Generalized single packet authorization for cloud computing environments
Posted on 08 April 2013.
Cloud computing environments such as those provided by Amazon and Google can be your passport to powerful computing resources without having to worry about typical provisioning and hardware issues, but if the recent Microsoft RDP vulnerability (CVE-2012-0002) is any guide, security is still a real problem.

This talk from Shmoocon 2013 presents techniques to generalize Single Packet Authorization (SPA) as implemented by the fwknop project to most cloud computing environments subject to certain requirements.

Cloud providers usually implement their own network ACL capabilities among other security measures to maintain data separation between clients, and yet they also need to allow functional remote access to individual cloud images via ssh or other administrative protocol.

This is where fwknop comes in. Although fwknop does not integrate directly with proprietary cloud provider network ACL's, this does not present a problem, and as proof a functioning deployment of fwknop within Amazon's Virtual Private Cloud (VPC) environment will be demonstrated as a protection against the RDP vulnerability. Further, in the case of VPC networks, contrary to the typical Amazon VPC NAT model, such a deployment requires the use of only one EC2 Elastic IP in order for SPA to facilitate access to any internal system.



Michael works professionally as a Security Architect for Enterasys Networks, Inc., and previously worked as a Security Architect for G2. He is a frequent speaker at computer security conferences, and is the founder of cipherdyne.org, an organization dedicated to open source security technologies. Michael is the lead developer of the psad, fwsnort, and fwknop projects.





Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //