Finding Suspicious Traffic using CloudWatch Log Insights and VPC Flow Logs

While playing around with AWS CloudWatch Log Insights to analyze VPC flow logs, I thought of a couple of fun ways to identify (probably) malicious traffic. Finding Vulnerability Scanners These are the guys that hammer your box looking for anything from silly SQL injection attacks (so 2005) to CSRF vulnerabilities. The tell: look for hosts that reuse the same source port. The Query filter (srcPort > 1024 and srcAddr != "

Architecting for Security on AWS

My latest course “Architecting for Security on AWS” is now available on Pluralsight! You’ll learn how to secure your data and AWS services using a defense-in-depth approach, including: Protecting your AWS credentials using identity and access management Capturing and analyze logs using CloudTrail, CloudWatch, and Athena Implementing network and instance security Encrypting data at rest and in-transit Setting up data backup, replication, and recovery Go check it out!

Understanding the Meltdown Attack

This month, security researchers released a whitepaper describing the Meltdown attack, which allows anyone to read the full physical memory of a system by exploiting a vulnerability in Intel processors. If that sounds bad, that’s because it is. It means that if you’re running workloads on a public cloud provider, and you don’t have a dedicated server, an attacker can read what your workloads are putting into memory. This includes passwords, private keys, credit card numbers, your cat’s middle name, etc.

4 Inconvenient but Effective Security Measures

Security usually requires sacrificing convenience (or money). So naturally, we tend to get away with as little security as possible. But if you’re a glutton for punishment, here are 4 very inconvenient but highly effective measures you can take right now to protect yourself from the evils lurking on the interwebs. Disable JavaScript Yeah, I know. Every site made since the Web 2.0 days needs JavaScript just for a text input field to work right.

Blockchain is a Passing Fad

Whenever a tech fad comes to an end, it becomes so obvious why it failed. Yet during the hype, it’s easy to miss the problems lurking just below the surface. I want to explore some of the problems I see with public blockchain and why I think it’s not going to live up to the hype. Blockchain can’t track real things Whenever a new technology comes along, there’s always a temptation to use it in ways above and beyond it was originally intended.