Amazon Cloud Journal on Ulitzer

Following on from my last post, Securing Applications on the Amazon Elastic Cloud, One of the biggest questions I often see asked is “Is Amazon EC2 as a platform secure”? This is like saying is my vanilla network secure?  As you do to your internal network you can take some steps to make the environment as secure as you can, such as:

- First read the Amazon Security Whitepaper and the Amazon discussion of Security processes

- Ensure the system key is encrypted at start-up

- Ensure you plan for load balancing in case an instance goes down. Ensure you understand all the security implications of this and harden any other instances.

- Test or emulate the performance of applications deployed to the cloud in all geographies where you plan to deploy them. The latency could vary greatly for each.

- Never ever allow password base authentication for shell access.

- Encrypt all network traffic always.

- Always encrypt everything stored on S3

- Encrypt file systems for Block devices

- Open only the minimum required ports

- Include no authentication information in any AMI images

- Think about how your system can be hardened and what is out there such asSELinux, PAX,  ExecShield etc

- Don’t allows any decryption keys into the cloud – understand the perils of keys and security

- Install host based intrusion detection system such as OSSEC

- Regularly backup Amazon instances and store them securely.

- Use Security Groups. With EC2 security groups, you can completely isolate every tier, even internally to the EC2 cloud. Multiple security groups can be used to lock down the ports and you can use a special security group to allow in-group communication

- Design in a way you can issue security patches to AMI instances

- If you are using private data off-cloud consider Amazon VPC, OpenVPN, or VPN-Cubed

Syndicated from my Cloud Blog.