Ah, i send to wrong address :-) Please disregard this message. On Thu, Feb 9, 2017 at 9:08 AM moon <m...@zepl.com> wrote:
> please keep following buckets > > apache-zeppelin > helium-package > helium-package-log > nflabs > zepl-audit > zeppelinhub > zeppelinhubstatic > > not sure about below > zeppel.in/zepplica > zeppel.in/integration-modules > and many other under zeppel.in/ bucket. > > > On Thu, Feb 9, 2017 at 1:09 AM Hyung Sung Shim <hss...@nflabs.com> wrote: > > Hi. team. > I want to clean up the S3 buckets for the security. > so please tell me the bucket path that should be not removed until this > week(2/10). > Thanks. > > > 2017-02-08 14:49 GMT+09:00 moon <m...@zepl.com>: > > > Thanks Shim summarizing and taking a lot of action items! > > > > > > On Wed, Feb 8, 2017 at 2:45 PM Hyung Sung Shim <hss...@nflabs.com> > wrote: > > > >> Hi. > >> > >> We (moon, anthony, sam, shim) just had meeting about the security. > >> > >> *Talked About * > >> 1. AWS console login. > >> - MFA (Multi-Factor Athentication) > >> > >> 2. User Access key/Secruity key. > >> - IAM > >> - STS (Secure Token Service) > >> - Set restrict resources. > >> > >> 3. Application/EC2 instance security > >> - apply AWS Inspector > >> > >> 4. Data security > >> - Data backup > >> - monitoring backup (Alert when failing backup..) > >> - Restrict S3 backup path > >> > >> *Action items.* > >> 1. set IAM policy. (shim) > >> 2. set restrict resources. (shim) > >> 3. MFA (Multi-Factor Athentication) (shim) > >> 4. STS (security tocken) (shim) > >> 5. Restrict S3 path (shim) > >> 6. Data backup (shim) > >> 7. monitoring(notification) backup (Alert when failing backup..) (shim) > >> 8. notebook data security. > >> - we need more research for this so we will get the meeting next > >> Wednesday(2/15 13:00~) > >> 9. apply AWS Inspector (we need to research) > >> 10. apply AWS Key Management Service(KMS) (we need to research) > >> > >> Let me the 1~7 action items until this week. > >> Feel free to attache things that i missed. > >> Thanks. > >> > >> > >> > >> 2017-02-07 18:48 GMT+09:00 Hyung Sung Shim <hss...@nflabs.com>: > >> > >> Good idea. > >> 2017년 2월 7일 (화) 오후 6:31, moon <m...@zepl.com>님이 작성: > >> > >> It's matter of time the same incident happening again, unless we find > the > >> reason and fix the problem. > >> > >> And this time, we were lucky. Hackers just ran a lot of instance and > mine > >> bit-coin, which is matter of we paying aws a lot of money. > >> However if next time, hackers leak our customers notebooks, that will be > >> matter of closing company. > >> > >> So, shell we have a emergency meeting for securing our service tomorrow? > >> from 1-4pm. > >> Agenda is > >> > >> 1. List possible reasons of today's incident. > >> 2. Make a action item to address all the possible reasons. > >> 3. Assign people each action item. > >> > >> This meeting will be held in office. If needed, i can open hangout. > >> Everyone is free to join, but i would say Shim and Anthony is mandatory. > >> > >> I think there will be a lot of action items created. And each of them > >> needs different talents. So don't be too surprised when some tasks are > >> assigned to you even you weren't in the meeting. > >> > >> Thanks, > >> moon > >> > >> On Tue, Feb 7, 2017 at 5:45 PM Sejun Ra <se...@zepl.com> wrote: > >> > >> Send me all the info you can get. I'll send it to Amazon. > >> On Tue, Feb 7, 2017 at 12:43 AM moon <m...@zepl.com> wrote: > >> > >> I think 2) knowing exact reason is not easy while AWS doesn't provide > log > >> who call the API without using CloudTrail (just setup this guy). > >> > >> On Tue, Feb 7, 2017 at 5:20 PM moon <m...@zepl.com> wrote: > >> > >> To ask Amazon a favor, I think we need > >> > >> 1. List up all the ec-2 instance Id > >> 2. What was compromised and how we fixed. > >> > >> > >> On Tue, Feb 7, 2017 at 5:15 PM Hyung Sung Shim <hss...@nflabs.com> > wrote: > >> > >> Hi all. > >> > >> EC2 instances were launched abnormally at the same time each Regions. > >> Summary are like as following. > >> > >> *Virginia : 80 ea* > >> February 2, 2017 at 2:08:28 PM UTC+9 : 50 ea > >> February 2, 2017 at 2:07:40 PM UTC+9 : 30 ea > >> > >> *California :** 19 ea* > >> February 2, 2017 at 2:11:27 PM UTC+9 : 19 ea > >> > >> *Oregon : ** 9 ea* > >> February 2, 2017 at 2:13:05 PM UTC+9 : 9 ea > >> > >> *Ireland : ** 20 ea* > >> February 2, 2017 at 2:10:11 PM UTC+9 : 20 ea > >> > >> *Singapore :** 20 ea* > >> February 2, 2017 at 2:14:35 PM UTC+9 : 20 ea > >> > >> *Sydney : ** 20 ea* > >> February 2, 2017 at 2:15:52 PM UTC+9 : 20 ea > >> > >> *Tokyo : 20 ea* > >> February 2, 2017 at 2:17:15 PM UTC+9 : 20 ea > >> > >> *Sang Paulo : 20 ea* > >> February 2, 2017 at 2:19:38 PM UTC+9 : 20 ea > >> > >> We need to ask AWS team about informations(why and how to created > >> instances) and money!! > >> > >> You can refer to attached file for detail. > >> Thanks. > >> > >> -- > >> -- > >> sejun ra > >> http://www.nflabs.com > >> @zeppelinx > >> #apachezeppelin > >> > >> > >> > >