Abstract image of a woman sitting on books and studying on a laptop

The Dark Side of Monitoring

Download as PPTX, PDF
Soluto, profile picture
Soluto

The document discusses the concepts of black box and white box monitoring within the context of system observability and threat modeling. It highlights potential vulnerabilities that can arise from these monitoring techniques and suggests mitigations such as least privilege and access restrictions. The key takeaway emphasizes the importance of treating monitoring as code and conducting thorough threat modeling to prevent exploitation.

Technology
Related topics:
Information Security
1 of 63
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
@omerlh The Dark Side of Monitoring Omer Levi Hevroni May 2019
@omerlh Observability https://www.navantis.com/managed-monitoring/
@omerlh Can Hackers Use It Too?
@omerlh I’m a builder @omerlh
@omerlh DevSecOps @
@omerlh Threat Modeling?
@omerlh Threat Modeling? ● What are we building? ● What can go wrong? ● What are we doing about it? ● Did we do a good job?
@omerlh What is Monitoring?
@omerlh
@omerlh
@omerlh Black Box Monitoring White Box Monitoring https://landing.google.com/sre/sre-book/chapters/monitoring-distributed-systems/
@omerlh Let’s Dive In!
@omerlh White Box Monitoring
@omerlh Threat Modeling ● What are we building? ● What can go wrong? ● What are we doing about it? ● Did we do a good job?
@omerlh White-box Monitoring Monitoring based on metrics exposed by the internals of the system, including logs, interfaces like the Java Virtual Machine Profiling Interface, or an HTTP handler that emits internal statistics.
@omerlh White-box Monitoring for Kubernetes ● Probes (liveness/readiness) ● Prometheus
@omerlh Probes
@omerlh What are we building?
@omerlh Probes
@omerlh Why? ●Check dependencies ○ Databases ○ Other micro-services ●Kill services if it misfunction before users experience it
@omerlh Code Example https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks
@omerlh What Can go wrong?
@omerlh Exploiting liveness - information disclosure
@omerlh Exploiting liveness – Denial of Service
@omerlh
@omerlh What are we doing about it?
@omerlh Block access https://www.edureka. co/community/19277/ access-some- specific-paths-while- using-kubernetes- ingress?show=19278 #a19278
@omerlh Caching Source code - Kamus
@omerlh Prometheus
@omerlh What are we building?
@omerlh Prometheus ● Monitoring system ● Time-Series database ● Alerting system ● Auto-discovery https://prometheus.io/
@omerlh Prometheus Scraping Model
@omerlh What Can go wrong?
@omerlh Exploiting Prometheus - information disclosure
@omerlh
@omerlh Some interesting metrics...
@omerlh What about this metric?
@omerlh Here is the code behind it…
@omerlh What Can We Do About It?
@omerlh Block access https://www.edureka. co/community/19277/ access-some- specific-paths-while- using-kubernetes- ingress?show=19278 #a19278
@omerlh Prometheus Metrics Limit https://www.omerlh.info/2019/03/04/keeping-prometheus-in-shape/
@omerlh Did we do a good job?
@omerlh Threat Modeling ● What are we building? ● What can go wrong? ● What are we doing about it? ● Did we do a good job?
@omerlh Black Box Monitoring White Box Monitoring https://landing.google.com/sre/sre- book/chapters/monitoring-distributed-systems/
@omerlh Movie Streaming
@omerlh What are we building?
@omerlh Black-box Monitoring Testing externally visible behavior as a user would see it.
@omerlh Our Monitoring System
@omerlh What Can go wrong?
@omerlh STRIDE S – Spoofing T – Tampering R – Repudiation I – Information Disclosure D – Denial of Service E – Elevation of Privileges
@omerlh Spoofing
@omerlh Information Disclosure
@omerlh Repudiation
@omerlh Denial of Service
@omerlh What are we doing about it?
@omerlh Potential Mitigations ● Least Privilege ● Block access ● Tracing ● Limit to test data only
@omerlh Did we do a good job?
@omerlh http://www.applestory.biz/hermione-hand-raise-gif.html Questions?
@omerlh Can Hackers Use It Too?
@omerlh Key Take Away ● Monitoring is just code ● Careful when exposed to the internet ● Use cache when possible ● Conduct threat model for black-box monitoring
@omerlh Feedback appreciated
@omerlh Observability https://www.navantis.com/managed-monitoring/
@omerlh Thank You! Omer Levi Hevroni April 2019

More Related Content

PDF
Learn How To Embrace Conflicts
Lea Böhm
 
PPTX
STRUCTURE
Petter Zugaib
 
PDF
Building Better Products By Building Better Teams
Fresh Tilled Soil
 
PPTX
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Brian Brazil
 
PPTX
An Introduction to Prometheus (GrafanaCon 2016)
Brian Brazil
 
PDF
An Introduction to Prometheus
Evgeny Shmarnev
 
PPTX
Evolution of Monitoring and Prometheus (Dublin 2018)
Brian Brazil
 
PPTX
Prometheus - Open Source Forum Japan
Brian Brazil
 
Learn How To Embrace Conflicts
Lea Böhm
 
STRUCTURE
Petter Zugaib
 
Building Better Products By Building Better Teams
Fresh Tilled Soil
 
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Brian Brazil
 
An Introduction to Prometheus (GrafanaCon 2016)
Brian Brazil
 
An Introduction to Prometheus
Evgeny Shmarnev
 
Evolution of Monitoring and Prometheus (Dublin 2018)
Brian Brazil
 
Prometheus - Open Source Forum Japan
Brian Brazil
 

Similar to The Dark Side of Monitoring (20)

