Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS Security


Published on

  • Login to see the comments

AWS Security

  1. 1. AWS: OVERVIEW OF SECURITY PROCESSES Jeff Barr Senior Web Services Evangelist,
  2. 2. OVERVIEW <ul><li>Certifications </li></ul><ul><li>SAS70 Type II </li></ul><ul><li>Physical Security </li></ul><ul><li>Backups </li></ul><ul><li>Amazon EC2 Security </li></ul><ul><li>Network Security </li></ul><ul><li>Amazon Virtual Private Cloud </li></ul><ul><li>Q&A </li></ul>
  3. 3. AWS SECURITY RESOURCES <ul><li> </li></ul><ul><li>Security Whitepaper </li></ul><ul><li>Latest Version 11/09 </li></ul><ul><li>Updated bi-annually </li></ul><ul><li>Feedback is welcome </li></ul>
  4. 4. AWS CERTIFICATIONS <ul><li>Shared Responsibility Model </li></ul><ul><li>Sarbanes-Oxley (SOX) </li></ul><ul><li>SAS70 Type II Audit </li></ul><ul><li>Working on FISMA (NIST)C&A </li></ul><ul><li>Pursuing ISO 27001 Certification </li></ul><ul><li>Customers have deployed various compliant applications such as HIPAA (healthcare) and PCI DSS (credit card) </li></ul>
  5. 5. SAS70 TYPE II <ul><li>Based on the Control Objectives for Information and related Technology (COBIT) , which is a set of established best practices (transitioning to ISO 27001) </li></ul><ul><li>Covers Access (Security), Change Management and Operations of Amazon EC2 and Amazon S3 </li></ul><ul><li>Audit conducted by an independent accounting firm (E&Y) on a recurring basis </li></ul>
  6. 6. PHYSICAL SECURITY <ul><li>Amazon has been building large-scale data centers for many years </li></ul><ul><li>Important attributes: </li></ul><ul><ul><li>Non-descript facilities </li></ul></ul><ul><ul><li>Robust perimeter controls </li></ul></ul><ul><ul><li>Strictly controlled physical access </li></ul></ul><ul><ul><li>2 or more levels of two-factor auth </li></ul></ul><ul><li>Controlled, need-based access for </li></ul><ul><li>AWS employees (least privilege) </li></ul><ul><li>All access is logged and reviewed </li></ul>
  7. 7. FAULT SEPARATION AND GEOGRAPHIC DIVERSITY Note: Conceptual drawing only. The number of Availability Zones may vary Availability Zone D Availability Zone A Availability Zone B US East Region (N. VA) Availability Zone A Availability Zone C Availability Zone B Amazon CloudWatch Auto Scaling Elastic Load Balancing
  8. 8. DATA BACKUPS <ul><li>Data stored in Amazon S3, Amazon SimpleDB, and Amazon EBS is stored redundantly in multiple physical locations </li></ul><ul><li>Amazon EBS redundancy remains within a single Availability Zone </li></ul><ul><li>Amazon S3 and Amazon SimpleDB replicate customer objects across storage systems in multiple Availability Zones to ensure durability </li></ul><ul><ul><li>Equivalent to more traditional backup solutions, but offers much higher data availability and throughput </li></ul></ul><ul><li>Data stored on Amazon EC2 local disks must be proactively copied to Amazon EBS and/or Amazon S3 for redundancy </li></ul>
  9. 9. AWS MULTI-FACTOR AUTHENTICATION A recommended opt-in security feature of your Amazon Web Services (AWS) account
  10. 10. AMAZON EC2 SECURITY <ul><li>Host operating system </li></ul><ul><ul><li>Individual SSH keyed logins via bastion host for AWS admins </li></ul></ul><ul><ul><li>All accesses logged and audited </li></ul></ul><ul><li>Guest operating system </li></ul><ul><ul><li>Customer controlled at root level </li></ul></ul><ul><ul><li>AWS admins cannot log in </li></ul></ul><ul><ul><li>Customer-generated keypairs </li></ul></ul><ul><li>Stateful firewall </li></ul><ul><ul><li>Mandatory inbound firewall, default deny mode </li></ul></ul><ul><li>Signed API calls </li></ul><ul><ul><li>Require X.509 certificate or customer’s secret AWS key </li></ul></ul>
  11. 11. AMAZON EC2 INSTANCE ISOLATION Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n … … Virtual Interfaces Firewall Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups
