Dec 042013
 

This is somewhat related to updating amazon group resource ip’s for dynamic ip addresses except it is a different concept.  How many times have you been on the road and needed to access your home computer?  Granted, there are many third party services that allow you to do that, like dynamic dns but that is behind my control.  I wanted something I could control.  Since I use linode, they have an api and a way to script ip updates.  So thats what we will do here.

Continue reading »

Nov 212013
 

I work from home a lot.  My ISP used to never change IP addresses dynamically the first 3 years or so I was with them.  Now they change it often (more than once a week).  This creates a slower response time when I am at home, get a page, go to log in via ssh, and find out my ip has changed since we restrict our AWS environment via group policies.  The times I have needed to do this are relatively few, but still its a problem if there is an emergency.  Leave it to me to come up with a simple solution….

Continue reading »

Oct 212011
 

This is part 2 of Securing the Cloud.

Here is an interesting idea I have had some success with.  You spin up a new cloud instance, get a new ip that has been reissued.  Immediately start sniffing the traffic while doing some research to identify who previously had been using that IP address.  What can you obtain?  Maybe an admin will try to log into the old server via ip address, so now you have a valid admin username and password.  If the ip was reissued prior to every isp’s dns cache updating, you will likely obtain hits to services still cached at those isp’s, such as ftp accounts via domain, ssh accounts accounts via domains, and for hosted servers….you can at least grab some of the domains hosted at that previous ip.

You would be surprised just the type of information you can grab…..something to think about.

May 102011
 

A lot of recent talks about “securing the cloud” but let me give you my take on it.

I am in the cloud, businesses are in the cloud, but which cloud?  Is any one cloud environment more secure than the other?  Let me give you a few things I have learned about the cloud….cause this might seem rather alarming to some or most.

Treat all cloud environments as a hostile environment.  Treat it like a wide open door to your business infrastructure, matter of fact, treat it like something blew 2 of the 4 outer parameter walls off of your business along with half of the roof coming down.  Rethink what you consider secure, how you secure services and applications, and treat it like you just handed everything to a blackhat hacker.

Almost every cloud environment I have used or tested offers a “private ip address” but is it really private?  If you dig around, you will find that it is not.  Matter of fact, it seems that others with those private ip addresses believe they have their own vlan switch of private ip address ranges segregated from everyone else….but fact is, you share your data on your private ip address range with many other clients on the same private ip address range.  Why?  Because you are all sharing a cut of the cpu, memory, network cards, etc of the same physical server.  Even though you might secure your forward facing applications, you would be surprised how many applications within the private ip addresses are not secured.  Why?  Because people automatically think of it in terms of “our local network or private lan”.  Why?  Because its in the same ip range as a private network.

See EXAMPLE 1 below

And because people treat it like a private lan network, they do the craziest things like “unpatched apache or other insecure software”, how about mysql root without a password on the private lan for ease of administration, or what about using the private lan to send critical confidential customer (or patient) records across to another failover server on the private lan….unencrypted.  You see where this is going??

See EXAMPLE 2 below

And then lets talk about pre-made cloud environments…..

Continue reading »