Embedded Files
Identify and Resolve Cloud Storage Vulnerabilities
Introduction
Introduction
In my role as a Client Cybersecurity Engineer at Rackspace, I was tasked with assisting Cymbal Bank in identifying and remediating security threats within their cloud infrastructure. This involved collaborating closely with my team to ensure that all security measures were effectively implemented. Below, I outline the structured approach I took to address the critical findings, including strategically placed screenshots to enhance clarity and help hiring managers visualize the process and results
Challenge Overview
Challenge Overview
Misconfigured storage bucket: Sensitive customer documents were at risk of unauthorized access due to a misconfiguration.
Anomalous Activity Detection: Chronicle SIEM flagged an external email access issue where an external email account (cymbal.analyst.demo@gmail.com) was granted excessive privileges.
Role(s):
Role(s):
Client Cyber Security Engineer
Collaborating Team Lead
Tool(s) Used:
Tool(s) Used:
Google Cloud Security Command Center
Google Cloud Storage
Google cloud IAM
Google Big Query
Policy Analyzer
Deliverables:
Deliverables:
Corrected Cloud Storage configurations
Updated IAM roles
Security report detailing remediation steps and outcomes
Step 1: Check for Threats and Review Security Compliance Status
Step 1: Check for Threats and Review Security Compliance Status
First, I accessed the Threats dashboard within the Security Command Center (SCC). This dashboard is vital for monitoring potential security issues and compliance status
Navigate to the Security Command Center:
Navigate to the Security Command Center:
I opened the SCC dashboard and selected the Threats section.
Conducted a real -time scan to detect any ongoing threats.
Review Compliance Status:
Review Compliance Status:
Checked the security compliance status against the ISO/IEC 27001:2013 standards to ensure all necessary measures were in place.
Screenshot 1: Security Command Center - Threats Dashboard
Screenshot 2: Compliance Status Overview
Task 2: Remediate a Vulnerable Cloud Storage Bucket Finding
Task 2: Remediate a Vulnerable Cloud Storage Bucket Finding
Next, I addressed the misconfiguration of a Cloud Storage bucket containing sensitive customer documents.
Remove Public Access
Remove Public Access
Screenshot 3: Cloud Storage Bucket Settings
I accessed the Cloud Storage settings and removed public access to the bucket as it posed a significant security risk.
Switch to Uniform Access Control
Switch to Uniform Access Control
Screenshot 4: Uniform Access Control Settings
I changed the access control to uniform and applied this as a policy constraint to limit interaction to authorized users only.
Task 3: Create a Custom Role to Address the IAM Anomalous Grant Threat
Task 3: Create a Custom Role to Address the IAM Anomalous Grant Threat
In response to the IAM anomalous grant identified earlier, I created a custom IAM role to provide the necessary permissions for the data analyst contractor.
Create Custom Role:
Create Custom Role:
I defined the role titled "Cymbal Analyst -Read Only" with a description that clarified it's purpose.
Assigned specific permissions to the role, focusing on read-only access.
Screenshot 5: Custom IAM Role Creation
Task 4: Revoke Existing Permissions and Assign the Custom Role
Task 4: Revoke Existing Permissions and Assign the Custom Role
To further secure the environment, I revoked any excessive permissions from the data analyst's account.
Revoke Permissions:
I accessed the IAM settings and removed the Editor role assigned to the external user
Screenshot 6: IAM Permissions Before Revocation
Asign Custom Role:
I then assigned the newly created "Cymbal Analyst-Read Only" role to ensure that the analyst had the appropriate access without excessive privileges.
Screenshot 7: IAM Permissions After Role Assignment
Task 5: Analyze the Changes to the IAM Roles Policy
Task 5: Analyze the Changes to the IAM Roles Policy
Finally, I used the Google Cloud Policy Analyzer to confirm that the IAM role changes were effective.
Run Policy Analyzer:
I created a query to review the current permissions for the external data analyst's account.
Screenshot 8: Policy Analyzer Query Results and final IAM Role Permissions
Conclusion
Conclusion
In this lab, I demonstrated proficiency in applying ISO/IEC 27001:2013 standards and best practices to a real-world cloud security scenario. I successfully detected an IAM anomalous grant threat reported by Google Cloud SCC's Event Threat Detection service, implemented corrective measures for a Cloud Storage bucket misconfiguration, and verified the effectiveness of my solutions. These skills are crucial for any organization aiming to reduce cybersecurity risk and align with industry-leading security practices.
By following a structured approach and utilizing the appropriate tools, I was able to effectively mitigate potential threats, ensuring the security and integrity of Cymbal Bank's sensitive data.
Page updated
Google Sites
Report abuse