~ 3 min read

Identifying Toxic Combinations of Permissions in Your Cloud Infrastructure

Excessive permissions in cloud accounts can significantly increase the attack surface. It is important to understand what permissions are assigned to various users, groups, roles, service accounts versus what permissions they actually need.

Introduction

Cloud platforms like AWS, Azure, and Google Cloud allow for various types and combinations of permissions to be granted to accomplish various tasks. One of the most important things to consider here is identifying toxic combinations of permissions. If these exist, the attackers can take advantage of it in various ways to execute their attacks.

This video has been presented by Michael Raggo. He has over 20 years of experience in security research and is currently focussing on cloud security. He actively presents at various security conferences including Black Hat, DEF CON, RSA, OWASP, HackCon, and SANS. He has authored “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” books. His research work has been highlighted on television and a number of media publications. He has also been awarded the Pentagon’s Certificate of Appreciation.

What to expect from this video

Following topics have been covered in this video:

  1. Introduction - What to look for in your cloud infrastructure
  2. The state of cloud security which has led to breaches
  3. Cloud Infrastructure Cyber Kill Chain
  4. A walkthrough of recent breaches
  5. Top permission risks and key findings from AWS, Azure, and Google Cloud
  6. What can be done to identify toxic combinations of permissions
  7. Examples of Anomalous Behaviour
  8. Mitigation strategies
  9. Cloud permissions activities hygiene

https://www.youtube.com/watch?v=xa-DdBOl8fk

Key Takeaways

To understand the security posture of your cloud infrastructure, planning and conducting regular pentesting and security assessments is a good way to go. Another great way is to understand how the breaches really occur to better understand how to protect our cloud infrastructure.

This video introduces you to Cyber Kill Chain for cloud infrastructure and helps to understand what to look for, to identify anomalies in your infrastructure. Excessive permissions in cloud accounts can significantly increase the attack surface. The speaker also shares some very interesting real world examples of top permission risks and some key findings across the major cloud platforms like AWS, Azure, and Google Cloud in order to understand where the most prominent risks are found. The second half of the presentation helps to understand what to look out for and what can be done to mitigate the toxic permissions combinations that may be lurking around in the cloud infrastructure.


This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. Receive alerts for Academy by subscribing here.

;