-
Notifications
You must be signed in to change notification settings - Fork 0
/
E1T4.txt
20 lines (14 loc) · 817 Bytes
/
E1T4.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Based on the architecture diagram, and the steps you have taken so far to upload data and access the application web service, identify at least 2 obvious poor practices as it relates to security. Include justification.
# Poor practice 1
- Unencrypted secret recipes: assuming only that the data won't be accessed is
not enough to make sure that it is secure. Besides protecting the location, it
is also crucial to encrypt the content assuring that if malicious activity
reaches the data it can't read it.
# Poor practice 2
- Machine protection using password: allows brute force attackers to access the
machine by guessing the password combination.
# Bonus poor practices
- Unprotected secret bucket
- Poor routing among instances
- Access to machines using keys/passwords
- Security groups too opened