The five biggest mistakes users of Amazon Cloud
The resources in the cloud are one tool that has been massively data traffic on the Internet. But as the cloud makes everything much simpler and mobile, so exposed to the dangers that exist behind a theoretically safe tool.
We say “theoretically safe” because in the speech of sale it is certainly in practice seems to be, but the reality is often all a mess for those who can not understand how some Security measures are vital for those service correctly. I always remember what a friend said about home security geek “A misconfigured firewall can be as safe as leaving the keys to your house, inside your house with the window open.”
Newvem is a company specializing in analytical resources management in the cloud, and based on the analysis of service users of Amazon Cloud ( AWS, Amazon Web Services ), one of the most popular Internet, detailed a list of the five biggest blunders of the users of these services. They also include some interesting (or obvious) advice note and be cautious with our own cloud resources:
- Leave the database server IP ports open to the world. In general, there is no reason why database servers provide a direct and open access from the network. The database entry should run through web or application servers, which act as buffer.
- Open access to the IP ports of all internal servers AWS. Estes is an easy mistake to make, but can be fatal and very costly. It can happen when you set up a general safety rule to permit access to a range of IP – 10.0.0.1 / 8.
- Let IP ports open to all IP addresses. The best practice is to keep the ports open to the outside and only minimal access to services that really require Internet access, as with the port 80 for HTTP and port 443 HTTPS.
- Allow access to critical IP ports from public Internet IP addresses. These ports are similar to the ports database mentioned in point 1, but services like Memcached can expose a cloud environments at risk of being accessible from any unknown IP . In general it is limiting recomedable IPs only from private networks.
- Leave the service Amazon Machine Images (AMI) with public access. AMI often contain sensitive data that could cause an increased risk of data loss but it seems a fairly common practice among users. The rule of thumb: When you create an AMI, sure to set policies on private use.
Apart from emphasizing that such errors are often committed by users seeking to optimize their performance or expand cloud Newvem also suggests using some optimization tools as Cloudability or Cloudy, which usually offer recommendations to improve safety on our cloud data set.
Link: The 5 biggest mistakes users make in Amazon’s cloud (GigaOM)Tags: Amazon Web Services, Cloud Computing, Security, Tips