PPTX
What does "monitoring" mean? (FOSDEM 2017)
Brian Brazil
 
PDF
Your data is in Prometheus, now what? (CurrencyFair Engineering Meetup, 2016)
Brian Brazil
 
PDF
Hacking Kubernetes Threat Driven Analysis and Defense 1st Edition Andrew Martin
noniqclarah
 
PDF
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Brian Brazil
 
PPTX
Prometheus (Prometheus London, 2016)
Brian Brazil
 
PDF
Microservices and Prometheus (Microservices NYC 2016)
Brian Brazil
 
PDF
Prometheus (Microsoft, 2016)
Brian Brazil
 
PDF
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
GetInData
 
PPTX
The Art of Container Monitoring
Derek Chen
 
PDF
Monitoring - deeper dive
Robert Kubiś
 
PPTX
Prometheus for Monitoring Metrics (Percona Live Europe 2017)
Brian Brazil
 
PPSX
Service Mesh - Observability
Araf Karsh Hamid
 
PDF
Prometheus - basics
Juraj Hantak
 
PDF
Prometheus Introduction (InfraCoders Vienna)
Oliver Moser
 
PPTX
Prometheus for Monitoring Metrics (Fermilab 2018)
Brian Brazil
 
PDF
Building an Observability Platform in 389 Difficult Steps
DigitalOcean
 
PDF
Infrastructure & System Monitoring using Prometheus
Marco Pas
 
PPTX
Prometheus Training
Tim Tyler
 
PDF
Monitoring kubernetes with prometheus
Brice Fernandes
 
PPTX
Prometheus (Monitorama 2016)
Brian Brazil
 
What does "monitoring" mean? (FOSDEM 2017)
Brian Brazil
 
Your data is in Prometheus, now what? (CurrencyFair Engineering Meetup, 2016)
Brian Brazil
 
Hacking Kubernetes Threat Driven Analysis and Defense 1st Edition Andrew Martin
noniqclarah
 
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Brian Brazil
 
Prometheus (Prometheus London, 2016)
Brian Brazil
 
Microservices and Prometheus (Microservices NYC 2016)
Brian Brazil
 
Prometheus (Microsoft, 2016)
Brian Brazil
 
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
GetInData
 
The Art of Container Monitoring
Derek Chen
 
Monitoring - deeper dive
Robert Kubiś
 
Prometheus for Monitoring Metrics (Percona Live Europe 2017)
Brian Brazil
 
Service Mesh - Observability
Araf Karsh Hamid
 
Prometheus - basics
Juraj Hantak
 
Prometheus Introduction (InfraCoders Vienna)
Oliver Moser
 
Prometheus for Monitoring Metrics (Fermilab 2018)
Brian Brazil
 
Building an Observability Platform in 389 Difficult Steps
DigitalOcean
 
Infrastructure & System Monitoring using Prometheus
Marco Pas
 
Prometheus Training
Tim Tyler
 
Monitoring kubernetes with prometheus
Brice Fernandes
 
Prometheus (Monitorama 2016)
Brian Brazil
 
Ad

More from Soluto (20)

PPTX
Solving trust issues at scale - AppSec California
Soluto
 
PPTX
Solving trust issues at scale
Soluto
 
PPTX
Things I wish someone had told me about Istio, Omer Levi Hevroni
Soluto
 
PPTX
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Soluto
 
PPTX
FTRD - Can Kubernetes Keep a Secret?
Soluto
 
PPTX
Hacking like a FED
Soluto
 
PPTX
Monitoria@Icinga camp berlin
Soluto
 
PPTX
Can Kubernetes Keep a Secret?
Soluto
 
PPTX
Kamus intro
Soluto
 
PPTX
Secure Your Pipeline
Soluto
 
PDF
React new features and intro to Hooks
Soluto
 
PPTX
Secure the Pipeline - OWASP Poland Day 2018
Soluto
 
PDF
Monitoria@reversim
Soluto
 
PPTX
Languages don't matter anymore!
Soluto
 
PPTX
Security Testing for Containerized Applications
Soluto
 
PPTX
Owasp glue
Soluto
 
PPTX
Unify logz with fluentd
Soluto
 
PPTX
Storing data in Redis like a pro
Soluto
 
PPTX
Monitor all the thingz slideshare
Soluto
 
PPTX
Authentication without Authentication - AppSec California
Soluto
 
Solving trust issues at scale - AppSec California
Soluto
 
Solving trust issues at scale
Soluto
 
Things I wish someone had told me about Istio, Omer Levi Hevroni
Soluto
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Soluto
 
FTRD - Can Kubernetes Keep a Secret?
Soluto
 
Hacking like a FED
Soluto
 
Monitoria@Icinga camp berlin
Soluto
 
Can Kubernetes Keep a Secret?
Soluto
 
Kamus intro
Soluto
 
Secure Your Pipeline
Soluto
 
React new features and intro to Hooks
Soluto
 
Secure the Pipeline - OWASP Poland Day 2018
Soluto
 
Monitoria@reversim
Soluto
 
Languages don't matter anymore!
Soluto
 
Security Testing for Containerized Applications
Soluto
 
Owasp glue
Soluto
 
Unify logz with fluentd
Soluto
 
Storing data in Redis like a pro
Soluto
 
Monitor all the thingz slideshare
Soluto
 
Authentication without Authentication - AppSec California
Soluto
 
Ad

Recently uploaded (20)

PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 

The Dark Side of Monitoring