Cloud-10 Infrastructure Security
Revision as of 09:22, 17 May 2010 by Ove Hansen
- Default configurations of systems and network devices
- All services, even active, unused ones, may contain security related bugs that potentially can be exploited.
- Compromised services may be used as "hop-off" points to other services, unless they are contained. For example, a compromised web service may lead to a compromised backend database, if the database can be reached directly from the web tier.
- Active network protocols, and open ports, may be exploited even if they are not used in the solution architecture
- Administrative access may be abused, either deliberately by the administrators, or through compromised administrative accounts. Furthermore administrative access can cause disruption through accidents
- All code (application, OS, network) will contain security related bugs, and configurations may contain configuration mistakes, that can be exploited.
- Hardening of operating systems, applications and configurations
- Tiering of the solution architecture
- Role-based administrative access, restricted administrative privileges
- Regular vulnerability assessments