While playing around with AWS CloudWatch Log Insights to analyze VPC flow logs, I thought of a couple of fun ways to identify (probably) malicious traffic. Finding Vulnerability Scanners These are the guys that hammer your box looking for anything from silly SQL injection attacks (so 2005) to CSRF vulnerabilities. The tell: look for hosts that reuse the same source port. The Query filter (srcPort > 1024 and srcAddr !
My latest course “Architecting for Security on AWS” is now available on Pluralsight! You’ll learn how to secure your data and AWS services using a defense-in-depth approach, including: Protecting your AWS credentials using identity and access management Capturing and analyze logs using CloudTrail, CloudWatch, and Athena Implementing network and instance security Encrypting data at rest and in-transit Setting up data backup, replication, and recovery Go check it out!
This month, security researchers released a whitepaper describing the Meltdown attack, which allows anyone to read the full physical memory of a system by exploiting a vulnerability in Intel processors. If that sounds bad, that’s because it is. It means that if you’re running workloads on a public cloud provider, and you don’t have a dedicated server, an attacker can read what your workloads are putting into memory. This includes passwords, private keys, credit card numbers, your cat’s middle name, etc.
Whenever a tech fad comes to an end, it becomes so obvious why it failed. Yet during the hype, it’s easy to miss the problems lurking just below the surface. I want to explore some of the problems I see with public blockchain and why I think it’s not going to live up to the hype. Blockchain can’t track real things Whenever a new technology comes along, there’s always a temptation to use it in ways above and beyond it was originally intended.