On a July morning in 2024, Minh, a system administrator at a major tech company, received an urgent email from the security team. The email reported a newly discovered, severe security vulnerability, identified as CVE-2024-6387. Minh immediately recognized the gravity of the situation and began digging into the details.

Unveiling the Vulnerability

CVE-2024-6387 is a vulnerability in OpenSSH, a critical tool widely used for remote connections to Linux servers. This flaw can lead to remote code execution and denial-of-service attacks. The vulnerability allows attackers to run arbitrary commands with root privileges, meaning they could gain complete control over the affected system.

Minh knew he needed to act immediately to protect his company's systems on the AWS cloud.

Assessing the Risk

Minh realized that if this vulnerability wasn't addressed promptly, his systems could be attacked, leading to data loss, service disruptions, and potential follow-up attacks. He knew that software updates were necessary, but he also needed a more robust solution to protect his systems.

The Amazon Inspector Solution

While searching for a solution, Minh remembered Amazon Inspector, a service he had heard about in a recent webinar but had never used. Amazon Inspector is a powerful tool that automatically scans workloads such as Amazon EC2, AWS Lambda, and container images in Amazon ECR to detect software vulnerabilities and unintended network exposure.

Minh's team decided to deploy Amazon Inspector on their systems. Amazon Inspector not only helped them detect the CVE-2024-6387 vulnerability but also scanned for other vulnerabilities and assessed them based on risk scores to prioritize remediation efforts, helping to reduce the mean time to remediate (MTTR).

While one team focused on updating affected systems to the more secure OpenSSH version 9.8p1 through AWS Systems Manager, another team began implementing temporary mitigation measures. They used AWS security features such as Security Groups and Network ACLs to restrict SSH access to only trusted IP addresses.

Amazon Inspector tiếp tục giám sát quá trình khắc phục, cung cấp báo cáo thời gian thực về tiến độ cập nhật và các lỗ hổng còn tồn tại. Điều này cho phép đội ngũ bảo mật ưu tiên các hành động cần thiết và đảm bảo không bỏ sót bất kỳ hệ thống nào

Lessons Learned

After hours of intense work, all systems were finally patched successfully. However, the story didn't end there. The experience with RegreSSHion taught Minh a valuable lesson about the importance of continuous monitoring and security updates, as well as ensuring cloud security best practices recommended by vendors and partners are implemented.

Kể từ đó, Công ty của Minh đã tích hợp Amazon Inspector sâu hơn vào quy trình bảo mật hàng ngày. Công cụ này không chỉ giúp phát hiện các lỗ hổng mới một cách nhanh chóng, mà còn cung cấp thông tin chi tiết để cải thiện tổng thể tư thế bảo mật trên AWS.

Reference for security insights on AWS cloud from CMC Telecom:

Thanh Dang
MultiCloud Director at CMC Telecom | thanh.dt@cmctelecom.vn | Website

Thanh Dang is a technology leader with extensive experience in project management and strategic cloud solutions, with 14 years of experience in application development, IT infrastructure, and cloud management.

He's also AWS Ambassador, AWS Community Builder and AWS User Group Leader in Vietnam.