CLOUD PENETRATION TESTING
What is Cloud Penetration Testing?
Cloud Penetration Testing is an authorised simulated cyber-attack against a system that is hosted on a Cloud provider. This could include Amazon’s AWS, Google’s Cloud Platform or Microsoft’s Azure.
The main goal of a cloud penetration test is to assess the security posture of the environment, find common security misconfigurations and assess publicly accessible services that could prove to be an attractive target for malicious actors.
What are the benefits?
The benefits of cloud penetration testing are increased technical assurance and a better understanding of the attack surface that your systems are exposed to. Cloud systems, whether they are infrastructure as a service (IaaS), platform as a service (PaaS), or software as a service (SaaS), are prone to security misconfigurations, weaknesses, and security threats just as traditional systems are.
By performing cloud security testing, LRQA Nettitude will:
• Assess your cloud estate in order to identify risks, potential vulnerabilities, and gaps in security.
• Demonstrate the impact of exploitable vulnerabilities and leverage them to determine the level of compromise an attacker could achieve.
• Provide a detailed report on all of the identified security misconfigurations with clear and actionable remediation advice.
• Leave you with a better understanding of your cloud infrastructure, what services are exposed to the public and assurance on the security posture of your estate.
The Cloud Security Problem
Although cloud providers offer increasingly robust security controls, you are ultimately responsible for securing your company’s workloads in the cloud. According to the 2022 Cloud Security Report, misconfiguration of the cloud platform remains the biggest security risk. This is followed by insecure interfaces, exfiltration of sensitive data and unauthorised access, compliance concerns tied with concerns about accidental exposure of credentials.
Cloud Testing, whether a configuration review, a penetration test, or both, focuses primarily around examining the protection on these key areas:
• Enumeration of external attack surface – Identify all possible entry points into the environment – O365, Web Applications, Storage Blobs, S3 Buckets, SQL/RDS Databases, Azure Automation APIs, AWS APIs, Remote Desktops, VPNs, etc.
• Authentication and Authorization Testing – Ensure the users within the environment operate on a Principle of Least Privilege, are protected by robust multi factor authentication policies, as well as ensuring that known ‘bad passwords’ are prohibited from being used.
• Virtual Machines / EC2 – Azure supports two types of virtual machines – Classic and v2. Testing will ensure that these virtual machines are protected via Network Security Groups (NSGs – analogous to firewalls) and their data is encrypted at rest. Where possible, audits of missing patches and their effects are included. Where virtual machines are publicly accessible, this will lead on to the examination of their external interfaces.
• Storage and Databases – This area of testing will examine storage blob permissions and those of subfolders, ensuring that only authenticated and authorized users can access the data within. Examination of databases (either on virtual machines running SQL Server or running via Azure SQL) for security best practices is also covered.
• Infrastructure – Infrastructure in the cloud can be vulnerable to many of the same vulnerabilities that are identified during the course of a physical internal penetration test. Whether it is insufficient patching that could lead to remote code execution on a virtual machine or the use of default credentials that allow access to sensitive services. LRQA Nettitude can assess the security posture of infrastructure hosted within the cloud and identify areas that are at risk of exploitation.
• Network Segmentation or ACLs – When hosting internal infrastructure in the cloud, a number of access control rules will be implemented to restrict access to sensitive components or applications. LRQA Nettitude can perform testing to ensure key infrastructure is correctly isolated and the risk to your business is reduced in the event of a network compromise.
• Containers – As more applications move to a container-based model, the use of cloud-based services such as Azure Kubernetes Services are becoming more prevalent. This often presents a large attack surface due to the complicated nature of the service itself. LRQA Nettitude can review the configuration of the service, as well as common misconfigurations such as the permissions of users with access to the service in order to identify any privilege escalation attack vectors.
LRQA Nettitude consultants hold certifications in the major cloud platforms Azure, AWS and Google Cloud. LRQA Nettitude also implement internal workgroups whose purpose is to constantly review and improve our cloud security methodology, including the creation of new tools and sharing of knowledge.