Presentation Material
Abstract
Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the major organizations have entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern. While AWS, GCP & Azure provide you protection with traditional security methodologies and have a neat structure for authorization/configuration, their security is as robust as the person in-charge of creating/assigning these configuration policies. As we all know, human error is inevitable and any such human mistake could lead to catastrophic damage to the environment.
Few vulnerable scenarios:
- Your security groups/policies, password policy or IAM policies are not configured properly
- S3 buckets and Azure blobs are world-readable
- Web servers supporting vulnerable ssl ciphers
- Ports exposed to public with vulnerable services running on them
- If root credentials are used
- Logging or MFA is disabled Knowing all this, audit of cloud infrastructure becomes a hectic task! There are a few open source tools which help in cloud auditing but none of them have an exhaustive checklist. Also, collecting, setting up all the tools and looking at different result sets is a painful task. Moreover, while maintaining big infrastructures, system audit of server instances is a major task as well.
CS Suite is a one stop tool for auditing the security posture of the AWS/GCP/Azure infrastructures and does OS audits as well. CS Suite leverages current open source tools capabilities and has custom checks added into one tool to rule them all.
Cloud Security Suite is an open source which adheres to GPL V3 (GNU General Public License v3.0). This paper is written for the release of the version 3.0 of the tool.
The major features include:
- Simple installation with support of python virtual environment and docker containers
- GCP Infra Audit
- Initiate all tools/audit checks in one go
- AWS Infra Audit: Easify your “open source setup” pain. Compilation of all audit checks in one place Centralised portable reports Audits individual systems
- AWS Instance Audit IP based auditing Region independent Audit (Public IP) Supports both public and private IPs for Default region Automatic Report Generation and Fetching Portable HTML report
- JSON output
- Integration of AWS Trusted Advisor
- Azure Infra Audit
- Azure IP based Auditing
- Report generation of the Diff between the current and last scan