Best Practices for Securing Amazon EC2

This post was originally published here by gregg rodriguez.

As enterprises move applications from traditional data centers to a public or hybrid cloud , their legacy security model also needs to change to support the new environment. For example, in the Amazon Web Services (AWS) environment, AWS is responsible for securing the data center infrastructure and network, while you maintain responsibility for the security of your application workloads. AWS refers to this concept as the “Shared Responsibility Model.”

As part of the Shared Responsibility model, you are still expected to ensure that your server workloads are all secure and that they meet the compliance requirements of regulations such as PCI DSS, SOC2, HIPAA/HiTECH, and FISMA.

What is Amazon EC2?

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the AWS cloud by eliminating the need to invest in hardware up front, so you can develop and deploy applications faster, by enabling you to:

• Launch as many or as few virtual servers as you need, configure security and networking, and easily manage storage, and
• Scale up or down to handle changes in requirements, or spikes in popularity, reducing your need to forecast traffic.

What are the Risks to a Misconfigured Amazon EC2?

• If EC2 instances are misconfigured, unauthorized actors could gain access to or control of your workloads. This could lead to a variety of issues from data exfiltration to altering behavior of systems to maintaining consistent access to direct theft of computing resources.
• Not using “Golden” approved Amazon Machine Images (AMI) may cause instability, slow application deployment and put your application stack upgrade at risk.
• Not using AMI naming convention will cause inconsistency within the selected environment and make it difficult to: Identify the AMI location and usage, distinguish similar resources from one another, avoid naming collisions, and improve clarity.
• If your sharing AMIs publicly then it is possible for anyone to launch instances using your AMI and access this data, as frequently AMIs will contain data that is specific to your organization.
• Unrestricted access to services like CIFS, Telnet, RDP, databases, and uncommon ports can allow for network-based attacks.

How Does Halo Cloud Secure Help?

Halo checks, monitors and alerts you to ensure that your AWS EC2 service is properly configured and the necessary security controls are in place:

• If EC2 instances are misconfigured, unauthorized actors could gain access to or control of workloads. This could lead to a variety of issues from data exfiltration to altering behavior of systems to maintaining persistent access to direct theft of computing resources.
• Not using “Golden” approved Amazon Machine Images (AMI) may cause instability, slow application deployment and put your application stack upgrade at risk.
• Not using AMI naming convention will cause inconsistency within the selected environment and make it difficult to: Identify the AMI location and usage, distinguish similar resources from one another, avoid naming collisions, and improve clarity.
• If your sharing AMIs publicly then it is possible for anyone to launch instances using your AMI and access this data, as frequently AMIs will contain data that is specific to your organization.

Halo works across any cloud or virtual infrastructure: public, private, hybrid, multi-cloud or virtualized data center — including bare metal.

Learn more about how Halo Cloud Secure can help you reduce your AWS attack surface. You can read more about our AWS solutions here, or request a customized demo.  

Photo:IFSEC Global