  12. 12. VIRTUAL MEMORY & LOCAL DISK Amazon EC2 Instances Amazon EC2 Instance Encrypted File System Encrypted Swap File <ul><li>Proprietary Amazon disk management prevents one Instance from reading the disk contents of another </li></ul><ul><li>Local disk storage can also be encrypted by the customer for an added layer of security </li></ul>
  13. 13. NETWORK TRAFFIC FLOW SECURITY Amazon EC2 Instances Amazon EC2 Instance Encrypted File System Encrypted Swap File iptables Amazon Security Groups Inbound Traffic <ul><li>Inbound traffic must be explicitly specified by protocol, port, and security group </li></ul><ul><li>iptables may be implemented as a completely user controlled security layer for granular access control of discrete hosts, including other Amazon Web Services (Amazon S3/SimpleDB, etc.) </li></ul>
  14. 14. MULTI-TIER SECURITY ARCHITECTURE Web Tier Application Tier Database Tier EBS Volume Ports 80 and 443 only open to the Internet Engineering staff have ssh access to the App Tier, which acts as Bastion All other Internet ports blocked by default Authorized 3 rd parties can be granted ssh access to select AWS resources, such as the Database Tier Amazon EC2 Security Group Firewall AWS employs a private network with ssh support for secure access between tiers and is configurable to limit access between tiers
  15. 15. NETWORK SECURITY CONSIDERATIONS <ul><li>DDoS (Distributed Denial of Service): </li></ul><ul><ul><li>Standard mitigation techniques in effect </li></ul></ul><ul><li>MITM (Man in the Middle): </li></ul><ul><ul><li>All endpoints protected by SSL </li></ul></ul><ul><ul><li>Fresh EC2 host keys generated at boot </li></ul></ul><ul><li>IP Spoofing: </li></ul><ul><ul><li>Prohibited at host OS level </li></ul></ul><ul><li>Unauthorized Port Scanning: </li></ul><ul><ul><li>Violation of AWS TOS </li></ul></ul><ul><ul><li>Detected, stopped, and blocked </li></ul></ul><ul><ul><li>Ineffective anyway since inbound ports </li></ul></ul><ul><ul><li>blocked by default </li></ul></ul><ul><li>Packet Sniffing: </li></ul><ul><ul><li>Promiscuous mode is ineffective </li></ul></ul><ul><ul><li>Protection at hypervisor level </li></ul></ul><ul><li>Configuration Management: </li></ul><ul><ul><li>Configuration changes are authorized, logged, tested, approved, and documented </li></ul></ul><ul><ul><li>Most updates are done in such a manner that they will not impact the customer </li></ul></ul><ul><ul><li>AWS will communicate with customers, either via email, or through the AWS Service Health Dashboard ( ) when there is a chance that their Service use may be affected. </li></ul></ul>
  16. 16. NETWORK TRAFFIC CONFIDENTIALITY Amazon EC2 Instances Amazon EC2 Instance Encrypted File System Encrypted Swap File <ul><li>All traffic should be cryptographically controlled </li></ul><ul><li>Inbound and outbound traffic to corporate networks should be wrapped within industry standard VPN tunnels (option to use Amazon VPC) </li></ul>Corporate Network Internet Traffic VPN
  17. 17. AMAZON VPC Customer’s Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resources Router VPN Gateway
  18. 18. THANK YOU [email_address]
  19. 19. © 2008-2010, Inc., or its affiliates. This presentation is provided for informational purposes only. Amazon Web Services LLC is not responsible for any damages related to the information in this presentation, which is provided “as is” without warranty of any kind, whether express, implied, or statutory. Nothing in this presentation creates any warranties or representations from Amazon Web Services LLC, its affiliates, suppliers, or licensors. This presentation does not modify the applicable terms and conditions governing your use of Amazon Web Services technologies, including the Amazon Web Services website. This presentation represents Amazon Web Services' current product offerings as of the date of issue of this document, which are subject to change without notice. This presentation is dated May 2010. Please visit to ensure that you have the latest version.