When it comes to cloud infrastructure services, Amazon Web Services (AWS) still reigns at the top of the list for cloud infrastructure services with more than 30 percent of the market share. By comparison, the second-most popular cloud service, Microsoft Azure, comes in at approximately 15 percent.
Although any organization would be happy to hold such a significant market share, in the tech industry, it comes with one serious issue: becoming a target for malicious attackers.
Analysts, vendors, and customers know that AWS has the greatest market share, but the bad guys are also aware of this fact. These threat actors cast their nets out, hoping to compromise a poorly secured AWS instance. Although Amazon takes all of the necessary steps to help prevent successful attacks, there are things that AWS customers need to do to protect their cloud infrastructure..
Protect the Root Account
Getting root access is always something that threat actors strive for. The root user account gives complete access to all AWS services and resources in the account. This account is so powerful that Amazon recommends that you do not use it for everyday tasks, even those that are administrative in nature. This account is used only to create the first Identity and Access Management (IAM) user and select account and service management tasks.
Protecting this account is as simple as not using it. If you create this account and don’t use it, the risk of a malicious hacker grabbing these credentials is limited because they are not susceptible to theft via keystroke logging or other spyware. However, you should take other steps to protect the root account:
- Don’t reuse a common password. If hackers own another account of yours, why wouldn’t they give that account’s password a try on your root account?
- Change this password if you ever use your root account on a compromised machine. If those credentials are captured, someone will try to use them.
- Don’t share these credentials. This is something you learn early on, and it still applies today.
- Enable multi-factor authentication (MFA) for your root account. It doesn’t provide you with the panacea some suggest it does, but MFA does make stealing account credentials much more difficult.
Practice the Principle of Least Privilege
This one is another long-standing tenet of security: Give your users the minimal amount of permissions needed to get their job done. To assist you, AWS provides IAM to help control access to AWS resources. When a person or application makes a request in AWS, the enforcement code first checks to see if that person/application is authenticated. Once the code confirms that the principal (the person or application) is authenticated, it checks whether that principal is authorized to perform that request or function.
Amazon’s IAM is rather complex. There are more than 3.600 permissions and 130 services that you have the capability to manage. With so many choices, it is difficult to determine which permissions are needed for things to work properly. That is where AWS CloudTrail comes to the rescue. This service allows for the operational auditing of your AWS account so you can monitor activity and right-size your permissions.
Watch the Logs
Amazon provides a service called AWS Detailed Billing that provides an hourly look into the resources your organization uses and the costs that your use incurs. Not only does this log help you to control and anticipate costs, but it gives you insight into usage that may not be legitimate. For example, in 1986, Clifford Stoll investigated a breakin at the Lawrence Berkeley National Laboratory when an overage of 75 cents raised eyebrows.
By setting baselines for your account and then checking usage and billing for anomalies, you may spot a possible compromise that is exfiltrating data or misusing your infrastructure because of rising use or costs, when data shows that this is typically the opposite.
Properly securing any system comes down to diligence and knowing what to look for to spot an attack before it does serious damage. There are technical controls that help corral all of this information, but unless your team understands how to use them, they are not going to keep the bad guys at bay as effectively as they could.
Proper training and experience is required to secure AWS, or any other cloud infrastructure, properly. If your team needs assistance ensuring that your cloud services are secured properly, find a trusted managed services security provider that brings the knowledge and experience to your organization and get the job done right.