Difference between revisions of "Cloud-10 Infrastructure Security"

From OWASP
Jump to: navigation, search
(Created page with '==R9:Infrastructure Security== Category:OWASP Cloud ‐ 10 Project __NOTOC__ <headertabs/>')
 
(R9:Infrastructure Security)
Line 1: Line 1:
==R9:Infrastructure Security==
+
== R9:Infrastructure Security ==
  
 +
Security Risks
  
 +
<br>
  
 +
#Default configurations of systems and network devices
 +
#All services, even active, unused ones, may contain security related bugs that potentially can be exploited.
 +
#Compromised services may be used as "hop-off" points to other services, unless they are contained. For example, a compromised web service may lead to a compromised backend database, if the database can be reached directly from the web tier.
 +
#Active network protocols, and open ports, may be exploited even if they are not used in the solution architecture
 +
#Administrative access may be abused, either deliberately by the administrators, or through compromised administrative accounts. Furthermore administrative access can cause disruption through accidents
 +
#All code (application, OS, network) will contain security related bugs, and configurations may contain configuration mistakes, that can be exploited.
  
  
Line 8: Line 16:
  
  
 +
Countermeasures
  
  
  
[[Category:OWASP Cloud ‐ 10 Project]]
+
##Hardening of operating systems, applications and configurations
 +
#Tiering of the solution architecture
 +
#Containment
 +
#Role-based administrative access, restricted administrative privileges
 +
#Regular vulnerability assessments
  
__NOTOC__
+
 
<headertabs/>
+
 
 +
__NOTOC__ <headertabs />  
 +
 
 +
[[Category:OWASP_Cloud_‐_10_Project]]

Revision as of 08:22, 17 May 2010

R9:Infrastructure Security

Security Risks


  1. Default configurations of systems and network devices
  2. All services, even active, unused ones, may contain security related bugs that potentially can be exploited.
  3. Compromised services may be used as "hop-off" points to other services, unless they are contained. For example, a compromised web service may lead to a compromised backend database, if the database can be reached directly from the web tier.
  4. Active network protocols, and open ports, may be exploited even if they are not used in the solution architecture
  5. Administrative access may be abused, either deliberately by the administrators, or through compromised administrative accounts. Furthermore administrative access can cause disruption through accidents
  6. All code (application, OS, network) will contain security related bugs, and configurations may contain configuration mistakes, that can be exploited.



Countermeasures


    1. Hardening of operating systems, applications and configurations
  1. Tiering of the solution architecture
  2. Containment
  3. Role-based administrative access, restricted administrative privileges
  4. Regular vulnerability assessments