Cloud Security Misconfigurations: The Hidden Dangers and How to Fix Them

As more and more enterprises are moving onto cloud for their IT operations. Gartner predicts that by year 2024 more than 60% of businesses would move they’re on-prem IT infrastructure onto IaaS (Infrastructure as a service). Cloud service providers such as Google, Amazon, Microsoft are highly secure but since they use a shared security model there is a big chance of security issues for hosted data such as cyber security and workload related concerns. Misconfigurations could lead to potential cyber security holes and it has impacted more than 90% businesses worldwide. 

In today’s topic we will learn about cloud security misconfigurations, what are their hidden dangers, how to identify and fix them. 

About Cloud Security Misconfigurations 

Cloud misconfigurations could be gaps, errors which expose the environment to potential threats during cloud adoption. Cloud misconfigurations lead to security breaches, ransomware, malware or insider attacks. It is termed as a leading vulnerability by NSA. Misconfigurations in cloud computing environments are quite common due to multi-cloud deployment complexities. There is no one time fix for handling cloud misconfigurations however, implementing security procedures while building cloud ecosystems both security and DevOps teams can work jointly to reduce such instances to a considerable extent. 

Common Cloud Misconfigurations and Their Fix 

Let’s look at some common cloud misconfiguration mistakes which are prevalent and can be avoided by being more careful. 

Unrestricted Inbound Ports

Open ports on the Internet is a big issue. High usage of UDP or TCP in cloud services lead to undue exposure. While migrating to a cloud environment ensure to have knowledge of the full range of open ports and block or disable the ones which are not required.

Unrestricted Outbound Ports

Data exfiltration, lateral movement and internal network scans are some signs of outbound open ports compromise. RDP and SSH having outbound access are a common cloud misconfiguration example. Limiting outbound ports with least privilege principle is an effective technique to handle such misconfiguration.

Secrets Management

API keys, passwords, encryption keys and admin credentials misconfiguration issues are serious concerns. To overcome this misconfiguration issue, it is important to maintain an inventory of all your secrets and regular reviews to ensure they are secure. You can use secret management solutions such as key vaults etc. to manage your secrets in a better way.

Monitoring and Logging Disabled

Lack of practices to enable, review, configure and monitor telemetry data provided by cloud providers which could lead to profound security issues

Leaving ICMP Open

Network device errors are reported using ICMP protocol but it is also used by hackers as an attack vector for DDOS (Denial of services). Hackers can overwhelm a network with ping flooding using ICMP so it is important to block it.

Automated Backups in an Insecure Manner

Non-encrypted backups are vulnerable to attacks. Backups required to be encrypted both at REST and in TRANSIT with limited permissions for restricted access.

Access to Storage

Storage objects should not be exposed for public access and access grant should be restricted only to people in the organization. 

Validation Lacking

Periodic auditing of cloud environments is required to ensure proactive management of cloud misconfigurations. Usually organizations do not have any system to identify or detect cloud misconfigurations.

Non-HTTPS/HTTPS Ports Unlimited Access

Web servers hosting services and applications over the Internet have improperly configured ports which could lead to brute force attacks or authentication exploitation. Limiting access to these ports to accept traffic from specific IP address only helps in containing this kind of threat.

Virtual Machines, Containers and Hosts

Overly Permissive Access – enabling legacy protocols such as ftp, exposed etcd (port 2379) port on kubernetes clusters over public Internet, rexec , rsh and telnet remained open once physical server is migrated to cloud are some common examples of misconfigurations. 

Too Many Cloud Access Permissions

User permissions management is a great challenge in multi-cloud environments, permissions review and access restrictions is crucial to protect from risk of insider threats.

Subdomain Hijacking

This happens when a subdomain is deleted from a virtual machine but its associated records are not removed from DNS. Unused subdomains can be registered by the hacker and route users to malicious web pages. Delete DNS records for all domains / subdomains when no longer needed.

Leave a Comment

15 + 7 =

Select your currency
USD United States (US) dollar