Blog category: Security

Don't panic! False-positives from GuardDuty and Network Load Balancer (NLB)

March 20, 2018 by Paulina Budzoń

If you’re keeping in touch with new services provided by AWS, you probably heard about new security monitoring tool: GuardDuty. You probably also noticed a whole new family of Elastic Load Balancers (v2), which includes Network Load Balancers (NLB). Deploying those two new services may generate some unexpected results - and here’s why.

Continue reading

S3 bucket permissions: what does "everyone" mean?

May 10, 2017 by Paulina Budzoń

On more than one occasion I have seen S3 bucket policies set for the predefined users groups: “Everyone” and “Any authenticated AWS user”, but rarely has it been done with understanding of what those groups actually mean. So, if you’ve ever set (or thought of setting) permissions for those, please read on.

Continue reading

Granting privileges using MAC Framework

April 17, 2017 by Paweł Biernacki

FreeBSD’s kernel provides quite sophisticated privilege model that extends the traditional UNIX user-and-group one. Here I’ll show how to leverage it to grant access to specific privileges to group of non-root users.

Continue reading

Intrusion detection and prevention with AWS Lambda and DynamoDB streams

April 5, 2017 by Paulina Budzoń

Intrusion detection system (IDS) and intrusion prevention system (IPS) tend to be expensive and complicated. In AWS, you can go for much simpler solution - WAF. But that requires you to use Application Load Balancer or CloudFront. But even with WAF, you have to manage a list IP addresses of attackers that should be blocked. Or, if you only ever need to block single IPs for short periods of time, NACLs may be a much easier option! Here’s a walkthrough on how you can implement a terribly simple (yet very powerful) intrusion detection and prevention in AWS with Lambda and DynamoDB Streams for a web application.

Continue reading

Sandboxing the hypervisor

February 15, 2017 by Paweł Biernacki

I’m pleased to announce that bhyve, the FreeBSD’s hypervisor, is now sandboxed using Capsicum framework.

Continue reading