only to people in the organization.
Validation Lacking
Periodic auditing of cloud environments is required to ensure proactive management of cloud misconfigurations. Usually organizations do not have any system to identify or detect cloud misconfigurations.
Non-HTTPS/HTTPS Ports Unlimited Access
Web servers hosting services and applications over the Internet have improperly configured ports which could lead to brute force attacks or authentication exploitation. Limiting access to these ports to accept traffic from specific IP address only helps in containing this kind of threat.
Virtual Machines, Containers and Hosts
Overly Permissive Access – enabling legacy protocols such as ftp, exposed etcd (port 2379) port on kubernetes clusters over public Internet, rexec , rsh and telnet remained open once physical server is migrated to cloud are some common examples of misconfigurations.
Too Many Cloud Access Permissions
User permissions management is a great challenge in multi-cloud environments, permissions review and access restrictions is crucial to protect from risk of insider threats.
Subdomain Hijacking
This happens when a subdomain is deleted from a virtual machine but its associated records are not removed from DNS. Unused subdomains can be registered by the hacker and route users to malicious web pages. Delete DNS records for all domains / subdomains when no longer needed.