Sunday, August 5, 2012

Security on the AWS cloud

I have been working with EC2 in my free time (what's that?) and realised some bad information had been spread about how to get your instances to talk with one another. By default, the instances do not respond to pings or nmap's from other machines due to very restrictive firewall settings. This is a good thing. The bad thing was that I was reading on forums that setting your All ICMP, All UDP, and All TCP firewall settings to 0.0.0.0/0 was the easiest fix. While this is true, it is the easiest fix, it isn't very secure. I was able to nmap a small subnet inside the EC2 cloud (internal network, not external) and found 30 machines responding. When you put 0.0.0.0/0, you let everyone inside that network ping, port scan, and connect to your computer. By being more granular, and setting your firewall rules to the specific instances that you want talking (111.222.122.123/32), you are protecting your machine from threats inside this cloud network. Setting your All ICMP, All UDP, and All TCP to 0.0.0.0/0 is just opening yourself up needelessly for an attack. It may take you an extra 5 minutes to create a rule for each host you want communicating.

No comments:

Post a Comment