Home page logo

basics logo Security Basics mailing list archives

RE: AWS and security
From: "Mikhail A. Utin" <mutin () commonwealthcare org>
Date: Tue, 10 Jul 2012 12:03:28 -0400

As you've used the cloud service for a while, have you ever run in "personal information", "compliance to regulations", 
or simply "data owner responsibility" questions? This is legal part of data outsourcing, which is largely ignored.
So, what is you experience and thoughts?


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Warner Tabor
Sent: Tuesday, July 10, 2012 9:42 AM
To: Sean Simpson
Cc: security-basics () securityfocus com
Subject: Re: AWS and security


    We've been using AWS for 3 years now to host our web and app servers without incident. If you make proper use of 
EC2 Security Groups you can lock things down pretty tightly. I think that as long as you do your due diligence as far a 
security is concerned and make sure you are using known good AMI's (ones that are provided by Amazon, for example,) I 
don't think that you'll be at any higher risk for attack than hosting in a co lo. Perhaps other will disagree, and I 
can only provide my own anecdotal evidence, but I haven't heard any security horror stories myself. Also, while doing 
your study, consider the tools that AWS and other similar cloud services offer you and compare that to a co lo. You 
have the ability to launch, test, provision and scale your app in a very fluid and dynamic way. Services like ELB with 
Sticky Sessions allow you to load balance your app very easily without worrying about a whole lot of configuration, 
extra SSL certs, etc. AWS has certainly allowed us to move far more quickly than we would have if we were hosting on 
site or in a co lo.

CIO, Jamestown Distributors

On Jul 9, 2012, at 3:33 PM, Sean Simpson wrote:

Hi all, I've been assigned to evaluate AWS as an alternative to our current colocation situation and I'm wondering if 
anyone knows of any reports detailing the regularity, or lack thereof, of security incidents at AWS.  I have been 
positing to the "deciders" an analogy of colos being like hot tubs... some you just don't want to go near, and Amazon 
makes me a nervous, so I'm looking for some hard data on rates of viral infestations, DDoS's on the network, script 
kiddy attacks on servers, etc.  Anyone know of any resources for me, or have comments one way or the other?

Sean Simpson
Senior Server/Web Developer
sean () stitcher com

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]