DevOps Zone is brought to you in partnership with:

Co-Founder/ COO of CloudCheckr Inc. CloudCheckr Inc. provides a comprehensive solution (CloudCheckr Pro) that addresses the infrastructure reporting, monitoring, and control needs of AWS users through automated and customizable reports, alerts, and recommendations. Its cost, security, resource, best practice, and change monitoring analytics and features allow users otherwise unavailable insight into their deployments and usage. CloudCheckr Pro is designed to help users optimize their deployment. Aaron has posted 5 posts at DZone. You can read more from them at their website. View Full User Profile

5 Simple Tips to Improve Your AWS Security

07.09.2013
| 1842 views |
  • submit to reddit

A key advantage of AWS is that it is dynamic and can be scaled according to need. That advantage, however, can cause security nightmares. With that in mind, here are 5 easy tips to insure that you keep up your end of the bargain.

1.  Use ‘least privileging’ when permissioning. What does this mean? It means use either the templates AWS provides or create your own to insure that users are not given more access than
they require. This is especially critical when considering programs that are gaining API access. Do not over permission and carefully control privileges.

2.  Create strong IAM policies and continually monitor them. AWS allows MFA. Use it for privileged accounts.Similarly, create and enforce policies to insure that passwords are appropriately complex and secure for all accounts. Ensure that your security groups are properly configured and permissioned.

3.  Secure your S3 buckets. At CloudCheckr, we conducted a random review of 400 accounts and found that over 30% of all users had S3 buckets with ‘view’, ‘edit’, or ‘upload/delete’ permissions set to everyone. This allows malicious users easy access.

4.  Monitor your resource usage. Effective security requires vigilance. You should set CloudWatch alerts and pay attention to your regular utilization metrics. CloudWatch offers basic utilization metrics that are appropriate for small deployments. Advanced users typically require more in-depth analytics that looks deeper into utilization and extends beyond CloudWatch’s 2 week reporting period. These solutions are available from a variety of 3rd party providers. Without comprehensive analytics and awareness, it is far more
difficult to accurately assess CloudWatch alerts and detect unusual activity.

5.  Track changes to your deployment. Given AWS’ dynamic nature, even a medium size deployment undergoes numerous changes on a daily basis. Each change needs to be monitored to insure that proper configuration, IAM, and security protocols are followed. The tracking can be done either manually or with an automated tool.

 

Following these 5 tips will quickly and dramatically improve your security posture. The issues raised represent the most common issues surrounding AWS usage. The list is not, however, the last word on security. There are, of course, a multitude of other concerns that must be followed.

Unlisted, but perhaps most importantly, security requires vigilance. AWS presents a dynamic environment and its users need to adapt to that reality. This means that you should be monitoring and reviewing your deployment, its resources, and its changes regularly. Whether conducted manually or through an automated solution, this review is essential to maintaining your security posture.




Published at DZone with permission of its author, Aaron Klein.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Maggie Brown replied on Wed, 2014/01/22 - 12:25pm

Why would anyone allow complete strangers to edit or upload their content? They clearly have no idea about data security. They should check out http://www.trendmicro.com/us/enterprise/data-protection/index.html and learn more about online threats and how you can defend yourself against hackers before they are targeted as potential victims.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.