Security rules are enough for Cloud instance's security?

Tech giants like Google, Amazon, Microsoft etc are continuously working on the cloud computing platform and providing various services to users to make their job easy. If we talk about launching a web application on our own datacenter, we know that pain. Because we need to set up various tasks to launch a web application like:

  1. Set up the VM.
  2. Install server OS.
  3. Set up the inbound and outbound rules
  4. Users creation
  5. Install the web server/application server and database server
  6. Configure the web server and database server
  7. Provide access to user
  8. Deploy these web application code to server etc

It will take time to complete all above tasks, which can be 4 to 5 hours or if we take hosting, it may take 24 – 48 hours to launch our app and it may cost high as per requirements or resources. But these tasks can be done in a short time through Orchestration tools of cloud companies. Let’s talk about AWS orchestration service: AWS Cloudformation. AWS Cloudformation gives us the ability to model and provision the Infrastructure through the simple template files. In the template files, we just need to mention the Infrastructure resources that we need to launch for our web application. After that, Cloudformation will manage those resources as a single unit called Stack and take care of everything further. We can also see progress in stack’s console.

There is a service called Compute but Cloud providers gave a different name like AWS: EC2 or OCI: Compute or classic compute, but the functionality of this service is the same. With help of this service, we can launch VMs/Instances in a short time. We need to provide some configurations like:

  1. Machine image
  2. Network Configuration
  3. Storage
  4. Instance RAM & CPUs
  5. Inbound & Outbound rules etc
  6. SSH key and launch…:D

And in a few minutes, your instance will be up.

Now the question is “Security rules(Inbound & Outbound) are enough for Cloud instance’s security?”

I think no, because if we configure 22 port number for SSH and hackers got the public IP address of instance then it will be difficult to survive as they will start to access your instance through SSH and try every possibility to break your instance security to access that. They will start SSH attack every next second with different IPs. But we can survive for a time if we set up SSH keys to access the Instance because it is hard to break the keys.

But if Cloud providers found unusual traffic on your instance then Cloud providers will stop your services from their end even if your VM works fine. Obviously, this will take time and money to launch the new instance or maybe it will affect your users’ traffic.  

Now another question is “Are Cloud providers providing some solutions for instance security??”

Yes, Cloud providers provide the solutions for that like GuardDuty by AWS but those solutions will cost you. But if you don’t want to spend money on those services and want to secure your instance then these following steps will let you define some conditions or constraints:

  1. Provide the passphrase in SSH key.
  2. Integrate MFA(Multi-factor authentication) by using Authy or Google Authenticator.
  3. Define the condition to prevent SSH attack like Block user after 3 invalid logins.
  4. Allow a single user login at a time.
  5. Making a non – sudo user to login using SSH

These above constraints/configurations will help you to prevent the SSH attacks. But these steps will work on Linux based instances.

If you are interested or looking for more information, please visit following URL:

http://www.itlearn360.com/self-paced-courses/cloud-instance-security/

For more information please reach us at training@itlearn360.com or call us at +1-800-543-5571

Leave a Reply

Your email address will not be published. Required fields are marked *