AWS and securityJul 09 2012 07:33PM Sean Simpson (sean stitcher com) (2 replies)
Re: AWS and securityJul 11 2012 03:17AM ShiYih Lye (shiyih lye my offgamers com)
Re: AWS and securityJul 10 2012 01:41PM Warner Tabor (pneusolematic me com) (1 replies)
Sean,
We've been using AWS for 3 years now to host our web and app servers without incident. If you make proper use of EC2 Security Groups you can lock things down pretty tightly. I think that as long as you do your due diligence as far a security is concerned and make sure you are using known good AMI's (ones that are provided by Amazon, for example,) I don't think that you'll be at any higher risk for attack than hosting in a co lo. Perhaps other will disagree, and I can only provide my own anecdotal evidence, but I haven't heard any security horror stories myself. Also, while doing your study, consider the tools that AWS and other similar cloud services offer you and compare that to a co lo. You have the ability to launch, test, provision and scale your app in a very fluid and dynamic way. Services like ELB with Sticky Sessions allow you to load balance your app very easily without worrying about a whole lot of configuration, extra SSL certs, etc. AWS has certainly allowed us to move far more quickly than we would have if we were hosting on site or in a co lo.
> Hi all, I've been assigned to evaluate AWS as an alternative to our current colocation situation and I'm wondering if anyone knows of any reports detailing the regularity, or lack thereof, of security incidents at AWS. I have been positing to the "deciders" an analogy of colos being like hot tubs... some you just don't want to go near, and Amazon makes me a nervous, so I'm looking for some hard data on rates of viral infestations, DDoS's on the network, script kiddy attacks on servers, etc. Anyone know of any resources for me, or have comments one way or the other?
>
> Sean Simpson
> Senior Server/Web Developer
> sean (at) stitcher (dot) com [email concealed]
> http://stitcher.com
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
We've been using AWS for 3 years now to host our web and app servers without incident. If you make proper use of EC2 Security Groups you can lock things down pretty tightly. I think that as long as you do your due diligence as far a security is concerned and make sure you are using known good AMI's (ones that are provided by Amazon, for example,) I don't think that you'll be at any higher risk for attack than hosting in a co lo. Perhaps other will disagree, and I can only provide my own anecdotal evidence, but I haven't heard any security horror stories myself. Also, while doing your study, consider the tools that AWS and other similar cloud services offer you and compare that to a co lo. You have the ability to launch, test, provision and scale your app in a very fluid and dynamic way. Services like ELB with Sticky Sessions allow you to load balance your app very easily without worrying about a whole lot of configuration, extra SSL certs, etc. AWS has certainly allowed us to move far more quickly than we would have if we were hosting on site or in a co lo.
-Skip
CIO, Jamestown Distributors
http://www.jamesowndistributors.com
On Jul 9, 2012, at 3:33 PM, Sean Simpson wrote:
> Hi all, I've been assigned to evaluate AWS as an alternative to our current colocation situation and I'm wondering if anyone knows of any reports detailing the regularity, or lack thereof, of security incidents at AWS. I have been positing to the "deciders" an analogy of colos being like hot tubs... some you just don't want to go near, and Amazon makes me a nervous, so I'm looking for some hard data on rates of viral infestations, DDoS's on the network, script kiddy attacks on servers, etc. Anyone know of any resources for me, or have comments one way or the other?
>
> Sean Simpson
> Senior Server/Web Developer
> sean (at) stitcher (dot) com [email concealed]
> http://stitcher.com
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]