Hi. team. I want to clean up the S3 buckets for the security. so please tell me the bucket path that should be not removed until this week(2/10). Thanks.
2017-02-08 14:49 GMT+09:00 moon <m...@zepl.com>: > Thanks Shim summarizing and taking a lot of action items! > > > On Wed, Feb 8, 2017 at 2:45 PM Hyung Sung Shim <hss...@nflabs.com> wrote: > >> Hi. >> >> We (moon, anthony, sam, shim) just had meeting about the security. >> >> *Talked About * >> 1. AWS console login. >> - MFA (Multi-Factor Athentication) >> >> 2. User Access key/Secruity key. >> - IAM >> - STS (Secure Token Service) >> - Set restrict resources. >> >> 3. Application/EC2 instance security >> - apply AWS Inspector >> >> 4. Data security >> - Data backup >> - monitoring backup (Alert when failing backup..) >> - Restrict S3 backup path >> >> *Action items.* >> 1. set IAM policy. (shim) >> 2. set restrict resources. (shim) >> 3. MFA (Multi-Factor Athentication) (shim) >> 4. STS (security tocken) (shim) >> 5. Restrict S3 path (shim) >> 6. Data backup (shim) >> 7. monitoring(notification) backup (Alert when failing backup..) (shim) >> 8. notebook data security. >> - we need more research for this so we will get the meeting next >> Wednesday(2/15 13:00~) >> 9. apply AWS Inspector (we need to research) >> 10. apply AWS Key Management Service(KMS) (we need to research) >> >> Let me the 1~7 action items until this week. >> Feel free to attache things that i missed. >> Thanks. >> >> >> >> 2017-02-07 18:48 GMT+09:00 Hyung Sung Shim <hss...@nflabs.com>: >> >> Good idea. >> 2017년 2월 7일 (화) 오후 6:31, moon <m...@zepl.com>님이 작성: >> >> It's matter of time the same incident happening again, unless we find the >> reason and fix the problem. >> >> And this time, we were lucky. Hackers just ran a lot of instance and mine >> bit-coin, which is matter of we paying aws a lot of money. >> However if next time, hackers leak our customers notebooks, that will be >> matter of closing company. >> >> So, shell we have a emergency meeting for securing our service tomorrow? >> from 1-4pm. >> Agenda is >> >> 1. List possible reasons of today's incident. >> 2. Make a action item to address all the possible reasons. >> 3. Assign people each action item. >> >> This meeting will be held in office. If needed, i can open hangout. >> Everyone is free to join, but i would say Shim and Anthony is mandatory. >> >> I think there will be a lot of action items created. And each of them >> needs different talents. So don't be too surprised when some tasks are >> assigned to you even you weren't in the meeting. >> >> Thanks, >> moon >> >> On Tue, Feb 7, 2017 at 5:45 PM Sejun Ra <se...@zepl.com> wrote: >> >> Send me all the info you can get. I'll send it to Amazon. >> On Tue, Feb 7, 2017 at 12:43 AM moon <m...@zepl.com> wrote: >> >> I think 2) knowing exact reason is not easy while AWS doesn't provide log >> who call the API without using CloudTrail (just setup this guy). >> >> On Tue, Feb 7, 2017 at 5:20 PM moon <m...@zepl.com> wrote: >> >> To ask Amazon a favor, I think we need >> >> 1. List up all the ec-2 instance Id >> 2. What was compromised and how we fixed. >> >> >> On Tue, Feb 7, 2017 at 5:15 PM Hyung Sung Shim <hss...@nflabs.com> wrote: >> >> Hi all. >> >> EC2 instances were launched abnormally at the same time each Regions. >> Summary are like as following. >> >> *Virginia : 80 ea* >> February 2, 2017 at 2:08:28 PM UTC+9 : 50 ea >> February 2, 2017 at 2:07:40 PM UTC+9 : 30 ea >> >> *California :** 19 ea* >> February 2, 2017 at 2:11:27 PM UTC+9 : 19 ea >> >> *Oregon : ** 9 ea* >> February 2, 2017 at 2:13:05 PM UTC+9 : 9 ea >> >> *Ireland : ** 20 ea* >> February 2, 2017 at 2:10:11 PM UTC+9 : 20 ea >> >> *Singapore :** 20 ea* >> February 2, 2017 at 2:14:35 PM UTC+9 : 20 ea >> >> *Sydney : ** 20 ea* >> February 2, 2017 at 2:15:52 PM UTC+9 : 20 ea >> >> *Tokyo : 20 ea* >> February 2, 2017 at 2:17:15 PM UTC+9 : 20 ea >> >> *Sang Paulo : 20 ea* >> February 2, 2017 at 2:19:38 PM UTC+9 : 20 ea >> >> We need to ask AWS team about informations(why and how to created >> instances) and money!! >> >> You can refer to attached file for detail. >> Thanks. >> >> -- >> -- >> sejun ra >> http://www.nflabs.com >> @zeppelinx >> #apachezeppelin >> >> >>
