Security Basics mailing list archives
RE: AWS and security
From: "Mikhail A. Utin" <mutin () commonwealthcare org>
Date: Tue, 10 Jul 2012 12:03:28 -0400
Hello, As you've used the cloud service for a while, have you ever run in "personal information", "compliance to regulations", or simply "data owner responsibility" questions? This is legal part of data outsourcing, which is largely ignored. So, what is you experience and thoughts? Regards -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Warner Tabor Sent: Tuesday, July 10, 2012 9:42 AM To: Sean Simpson Cc: security-basics () securityfocus com Subject: Re: AWS and security Sean, We've been using AWS for 3 years now to host our web and app servers without incident. If you make proper use of EC2 Security Groups you can lock things down pretty tightly. I think that as long as you do your due diligence as far a security is concerned and make sure you are using known good AMI's (ones that are provided by Amazon, for example,) I don't think that you'll be at any higher risk for attack than hosting in a co lo. Perhaps other will disagree, and I can only provide my own anecdotal evidence, but I haven't heard any security horror stories myself. Also, while doing your study, consider the tools that AWS and other similar cloud services offer you and compare that to a co lo. You have the ability to launch, test, provision and scale your app in a very fluid and dynamic way. Services like ELB with Sticky Sessions allow you to load balance your app very easily without worrying about a whole lot of configuration, extra SSL certs, etc. AWS has certainly allowed us to move far more quickly than we would have if we were hosting on site or in a co lo. -Skip CIO, Jamestown Distributors http://www.jamesowndistributors.com On Jul 9, 2012, at 3:33 PM, Sean Simpson wrote:
Hi all, I've been assigned to evaluate AWS as an alternative to our current colocation situation and I'm wondering if anyone knows of any reports detailing the regularity, or lack thereof, of security incidents at AWS. I have been positing to the "deciders" an analogy of colos being like hot tubs... some you just don't want to go near, and Amazon makes me a nervous, so I'm looking for some hard data on rates of viral infestations, DDoS's on the network, script kiddy attacks on servers, etc. Anyone know of any resources for me, or have comments one way or the other? Sean Simpson Senior Server/Web Developer sean () stitcher com http://stitcher.com
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- AWS and security Sean Simpson (Jul 09)
- Re: AWS and security Warner Tabor (Jul 10)
- RE: AWS and security Mikhail A. Utin (Jul 10)
- Re: AWS and security Warner Tabor (Jul 10)
- Message not available
- Message not available
- Message not available
- Re: AWS and security Warner Tabor (Jul 16)
- KMS Jude Cwalenski (Jul 16)
- Re: KMS Florian Rommel (Jul 16)
- RE: KMS Michael Sturtz (Jul 16)
- Re: KMS Ansgar Wiechers (Jul 16)
- Message not available
- Re: KMS Ansgar Wiechers (Jul 16)
- RE: AWS and security Mikhail A. Utin (Jul 10)
- Re: AWS and security Warner Tabor (Jul 10)
- <Possible follow-ups>
- Re: RE: AWS and security savvy95 (Jul 10)