Management Plane and Business Continuity

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
>> Domain 6 focuses on
00:00
management plan and business continuity.
00:00
With this domain, we will be
00:00
transitioning the focus away from
00:00
those more business-oriented
00:00
>> aspects such as governance,
00:00
>> compliance, policies,
00:00
procedures, and the overall way you define and operate.
00:00
We'll start focusing on
00:00
more technical areas of Cloud computing.
00:00
All of those business-oriented items establish
00:00
a vital foundation for making
00:00
the best technical decisions.
00:00
But personally, the technology is
00:00
where my career and interests really lie.
00:00
I'm very excited about
00:00
this transition in the material topics.
00:00
For the remainder of this video,
00:00
we're going to focus on the management plane;
00:00
we will define the management plane and it's vital role,
00:00
we'll talk about methods of accessing
00:00
the management plane and controlling
00:00
access to the management plane, and finally,
00:00
we will examine additional security considerations from
00:00
the provider's perspective
00:00
and the customer's perspective.
00:00
The management plane is the most significant difference
00:00
between traditional infrastructure and Cloud.
00:00
In an IS model,
00:00
you use the management plane to define
00:00
the software defined networks,
00:00
provision virtual machines, create virtual hard drives,
00:00
and defining the virtualized infrastructure.
00:00
The management plane also plays
00:00
a key role in configuring PaaS services.
00:00
It's the using the admin tab
00:00
on your SaaS-based applications.
00:00
For iOS and PaaS,
00:00
it's like having physical access to your data center,
00:00
but it's all centralized
00:00
across many different datacenters.
00:00
Bearing in mind that the SaaS model,
00:00
the level of detail of which
00:00
particular datacenters and the specific regions
00:00
that machines and computers happening in,
00:00
is usually abstracted from you.
00:00
The management plane plays
00:00
a key role in the self provisioning
00:00
attribute of Cloud as we discussed in this definition.
00:00
It is the glue that holds the Cloud components
00:00
together and allows orchestration.
00:00
You may recall we talked about the different layers and
00:00
the management plane itself
00:00
is part of the metastructure layer.
00:00
At the same time, it provides
00:00
the mechanisms that allow you to define
00:00
the metastructure for your own Cloud-based resources,
00:00
applications, and systems.
00:00
Let's dive into this a little bit further.
00:00
Since it plays such an important role,
00:00
you need to secure your management plane tightly.
00:00
If somebody gets control of your management plane,
00:00
it's like you gave them keys to your datacenter.
00:00
Even without the roost passwords to all your devices,
00:00
they can still create copies of
00:00
your data disks and exfiltrate all that information.
00:00
You access the management plane
00:00
using web interfaces, APIs,
00:00
REST-based APIs, software development kits,
00:00
and command line interfaces.
00:00
The management plane for each Cloud vendor
00:00
looks a little bit different but I have
00:00
included a screenshot of
00:00
the management plane for AWS on the right,
00:00
just to give you a better feel for
00:00
this term as it plays out in the real-world.
00:00
If you haven't worked with Cloud previously,
00:00
you'll quickly notice the user interface allows
00:00
you to create and manage virtual machines,
00:00
configure PaaS services like
00:00
the AWS IoT, and a whole lot more.
00:00
As a final point, the management plane
00:00
extends the shared responsibility model.
00:00
Let's look at the specifics of responsibilities
00:00
between the provider and the Cloud customer.
00:00
The Cloud provider needs to make sure to ensure
00:00
the services hosting
00:00
management plane functionality are secure.
00:00
It starts with a strong perimeter and security focused on
00:00
those servers that themselves are
00:00
hosting the management plane application.
00:00
The Cloud provider needs to provide methods for
00:00
the customer to authenticate
00:00
against the management plane.
00:00
The Cloud provider also needs to implement
00:00
an identity management solution so that
00:00
as the different parts of
00:00
the management plane talk to each other,
00:00
the identity of the entity
00:00
that initiated the actions is carried through.
00:00
For example, I log into the management plane,
00:00
it's a web interface.
00:00
I click the right buttons and say
00:00
provision a virtual machine.
00:00
The management plane, that web interface
00:00
itself is not going to create the virtual machine.
00:00
Rather, it's going to spawn off
00:00
and call two different services running in
00:00
particular datacenters and regions
00:00
and say create a virtual machine.
00:00
But my identity as an individual
00:00
needs to be carried along with that request as
00:00
well so that when it comes time to
00:00
create that virtual machine in
00:00
that particular region or datacenter,
00:00
it knows who's doing it and it can verify that I
00:00
am authorized to perform those actions in that area.
00:00
Authorizations and entitlements are another capability
00:00
the Cloud provider needs to
00:00
build into their management plane.
00:00
This allows the Cloud customer to create
00:00
different accounts and follow
00:00
the least privileged practice.
00:00
Management plan is a key tool for
00:00
separating and enforcing multi-tenant isolation.
00:00
If you could login to your management plane,
00:00
but imagine invoking commands that
00:00
control the Cloud resources for another tenant,
00:00
that would be a very bad thing.
00:00
It really is the responsibility of the Cloud provider to
00:00
prevent this cross tenant exposure from happening.
