Amazon Cloud Attacked – Lessons Learned

As mentioned in prior posts, Cloud security and addressing the risks that exist (the new risks and the new tools to address these risks) is fundamental to ensuring a successful and beneficial use of the Cloud provider environments.  The RSA London conference held several strong documents highly to help approach the best practices for cloud security.  The two most commonly referenced were:

A nice article (October 2009 “Amazon EC2 attack prompts customer support changes“) posted on TechTarget highlights the Denial of Service Attack against a hosted website on AWS EC2.  Check out the article here.  Overall the results from this attack were very promising for instilling confidence in Amazon AWS, but also highlights the duties and next steps in evolving beyond simply “starting instances” on the Cloud.  A few of the key points that jumped from the screen, and should be carefully considered include:

  • “The problem was that no one could see the complete picture…” AWS took 18 hour to respond to attack – primarily the result that the backend AWS environment (internal IP traffic) was just fine, but the outside public facing IP was bogged down.
  • AWS responded immediately to fix the issue – demonstrating their dedication to ensuring a great operating environment
    The target organization acknowledged that “they weren’t taking full advantage of AWS’s unique characteristics.” to reduce the impact of this type of attack.  Indeed it is the availability of new enterprising environments and access to a broad set of resources that makes the Cloud such a rich platform.
  • There are ways and means of improving the operational integrity of solutions leveraging the Cloud but it requires, Peter DeSantis VP of AWS EC2 states that “customers take proactive measures, such as distributing instances for redundancy and safety. He said that there were distinct advantages in a cloud computing environment that many weren’t aware of or haven’t learned about…We are underplaying tools that are at people’s disposal…”
  • A great set of lessons are further elaborated in the article.  An additional observation – no other customer operating environments were reportedly impacted, which speaks very positively for Amazon’s architecture and current deployment.

Other thoughts and concerns?

Best,

James DeLuccia IV

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s