AWS Cloud Security Project

Setup environment of AWS VPC

This diagram represents the layout of the AWS VPC environment. The VPC is initially configured to be insecure and vulnerable to attacks.

Notes and thoughts:

After initial setup of the cloudformations in AWS and review of code, I have found some vulnerabilities due to poor practices.

Depending on how you set up the AWS account there should be another user that can access the cloud environment that doesn't have root credentials. It's good practice to have an administrator account that is separate from the root account so that the entire account isn't compromised due to an attacker compromising an administrators credentials.
MFA should be enabled for all accounts for extra security.
Root user should also have their root credentials disabled or deleted for extra security.
The EC2 instance has ports that are exposed to the public internet which is a security risk. Some of these ports that are exposed are considered unsecure because they are using unsecure protocols.

This shows the successful deployment of VPC using AWS CLI and retrieval of free recipe from S3 bucket.

Notes and thoughts: Getting to this point in the picture took a few hours to get to as this is my first time using AWS and setting up a VPC environment.

My AWS console home page setup

This picture shows the AWS home console page after initial review and upload of cloud formation templates as well as additional security features.

These security apps from AWS help to give a better picture of the overall security of the VPC environment. Quite a lot of vulnerabilities.

AWS Config, Inspector and Security Hub vulnerability and compliance scans.

E2T2_config

Screenshot of AWS Config showing non-compliant rules.

E2T2_inspector

Screenshot of AWS Inspector showing scan results.

E2T2_securityhub

Screenshot of AWS Security Hub showing compliance standards for CIS foundations.

E2T2_config

Screenshot of AWS Config showing non-compliant rules.

1/3

Vulnerabilities related to cloud formation template code

Screenshot 2022-05-19 101016BRUTEFORCE.png

Attack vector established after reviewing code of VPC environment. Brute force attack initialized using Kali machine as the attacker.

Using my Kali Linux VM as the attack machine I setup the brute force attack using hydra through the attack simulation instance.

Notes and thoughts: At this stage I've setup the vulnerable VPC environment and now I've setup my Kali VM as the attacker machine. In this picture I've already used SSH to log into the unsecure EC2 instance. Reviewing the initial code reveals that the security groups were not restricting access to the EC2 instance. Once I accessed the EC2 instance I started a brute force attack using hydra against the application server.

After running AWS Guard Duty for 15 minutes while brute force attack was ongoing, I took a screenshot of its findings.

Scenario: Imagine a scenario where API keys used by the application server to read data from S3 were discovered and stolen by the brute force attack. This picture shows successful retrieval of secret recipe text.