00:00
Last but not least,
00:00
the Cloud provider needs to have their own logging,
00:00
monitoring, and alerting in place
00:00
to detect any compromise of the management plane.
00:00
What about the responsibilities of the Cloud customer?
00:00
You want to make sure you minimize use of
00:00
the master account and keep it secure.
00:00
This account should be associated with
00:00
a group email, not an individual.
00:00
This is the first account you create to
00:00
establish your Cloud account and presence.
00:00
Once you have that account,
00:00
store the password off in a safe place that can be
00:00
accessed by select individuals within the organization.
00:00
But you really want to be sparing with
00:00
that account as well as other super admin accounts.
00:00
You're going to want to create accounts
00:00
for individuals and apply
00:00
the principle of least privilege for
00:00
service admins and service accounts.
00:00
Be sparing with the super admin accounts.
00:00
This can include the master account
00:00
and then other accounts you've assigned to individuals,
00:00
but maybe you were quite lacking and gave them
00:00
very broad privileges and capabilities.
00:00
Apply the principle of least privileges for
00:00
admin accounts and service accounts.
00:00
What I mean by service accounts,
00:00
they're those special types of accounts that
00:00
exists within a system but they're not
00:00
bound to a particular human being.
00:00
These are frequently used in automation, for example,
00:00
to perform deployment operations and promote
00:00
software application versions
00:00
from lower tiered environments,
00:00
your development and QA environments,
00:00
up to production environments.
00:00
These accounts can also do automated provisioning of
00:00
services and even creating the production environments.
00:00
It's very important that these special service accounts
00:00
also apply the principle of least privilege.
00:00
Because if you're given individual minimal rights,
00:00
but then they have the rights to perform
00:00
actions and initiate automation
00:00
that the service account does,
00:00
then they could potentially
00:00
start having that service account,
00:00
do a bunch of things that they as
00:00
an individual should not be using.
00:00
Even worse, the audit trail
00:00
will be all muddied up because
00:00
the fingerprints for all the activities that
00:00
the service account does will say the service account,
00:00
not the individual that
00:00
initiated or told the service account
00:00
to do these different things.
00:00
Say things went really wrong,
00:00
now you have to do a bunch of
00:00
detective work to figure out,
00:00
the automation account deleted
00:00
a bunch of your production servers,
00:00
but who initiated the automation account
00:00
itself and who gave it the commands in
00:00
the script to perform those activities?
00:00
It's just another layer you have to go through.
00:00
That's why it's so important
00:00
to keep tight controls around
00:00
these service accounts and really do
00:00
apply the principle of least privilege.
00:00
All authentication should be over
00:00
secure channels like TLS.
00:00
Single sign-on integration is extremely valuable.
00:00
Many Cloud providers allow for
00:00
integrations with your company's
00:00
identity management system.
00:00
For example, Azure Active Directory.
00:00
This way, your Cloud admins don't have to manage
00:00
distinct accounts when accessing the management plane.
00:00
Multi-factor authentication is key
00:00
for securing the management plane.
00:00
MFA should be used for individual accounts.
00:00
You can use things like time-based one-time password or
00:00
even universal second factor,
00:00
multi-factor authentication.
00:00
Last but not least, we were
00:00
talking about those service accounts,
00:00
you're going to want to rotate
00:00
>> the authentication tokens
00:00
>> for those service accounts on a regular basis.
00:00
In fact, there are other technologies out
00:00
there such as HashiCorp Key Vault,
00:00
which allow you to
00:00
continually rotate the accounts themselves.
00:00
As we were going through some of
00:00
the previous examples of service accounts,
00:00
we talked about some of the bad things that can happen if
00:00
an individual is able to control what
00:00
these powerful service accounts can do.
00:00
By constantly changing the tokens that
00:00
the service accounts are authenticating
00:00
with against the Cloud provider,
00:00
and of course, changing the accounts themselves,
00:00
you can really mitigate a lot of that risk.
00:00
To really bring home
00:00
the importance of securing that Cloud management plane,
00:00
let's look at a scenario that happened in real life.
00:00
In 2014, the root account of a company
00:00
called Code Spaces was compromised and held for ransom.
00:00
The hacker said if you're
00:00
not going to pay me a lot of money,
00:00
I'm going to destroy your system.
00:00
Well, the company Code Spaces did not pay
00:00
the money and the hacker ended up
00:00
deleting all the virtual machines,
00:00
all their data backups,
00:00
all their storage accounts.
00:00
To quote threatpost.com, "Within 12 hours,
00:00
Code Spaces went from
00:00
a viable business to complete devastation."
00:00
In this video, we talked about
00:00
the importance of the management plane.
00:00
It plays a critical role in your Cloud.
00:00
It's accessed and used through web and API methods.
00:00
Individuals and services interact with
00:00
this management plane to initiate automation,
00:00
provision Cloud resources, and they
00:00
do so using different methods of authentication.
00:00
You always want to secure
00:00
the root account for your Cloud.
00:00
Enforce least privileged by using
00:00
role-based access control structures
00:00
for the different accounts.
00:00
Also use multi-factor authentication for Cloud
00:00
accounts that access
00:00
the management plane whenever is possible.
Up Next