3. Traditional Responsibility Model
!
Operating System
Application
Account Management
You
Facilities
Physical Security
Physical Infrastructure
Network Infrastructure
Virtualization Layer
4. Shared Responsibility Model
You
Operating System
Application
Account Management
Security Groups
Network Configuration
AWS
Facilities
Physical Security
Physical Infrastructure
Network Infrastructure
Virtualization Layer
More info on the model is available at http://aws.amazon.com/security
5. Shared Responsibility Model
You
Operating System
Application
Account Management
Security Groups
Network Configuration
AWS
Facilities
Physical Security
Physical Verify
Infrastructure
Network Infrastructure
Virtualization
Compliance information available at http://aws.amazon.com/compliance
6. Common View
More information on the model at http://aws.amazon.com/security
8. Service Examples
Service Type *aaS
SQS, S3, Route53 Abstract SaaS
RDS, EMR, OpsWorks Container PaaS
EC2, EBS, VPC Infrastructure IaaS
From AWS’ Mark Ryland, more info at http://4mn.ca/ZZeDbA
14. Actions to Take
For EC2
Nothing for cloud-native architectures
Manage availability for traditional architectures
For RDS
Nothing for Multi-AZ instances
Standard maintenance window for single instances
17. Attack forces an older cipher choice, details at http://4mn.ca/1EYfBEA
18. For ELB
Select a non-affected cipher suite (e.g., ELBSecurityPolicy-2014-10)
For Web Servers
Enable TLS_FALLBACK_SCSV
Disable support for SSL 3.0*
Disabling SSL 3.0 may cause compatibility issues
Actions to Take