Articles tagged with "security"

Darf ich als deutscher Finanzdienstleister in die Cloud?

Viele Unternehmen und insbesondere solche in der Finanzbranche stellen sich die Frage, ob sie ihre IT oder Teile dieser überhaupt in die Cloud migrieren dürfen. Ja, die Cloud skaliert gut, sie schafft bessere Verfügbarkeit lokal wie global, sie fördert Agilität, erleichtert den Zugang zu neuen Technologien und kann in vielen Fällen auch Sicherheitsvorteile schaffen. Aber wie die rechtliche Situation bei einer Auslagerung an Public Cloud-Anbieter aussieht, steht nochmal auf einem anderen Blatt Papier.

Testing Terraform with InSpec (Part 1)

While Infrastructure-as-Code slowly becomes omnipresent, many of the communicated advantages of the approach stay mostly unrealized. Sure, code style checks (linting) and even automated documentation get more common every month. But one of the cornerstones often gets ignore: testing. Let’s see which types of code testing are available and how to do it without writing too much code. The promise of the Infrastructure-as-Code (short: IaC) movement is to handle infrastructure just as if it was a program.

Be Aware of EBS Direct APIs

Recently, I blogged about a security incident where CloudTrail was not set up to log S3 data events. But while this is the most common type of data events, there are some more. And one of them has really scary implications. But good news: you can protect yourself about that.

CloudTrail Data Events

In today’s post, I will talk about a hacking investigation I recently took part in. We will look into what went wrong, what the attackers did, and how we can improve detection and prevention to manage such incidents better.

Map out your IAM with PMapper

Writing “Least Privilege” policies is an art in itself, but it inevitably leads to a large number of JSON-based policies in your accounts. As one of the rules of good security is “low maintainability = low security”, let’s dive into tools which can show us risks inside our policies - which might even result in paths to administrative privileges!

Secure Backup Solution for OnPremises and Hybrid Environments

With current ransomware attacks it is important to have a reliable backup strategie in place. With Veeam Backup & Replication you are able to backup your on-premises and hybrid environments and extend your storage solution with AWS Cloud capabilities to increase capacity and archiving storage with AWS S3 service.

Least Privilege - Semi-Automated

In almost every tutorial on AWS you will come across the term “Least Privilege”. Writing IAM policies properly requires lots of research and time - that’s the reason why many projects still rely on AWS Managed Policies or write exploitable policies. But there are tools to help you along.