With cyber security continuously hitting the headlines I though I could share some of what I believe is to know when working in the cloud as an absolute minimum and for simple access, you will understand what I mean later, and also share what I learned fiddling with Cloud systems all day long. I shall divide the matter into two categories: the Cloud itself & the VMs.
On the Cloud Platform, it is paramount to know about the concepts:
- Passwords Policies
- MFA
- Roles
- Policies
- Principals
- Networking concepts
- Bastion Hosts
- Private Keys and Tokens
- Alerts on admin account access
- Alerts on spend
We call these basics, but yet it will take you a certain time to understand how they work and how they click together, a lot of the data leaks and hacks come from poorly set-up cloud services so let’s make sure than it is correctly implemented from the get go. The good news is that in order to help you, providers now offer what they call “landing zones” which are pre-set hardened configurations with best practices… but with time configurations will drift, and your cloud will soon become a Swiss cheese if not careful.
On the machine, the bear minimum is to know:
- User and groups set-up
- SSH set up… only keys, no root access, failure after 3 tries, etc
- Firewall
- Stop and disable listening services (ss -tulnp)
- Apply security updates
- Logs! keep and eye on SSH logs and journalctl
I know there is much more, but these will give you a correct survival rate for a start. The worst is in my opinion to forget some services listening and not in use anymore, it happens to me, and usually the machine firewall is here to save the day but not always, and also, depending on configurations I had surprises, so beware! As second safety net you also will count on Cloud platform firewall or ACL as well. I am purposefully not even talking about other type of more complex access to your apps if you were to do development and an usage of APIs, tokens, certifications or so, as this is a world of its own and not the purpose of this article, and also slightly above my head.
And one last one: “dropping” ICMP packets would be an excellent thing, this would make your machine somewhat invisible, because in all honesty, you would be astonished by the quantity of incoming pings from malicious scripts scanning the internet continuously for new and vulnerable hosts.