top of page
Nick
Apr 11, 20232 min read

Cyber: Cloud

Cyber is dedicated to helping your company avoid being targeted or get up ASAP.


Amazon Web Services is now more profitable than the original Amazon store. This never ceases to amaze me. However, I can see how it would happen. Hardware is fairly expensive, software takes significant effort and expertise to set up and maintain, plus we use a lot of computers. Being able to squeeze every cent out of your servers would be fabulous!


Ever since it started, a number of other firms have jumped on to the idea. You no longer need an on-site server. You can get rid of that computer guy too; he is expensive and doesn't even follow football. (Please note, I am generalizing. Just because I don't follow football does not mean your computer guy/gal will not. Heck, I still think soccer is football.)


I am clearly biased but let us consider this from a few different perspectives.


Red Team: A target with online systems presents a few options.

  1. (Trivial) Do they have a secure VPN? Can I guess their password? Did they leave any silly passwords or VLANs active, which I could use?

  2. Do they have redundant connections to their internet provider?

  3. If yes to #2, how many? Each one is a new target

  4. Can I get in between them and their cloud account? If so, the potential is limitless.

Maintenance: A cloud system has different headaches.

  1. Do you have redundant internet connections?

  2. If so, how often are they tested (aka one is disconnected)?

  3. Will the secondary system ever get removed in a budget cut?

  4. What happens if management misses your internet bill?

Management: Often understated, management has some simple objectives.

  1. What is the risk-adjusted cost/benefit? 99.9% guaranteed to save $200k / year, 1% chance we add a connection that ends up as ransomware for the whole site $10M / year might be worthwhile. That math is different when the attacked could permanently damage your $40M of gear on-site.

  2. Can we get back up from a catastrophic failure?

  3. If yes to #2, how long would it take and how much would it cost?

A slow-to-update system with money behind it is a great target.

4 views0 comments

Recent Posts

See All

Pro-tips: Be your best self (at work)

Pro-tips exist to help improve your professional life. These are general and not aimed at anyone specific... but some issues do seem to...

0 comments

PE Controls: Updates

A friend of mine recently took the PE for Controls, which is now online and significantly different from the all-encompassing, open book...

0 comments

Comentários

bottom of page