In the recently concluded Black Hat USA, 2014, one of the topics that drew much attention was the session on the pitfalls in cloud environment security. Normally, such deliberations at security conferences are perceived as hypothetical or purely academic. However, it was different this year with security professionals becoming quite interested in this topic. The reason for this is quite obvious – just a while ago, CodeSpaces.com, a code-hosting and collaboration platform went out of business for a whole day because hackers gained access to their Amazon EC2 control panel and deleted data of hundreds of their customers.
According to Code Spaces, the worst security breach started off as a distributed denial of service (DDoS) attack. The hackers gained access to the company’s AWS control panel and left a number of messages to contact them. They had apparently attempted to extort a huge sum from Code Spaces to resolve the DDos attack. When Code Spaces tried to recover their access to the AWS control panel by changing EC2 passwords, the hackers quickly noticed the recovery attempts and deleted most of the data, backups, machine configurations, and offsite backups. In just about 12 hours, Code Spaces had to down its doors.
The death of CodeSpaces.com stands testimony to the danger that a single security attack can bring to your company. And, naturally, this high profile breach has sent shock waves among security professionals, and cloud infrastructure security is topping their agenda.
When everyone is turning towards protecting the cloud environment from attacks, it’d be prudent to analyze the basic issues and security measures.
Administrative access to the management console/administration panel of cloud services like Amazon Web Services, Office365, Google Apps, and Rackspace grant unlimited privileges. Administrators can provision a new virtual machine, remove an existing one, grant access to others, elevate user privileges, delete data, and carry out a lot of other sensitive operations.
Too often, cloud administrators take shortcuts in handling these sensitive login credentials – they are mostly stored in plain text in volatile sources such as sticky notes, spreadsheets, printouts, and text documents. Credentials are also frequently shared not securely among administrators and are normally left unchanged for an extended period, leaving the cloud services open to compromise and security attacks.
Majority of the attacks on cloud infrastructure are centered on brute force attacks on administrative credentials. Hackers always set their eyes firmly on the Keys to the Kingdom – the administrative credentials for control panel/management console and employee credentials. When administrators take shortcuts, hackers strike gold.
In fact, cloud administrative password management lies at the root of cloud security. Cloud managers should adopt a centralized, policy-based, highly secure, closely monitored, and fully automated approach to manage administrative access to cloud services like Amazon Web Services, Office365, Google Apps, and Rackspace accounts.
AWS suggests a good set of , which includes changing the keys regularly, avoiding password sharing, and enabling multi-factor authentication. Security analysts are of the view that Code Spaces had perhaps not enabled multi-factor authentication for accessing the EC2 control panel. If they had done that, the breach could have probably been prevented.
Another important best practice suggestion relates to the age-old principle of least privilege – granting only the permissions required to perform a task. AWS stresses the need to create policies for individual resources (such as Amazon S3 buckets) clearly specifying who are all allowed to access the resource, and grant only minimal permissions for those users. For example, perhaps developers should be allowed to write to an Amazon S3 bucket, but testers only need to read from it.
In addition, cloud administrators should adopt a continuous monitoring strategy to ensure cloud security. All activities on cloud infrastructure should be closely monitored. Logs from cloud infrastructure should be tracked and analyzed.
Combat Cyber Attacks on Cloud Infrastructure with ManageEngine
Control, Monitor, and Manage Administrative Access with Password Manager Pro
To combat the rapidly increasing cyber attacks in the cloud environment, IT organizations require an automated approach to centrally control, monitor, and manage privileged access. enables cloud managers to securely store, share, periodically change, and control access to the management console or administration panel passwords of Microsoft Azure, Google Apps, Amazon Web Services, and Rackspace accounts.
Password Manager Pro uses API and scripts from the respective cloud providers for password resets.
IT managers can grant cloud administrators access to the management console without allowing the admins to view the underlying passwords in plain text, enabling organizations to bolster security and follow password management best practices. With comprehensive audit trails and real-time notification provisions, Password Manager Pro helps track privileged account activity on the cloud environment and meet various regulatory compliance requirements.
Cloud Infrastructure Log Monitoring with EventLog Analyzer
Another crucial aspect of cloud security is continuously tracking the activities in the cloud infrastructure. helps collect and analyze AWS EC2 logs in a central location. It helps monitor the logs from all applications running in the EC2 instance. Continuous monitoring helps track privileged user activity and also malicious attacks.
No organization is immune to cyber attacks and not all incidents can be prevented. However, those occurring due to lack of basic controls, improper password management, and monitoring are definitely preventable.
Password Manager Pro, EventLog Analyzer, and other IT security solutions from the ManageEngine suite could help you bolster cloud security. To learn more about ManageEngine IT Security solutions, visit http://www.manageengine.com/it-compliance-suite.html