[lug] Why is it SO easy to destroy cloud environments?
John Hernandez
jph at jph.net
Tue Oct 9 09:35:26 MDT 2012
It's like a modern-day 'rm -rf /' ;)
On Sat, Oct 6, 2012 at 2:50 PM, Rob Nagler <nagler at bivio.biz> wrote:
> Jim, I can't make your talk.
>
> I would be curious for you to answer this question: What's the use of
> this command?
>
> juju destroy-environment
>
> While I understand if you are "playing around", it's really useful to
> tear down your toy environments quickly. However, in ANY production
> environment, there is no good reason for this command to exist.
>
> Linode, Amazon, and a variety of out cloud providers all allow you to
> cancel your account with a few clicks of your mouse, and possibly a
> password, and an "are you sure?"
>
> Perhaps I'm naive, but I have a hard time believing most people's
> environments are so secure that no one could ever walk up to a
> sysadmin's computer and shutdown the entire show with "juju
> destroy-environment".
>
> I've asked Linode why they have this, and they say it is convenient,
> and with IP restrictions and such, you have enough protection.
>
> If you read We Are Anonymous, you will know that script kiddies (which
> is all the anons were, after all), could bring down major players
> quite simply. All it took for Sony, for example, was one buggy
> WordPress site (Ghostbusters) to allow the anons to infiltrate the
> entire Sony network. Sony was down for a few weeks, but it had
> offline backups and such, and afaik, the anons didn't trash anything,
> just copied emails, coupons, and source code. The reason Sony was
> down was to put in better security measures.
>
> What happens to the average cloud-based business which relies on their
> VMs being backed up by said cloud providers? Indeed, how would you
> backup your EC2 locally if you only know how to use juju and the web
> console for your computers? What if a hacker social engineers one of
> your employees or blackmails them?
>
> Sorry, for the rant, but all this talk about the ease of cloud
> deployments makes me very nervous that some bad boy can take down
> major portions of our economy with a few clicks...
>
> Rob
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
More information about the LUG
mailing list