Photo by Kyle Head on Unsplash
Exploiting, detecting, and correcting IAM security misconfigurations
Bad Actor
Identity and access management (IAM) misconfigurations are one of the most common concerns in cloud security. Over the past few years, these security holes have put organizations at increased risk of experiencing serious attacks to their cloud accounts.
To some, cloud environments might look like a safe place, where security is set by default. However, the truth is that security follows a shared responsibility model. For example, you are in charge of securing AWS console access.
However, what if a misconfiguration over your users or roles is applied in your environment? Attackers can use them to gain the keys to the kingdom, accessing your environment and creating serious damage. In scenarios where attackers are already in, misconfigurations can help them perform cloud lateral movement [1], exfiltrate sensitive data, or use the account for their own purpose (e.g., crypto mining [2]).
In this article, I put security best practices aside and have some fun focusing attention on real-world scenarios of IAM security misconfigurations. I'll showcase how it would be possible for an attacker to use those IAM misconfigurations and create serious hassles.
Big Deal?
AWS IAM [3] lets you manage access to AWS services and resources securely. With IAM, you can create and granularly manage AWS users and groups and use permissions to allow and deny them access to AWS resources.
From this definition of IAM, you can easily agree that this piece of infrastructure needs your focus. If this service is misconfigured, users or groups might cause huge damage to your infrastructure.
The fine granularity of permissions available in cloud environments allows the application of the least privileges concept
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Shadow admin permissions and your AWS account
Malicious attackers are trying to conquer your AWS castle in the cloud. To mount a strong defense, you'll need a deeper understanding of privilege escalation and shadow admin permissions. -
Making Kerberoasting uneconomical
A method known as Kerberoasting is an exploitation technique of the Kerberos authentication protocol. We take a closer look at the available safeguards and detection measures against this attack. -
Optimizing domain controller security
Configure your domain controller security settings correctly with Policy Analyzer and current Microsoft baselines for a leak-tight Active Directory. -
AWS Automation Documents
AWS Systems Manager Automation documents let you customize your Amazon Machine Images to improve security and avoid config drift.
-
Protect privileged accounts in AD
Granular protection for highly privileged accounts is granted by the Protected Users group in Active Directory and Kerberos authentication policies.