Penetrating Networks

0 %
Navid Fazle Rabbi
Sr. Security Researcher
Offensive Security Research
bKash Ltd.
Research Interest
  • ๐Ÿ”’ Web & Mobile AppSec
  • ๐Ÿ’ฅ Side-Channel Analysis
  • ๐Ÿค– AI Attacks & AI Security
  • ๐Ÿ”— Blockchain & Web3 Security
  • ๐ŸŒ Browser Security
  • ๐Ÿ’ป Source Code Analysis
  • ๐Ÿ” Real-world Cryptograpy
  • ๐Ÿ’ฃ Exploit Development
  • ๐Ÿ”„ Reverse Engineering
  • ๐ŸŒ IoT Security

AWS Cloud & Pentesting – 1

August 20, 2022

Chapter 1: Introduction

This is the first chapter in my series on AWS Cloud and Pentesting. Please feel free to approach me if you have any questions or recommendations for improvement.

Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud provider

AWS Official Website

Cloud computing simply refers to the storage and execution of data and data and applications on the Cloud, rather than on your localhost or machine.

Cloud consists of managed servers that provide managed services on the client’s behalf. Services provided include, but are not limited to, the following:

  • Running Applications
  • Storing Data
  • Data Processing
  • Web Hosting

Purpose of Cloud

Providers of cloud-based services are known as Cloud Providers. As a service, they sell their machines and Computers. Consider a firm that offers a streaming music service. If the company had its own streaming servers and computers, it would face the following challenges:

  • Server/Machine fixing issues in presence of any hazard
  • They have to maintain their servers/machines on their own
  • Have to keep the servers up and running and ensure proper availability at all the times

The notion of cloud computing has evolved to eliminate this. The disadvantages of this streaming service can be mitigated by purchasing the computing workload from cloud service providers.

Why Use Cloud

  • Cloud computing is economical. Using managed servers, organizations advance toward a cost-effective cloud computing strategy as they adopt a cloud-based infrastructure.
  • Reliability, as Cloud service providers, are in charge of data backup and recovery. There are redundant servers to guarantee backup and eliminate downtime.
  • Agility in mobilizing resources as required. The deployment process is immediate.

Types

  • Infrastructure as a Service (IaaS) – Offers access to networking capabilities, computers (virtual or dedicated), and data storage space. IaaS provides the greatest degree of IT resource flexibility and management control. A Client has control over the Applications, Data, Operating System, Middleware, and Runtime in this scenario. In contrast, the Cloud Service Provider manages the server, storage, networking, and virtualization. Example – Microsoft Azure, Amazon Web Services, Google Compute Engine, etc.
  • Platform as a Service (PaaS) – PaaS eliminates the requirement to handle underlying infrastructure (often hardware and operating systems), allowing you to focus on application deployment and administration. There is no need to worry about resource acquisition, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting required to run the application. A Client has sole control over the Application and Data in this scenario. The Cloud Provider provides assurance. Example – AWS Elastic Beanstalk, Google App Engine, Adobe Commerce, etc.
  • Software as a Service (SaaS) – SaaS offers a comprehensive solution that is operated and maintained by the service provider. In most instances, when individuals refer to SaaS, they mean end-user apps (such as web-based email). With a SaaS solution, enterprises do not have to worry about maintaining the service or managing the underlying infrastructure. In this scenario, only the use of the particular software is considered. Example – Gmail, Slack, Microsoft Office 365, etc.

Amazon Web Services (AWS)

AWS is one of the top providers of cloud services. In terms of IaaS, PaaS, and SaaS, AWS offers a variety of services to meet customer requirements and assure their satisfaction. Before delving into the various services, let’s explore the AWS Global Data Centers.

AWS has an outstanding number of –

  • 26 Global Regions
  • 84 Availability Zones [Highly Available Data Center within each AWS Region]
  • 158 Edge Locations [Caching Devices]
  • 11 Regional Caches
  • 130+ Different Web Services

What is a Region? – An Independent Geographic Area

What is an Availability Zone (AZ) – Multiple Isolated Locations/Data Centers within a region

AWS Account, User & Services Scope

The graphic below depicts the AWS Account, User, and Services Scope. We shall learn about the various services in the following paragraphs. But till then, let us examine this figure.

AWS Services

In this chapter, we will explore some common services, although not in great depth. In subsequent chapters, we will cover AWS’s various Services in detail.

Some of the most common services of AWS are –

  • Elastic Compute Cloud (EC2): EC2 Provides bare servers/machines/instances where we can run our applications. The Amazon Elastic Compute Cloud (Amazon EC2) offers scalable processing power. Using EC2, we may deploy as many or as few virtual servers as desired, establish security and networking, and manage storage.
  • Virtual Private Cloud (VPC): AWS permits the usage of cloud chunks to control the total networking within the cloud chunk. It allows us to establish networks and operate servers within them. The virtual network closely resembles a typical network that we would operate in our own data center while making use of AWS’s scalable architecture.
  • Simple Storage Service (S3): This file storage service allows us to upload and exchange data. This service provides scalability, data availability, security, and performance for object storage.
  • Relational Database Service (RDS): Amazon Relational Database Service (Amazon RDS) is a bundle of managed services that simplify the deployment, administration, and scalability of databases in the cloud. Currently supports the following databases: Amazon Aurora with MySQL and PostgreSQL compatibility, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server.
  • Route 53 (DNS): The Route 53 DNS service is managed by AWS. It is a worldwide DNS service with scalability.
In this chapter, we have outlined what Cloud Service is, what AWS Cloud Service is, and some of AWS's most popular services. In the next Chapter 2: AWS Services & Solution Design, we will examine the AWS Services, What Services they Provide, Some Important Services, and how to design a solution in relation to on-premises and AWS Services in greater detail.

Please reach out to me if you have any suggestions.

Posted in Cloud SecurityTags: