Hands-On Workshop: Avoiding Data Disasters: Techniques to Identify and Address Cloud Storage Misconfigurations

  • Wednesday, 06 Sep 2023 10:00AM EDT (06 Sep 2023 14:00 UTC)
  • Speaker: Ryan Nicholson

It appears that every few months, there's news of yet another cloud breach stemming from a carelessly configured cloud storage solution. While this isn't the default for most cloud vendors, some users still manage to make their cloud data publicly accessible by going out of their way - sometimes to a significant extent. Whether it's out of ignorance or convenience, it doesn't matter - this practice must come to an end.

To address this issue, we've developed a workshop that equips attendees with various techniques and methods to identify and rectify cloud storage misconfigurations in their own cloud accounts. We'll even demonstrate some ways to prevent these misconfigurations from happening in the first place. Although the chosen vendor for this workshop is AWS, due to its Simple Storage Service (S3) being the one making headlines, misconfigurations could occur in any cloud environment. Hence, the techniques discussed in this workshop will be applicable to all cloud vendor environments, including Azure, Google Cloud Platform, and Oracle.

LEARNING OBJECTIVES:

  • Discover all-too-common cloud storage security deficiencies present as either insecure vendor defaults or careless mistakes
  • Correct these issues using a variety of means (e.g., cloud management console, command line tools, and Infrastructure-as-Code)

PREREQUISITE KNOWLEDGE:
None.

SYSTEM REQUIREMENTS:

  • Laptop with a modern web browser
  • AWS account with root access or an IAM user with Administrator Access permissions
  • If you need an AWS account, you can create a free tier account with root access at https://aws.amazon.com/free/. The cost will be minimal (pennies) to complete the workshop

This workshop supports concepts from SEC488: Cloud Security Essentials.