Lackluster security controls in one of Google's cloud services for data scientists could allow hackers to create applications, execute operations, and access data in Internet-facing environments.
If an attacker is able to achieve initial server compromise in an exposed cloud environment, they could take advantage of missing security checks to reach connected resources, such as data scientists' reams of sensitive data.
They could also toy with their cloud environments in myriad other ways.
Exposed Dataproc in Default Private Cloud Dataproc's issues begin with the fact that its two Web interfaces used for every master node - YARN ResourceManager on port 8088 and Apache's Hadoop Distributed File System NameNode on port 9870 - don't require any authentication.
Google Cloud comes packaged with a default virtual private cloud called Compute Engine, which, while limiting most inbound connections, does not limit any connections within an organization's internal subnetwork.
If an attacker can breach and execute code in the default VPC - say, if it's left open to the Internet - they have a path to access Dataproc clusters because those two interfaces are left open by default.
The researchers brought their findings to Google, but the issue has not yet been resolved.
Google also has not responded to Dark Reading's request for comment on this story.
Nisimi says that Google could implement a fix rather easily.
Avoiding Cyber-Risk in Exposed Dataproc To address such possibilities, the researchers recommended that Dataproc admins practice effective vulnerability management and properly segment their networks by creating independent clusters in different subnets, without cross-contamination with other services.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 12 Dec 2023 19:35:25 +0000