Skip to content

Latest commit

 

History

History
111 lines (86 loc) · 8.98 KB

mitigations.md

File metadata and controls

111 lines (86 loc) · 8.98 KB

Mitigation Strategies Analysis for robb/cartography

Mitigation Strategy: Principle of Least Privilege for API Credentials

  • Description:

    1. Identify Required Resources: Analyze Cartography's documentation and your specific use case to determine the exact cloud resources Cartography needs to access. For example, if you only need to inventory EC2 instances and S3 buckets, you don't need access to RDS or Lambda.
    2. Create Custom IAM Policies/Roles (AWS Example):
      • Create a new IAM policy.
      • Use the visual editor or JSON to define permissions.
      • For EC2, grant ec2:DescribeInstances, ec2:DescribeImages, etc. Avoid ec2:*.
      • For S3, grant s3:ListBucket, s3:GetObject (if needed for metadata), etc. Avoid s3:*.
      • If possible, restrict permissions to specific resources using ARNs (e.g., only allow access to buckets with a specific prefix).
      • Create an IAM role and attach the policy.
      • Configure Cartography to assume this role (e.g., using instance profiles if running on EC2, or using AWS credentials with the role ARN). This is the direct Cartography configuration step.
    3. Repeat for Other Cloud Providers (GCP, Azure): Follow similar principles, creating custom roles with minimal read-only permissions. The configuration of Cartography to use these credentials is the key.
    4. Regular Review: Periodically (e.g., every 3-6 months) review the permissions and ensure they are still the minimum required.

  • Threats Mitigated:

    • Threat: Compromise of Cartography instance or credentials leads to unauthorized resource modification (High Severity).
      • Impact: Reduces the risk from High to Low. An attacker can only read data, not modify it.
    • Threat: Accidental misconfiguration or misuse of Cartography leads to unintended resource changes (Medium Severity).
      • Impact: Reduces the risk from Medium to Low. Limited permissions prevent accidental modifications.
    • Threat: Insider threat with access to Cartography credentials abuses privileges (Medium Severity).
      • Impact: Reduces the risk from Medium to Low. Limits the scope of potential abuse.

  • Impact: Significantly reduces the risk of data breaches, unauthorized resource modifications, and accidental damage. This is a foundational security control.

  • Currently Implemented (Example):

    • Partially implemented. We have an IAM role for Cartography, but it currently has broader permissions than necessary (AmazonEC2ReadOnlyAccess and AmazonS3ReadOnlyAccess). The Cartography configuration points to this role.

  • Missing Implementation (Example):

    • Need to create a custom IAM policy with more granular permissions, specifically tailored to the resources Cartography actually needs.
    • Need to review and refine permissions for GCP and Azure as well, and update Cartography's configuration to use those refined credentials.
    • Need to establish a regular review process for permissions.

Mitigation Strategy: Credential Rotation and Management

  • Description:

    1. Choose a Secrets Manager: Select a secrets management solution (e.g., AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, GCP Secret Manager).
    2. Store Credentials: Store the API keys/credentials for Cartography in the chosen secrets manager.
    3. Configure Cartography: Modify Cartography's configuration to retrieve credentials from the secrets manager at runtime. This is the direct Cartography configuration step. This usually involves using environment variables or configuration file settings specific to the secrets manager, and Cartography must be configured to read from these.
    4. Enable Automatic Rotation: Configure the secrets manager to automatically rotate the credentials on a regular schedule (e.g., every 90 days). This often involves integrating with the cloud provider's IAM service.
    5. Test Rotation: Thoroughly test the credential rotation process to ensure it doesn't disrupt Cartography's operation.

  • Threats Mitigated:

    • Threat: Credential theft or leakage (High Severity).
      • Impact: Reduces the risk from High to Medium. Regular rotation limits the window of opportunity for an attacker to use stolen credentials.
    • Threat: Use of old, compromised credentials (Medium Severity).
      • Impact: Reduces the risk from Medium to Low. Rotation ensures old credentials are no longer valid.

  • Impact: Reduces the risk of credential-based attacks and improves overall security posture.

  • Currently Implemented (Example):

    • Not implemented. We are currently storing credentials in a configuration file.

  • Missing Implementation (Example):

    • Need to choose and implement a secrets management solution.
    • Need to migrate credentials to the secrets manager.
    • Need to configure Cartography to retrieve credentials from the secrets manager at runtime.
    • Need to enable and test automatic credential rotation.

Mitigation Strategy: Data Minimization

  • Description:

    1. Identify Essential Data: Determine the specific cloud resources and properties you need to track for your use case. Avoid ingesting everything by default.
    2. Use Cartography's Configuration: Use Cartography's command-line options or configuration file to specify:
      • --include-modules: List only the modules you need (e.g., aws, gcp). This is a direct Cartography configuration.
      • --exclude-modules: Exclude modules you don't need. This is a direct Cartography configuration.
      • --include-resources: List specific resource types (e.g., aws:ec2:instance, aws:s3:bucket). This is a direct Cartography configuration.
      • --exclude-resources: Exclude resource types you don't need. This is a direct Cartography configuration.
    3. Review and Refine: Regularly review the ingested data and adjust the configuration to further minimize the data footprint. Remove any unnecessary resource types or properties.

  • Threats Mitigated:

    • Threat: Data breach exposes a large amount of sensitive data (High Severity).
      • Impact: Reduces the risk from High to Medium. Minimizing the data reduces the amount of sensitive information that could be exposed.
    • Threat: Storage and processing costs are higher than necessary (Low Severity).
      • Impact: Reduces the risk from Low to Negligible. Minimizing data reduces storage and processing requirements.

  • Impact: Reduces the potential impact of a data breach and improves efficiency.

  • Currently Implemented (Example):

    • Not implemented. We are currently ingesting all data from all supported modules.

  • Missing Implementation (Example):

    • Need to analyze our data needs and identify the essential resources and properties.
    • Need to configure Cartography, using its command-line options or configuration file, to ingest only the necessary data.
    • Need to establish a regular review process for data minimization.

Mitigation Strategy: Regular Updates and Patching (Cartography Itself)

  • Description:

    1. Subscribe to Security Advisories: Subscribe to security advisories for Cartography. This is crucial for being notified of vulnerabilities in Cartography itself.
    2. Establish an Update Process: Define a process for testing and deploying updates to the Cartography application in a timely manner. This should include:
      • Testing updates in a non-production environment before deploying to production.
      • Scheduling updates during off-peak hours to minimize disruption.
      • Having a rollback plan in case of issues.
    3. Automate Updates (Optional): Consider using automated update mechanisms where appropriate (e.g., using a package manager or container orchestration system). However, always test automated updates thoroughly before deploying them to production.

  • Threats Mitigated:

    • Threat: Exploitation of known vulnerabilities in the Cartography application (High Severity).
      • Impact: Reduces the risk from High to Low. Regular updates and patching address known vulnerabilities within Cartography.

  • Impact: Reduces the risk of exploitation of known vulnerabilities and improves overall security posture.

  • Currently Implemented (Example):

    • Partially implemented. We don't have a formal process for updating Cartography.

  • Missing Implementation (Example):

    • Need to establish a formal update process for the Cartography application.
    • Need to subscribe to security advisories specifically for Cartography.