AWS  (Amazon Web Services), Risks associated and how to stay safe

Last week we saw a report that states Magecart skimmer was found on Amazon CloudFront – a Content Delivery Network (CDN). Amazon CloudFront Content Delivery Network hosted JavaScript libraries that were tempered with and injected with Magecart skimmer. In February, 2018 approximately 12,000 social media influencer’s personal information got exposed by a misconfigured Amazon Web Service.

More companies are leveraging to cloud services like AWS — Amazon Web Services, the threat landscapes are evolving. So to minimize the risk of cyber attack and to secure our data on cloud services like AWS — Amazon Web Services, Organizations should develop proactive, comprehensive security strategies.

What is AWS — Amazon Web Services – AWS — Amazon Web Services is a subsidiary of Amazon, official website . AWS — Amazon Web Services provides on-demand cloud computing platforms to individuals, companies and governments. Amazon Web Service was launched on 2006. Present CEO of Amazon Web Service is Andy Jassy.

Have a look at benefits of using AWS — Amazon Web Services

  • Easy to use: AWS — Amazon Web Services provides well-documentation. So anyone can use AWS — Amazon Web Services with ease.
  • AWS — Amazon Web Services provides speed and Agility: – In AWS — Amazon Web Services you can able to ready your servers in minutes and you can deploy your applications on that server easily.

Risk of using cloud computing like AWS — Amazon Web Services – Risk associated with cloud adoptions are as follows

  • End Users have lower visibility and control on their data stored on the cloud
  • Your confidential credential can be stolen, your account data can be compromised
  • You may face attacked by malware, nation or state sponsored threat actors.

How to secure your Data on AWS — Amazon Web Services

Prioritizing a Security Strategy – You should prioritize your security strategy over control and tools. As per report “Putting the strategy first also enables you to integrate security into all business functions — especially operations and development team workflows. This can be a huge help with continuous deployment, in particular. “

Always enable CloudTrail, if you are using AWS — Amazon Web Services – If you enable CloudTrail, you generate a log file, where you will get logs of all user activity in AWS — Amazon Web Services. Benefits of enabling CloudTrail is simplified compliance, security analysis, troubleshooting, visibility into user and resource activity and Security automation.  Amazon describe this at https://aws.amazon.com/cloudtrail/ as “ AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.”

Enable CloudTrail log validation – Besides enabling CloudTrail on AWS — Amazon Web Services, you should also enable CloudTrail log validation, this would give you the option to identify any changes to log file.

Use strong and complex password – Always use a strong and complex password from AWS — Amazon Web Services. Use password of at least 14 characters. A complex and strong password will increase your AWS — Amazon Web Services account security. Use a combination of uppercase and lowercase letters, numbers, and special characters. Frequently change your passwords, and never reuse your passwords.

Secure your root account with multifactor authentication – Always enable Multifactor Authentication on your root account, because root account give you access to all your AWS — Amazon Web services resources.

Never use access keys with root account – You should never access keys with root account, if you do so, your account can be easily compromised by someone.

Commonly use ports should be restricted –  Commonly used ports such as FTP, MongoDB, MSSQL, SMTP, DNS, CIFS should be restricted.

You may restrict CloudTrail log access, be alert when you are deleting CloudTrail bukcets, better if your enable multifactor authentication when you are deleting CloudTrail buckets, you can also set accounts to automatically delete if you are not using those accounts, meaning you can delete inactive accounts, you can also encrypt log files to protect them.