Category: Security

In the first blog part, I wrote that’s not so easy to identify risk in your Oracle Cloud Infrastructure account. CIS – Center of Internet Security – has a free benchmark which supports you in hardening your account. And with Palo Alto Prisma or OCI Cloud Guard, there are two tools which provide information too. But I want to have an easier way to identify and remediate dangers. select * from cloud; Steampipe.io provides a powerful CLI tool, where you can query cloud account by API. Instead if clicking actions in the user interface to find out who has no MFA enabled, just execute this query: steampipe query “select name, is_mfa_activated from oci_identity_user where is_mfa_activated=false;” +———————————————————+——————+ | name | is_mfa_activated…

Cloud Security When you search with the term “Cloud Breaches 2022” in one of the search engines, there is a almost endless list of breaches. In this 2-part blog post I show you an easy way, to level up your security in Oracle Cloud Infrastructure. For example listed on https://www.immuniweb.com/blog/top-10-cloud-security-incidents-in-2022.html: As you can see here, these are all issues related to security settings done by the owner of the accounts. No special hacking methods, no social engineering. Just wrong settings. Sure, there are also technical bugs possible, this one has happened in summer 2022 in Oracle Cloud Infrastructure and was called #AttachMe: https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access Cloud Security Risks – Items These items are all configurable by customer, like roles not according least-privilege…