[cs615asa] Black Team Links [Week 12]

Robert Herley IV rherley at stevens.edu
Mon Apr 22 14:53:01 EDT 2019


Hi everyone,

This week, the Black Team researched a new tool for secrets and sensitive
data management called Vault, by HashiCorp. Key manangement can be a huge
pain point for system administrators that use on-prem and/or IaaS
platforms, such as AWS or GCP. Key leakage can have a major impact on the
quality of an application, and the process of securing and distributing
secrets correctly is of utmost importance.

Vault acts a central secret store, which is responsible for the access and
distribution secrets such as API keys, AWS credentials, X.509 certificates,
SSH keys, and more. In a tradition enviroment, secrets are usually stored
and centralized using static IP solutions that don't scale with the rest of
the infrastructure. Vault's goal is to operate within a dynamic
infrastructure without a clear network perimeter. Their approach is to use
low-trust networks in public clouds with security enforced by identity. By
authenticating against trusted sources such as Active Directory or LDAP,
Vault enables "grained authorization" of which users and applications are
permitted access to secrets and keys. [1]

Companies such as Hulu and Barclays use Vault within their infrastructure,
and even Adobe adapted Vault into their stack, which was used to securely
handle over 100 trillion transactions. [2]

References
[1] https://www.hashicorp.com/products/vault/
[2] https://www.youtube.com/watch?v=ZzsKNQaIDPk

-- 
*Robert Herley*
Computer Science '19 | Stevens Institute of Technology
(631) 896-7161 | www.robherley.xyz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20190422/c29aaabb/attachment.html>


More information about the cs615asa mailing list