• Home
  • Et Cetera

Infosecurity.US

TechBuddha: Cloudy Amazon AWS Security

By Marc Handelman on December 11th, 2008

Amrit Williams, TechBuddha, has posted an absolutely on-target examination (and right on-time as well – with the Amazon news published yesterday) of the rather murky state-of-affairs (at least in the security realms) at Amazon.com, Inc. (NasdaqGS: AMZN) Web Services unit. Read a short snippet of the TechBuddha’s post after the jump, and visit his blog early, and often.

From the Amrit Williams, the TechBuddha’s post:” Recently I posted some thoughts on cloud security (here), (here), and (here). The bottom line still holds true…

When we allow services to be delivered by a third party we lose all control over how they secure and maintain the health of their environment and in many cases we lose all visibility into the controls themselves, that being said…Cloud Computing platforms have the potential to offer adequate security controls, but it will require a level of transparency the providers will most likely not be comfortable providing.

In September of 2008 Amazon released a paper entitled “Amazon WebServices: Overview of Security Processes” which discusses, at a high-level, aspects of Amazon’s AWS (Amazon Web Services) security model. Essentially it says that they will provide a base-level of reasonable security controls against their infrastructures and the enterprise is required to provide the required security controls against their guest OS instance and other attributes of the customer environmental variables, including data backup, controls, and secure development.”

  • Straddling the Cloud
  • Amazon EC2 Now Available In Europe
  • Public Data Goes on Amazon’s Cloud
  • Cloud Computing Making Forensics Easier
Reblog this post [with Zemanta]

Categories: Amazon Web Service, Brilliant, Insecure Cloud Computing, TechBuddha
Tags: Amazon EC2, Amazon.com, Brilliant, Cloud Computing, Insecure Cloud Computing, TechBuddha

Comments are closed.

« Dinosaur Comics: Parallel Universe Asterisk Project Releases Security Advisory »
  • Latest
  • Random
  • Bookmarks
  • Archives
  • Lisa Benson: Jobs
  • Final Apache HTTP Server 1.3 Series Release
  • Sherffius: The Moon
  • NSA To Aid Google In Chinese State Sponsored Intrusion Investigation
  • Oracle Patches Critical WebLogic Flaw
  • Lisa Benson: Beanstalk
  • USB Electronic Key Impressioner – Open Sesame
  • Sherffius: Bacterial-Laden
  • Firefox Malware Extensions Discovered
  • Holbert: Trillion Dollar Stuck Pedal
  • Old WordPress Deployments Fall Victim, Let The Fingerpointing Commence…
  • XKCD: Party
  • Microsoft Malicious Software Removal Tool Epic Fail
  • Cloud Company Loses Customer Data, In The Cloud…
  • Knujon: New GMAIL IMAP Permits Easier KnujOn Reporting
  • Google Coverup?
  • Happy Thanksgiving To Our Canadian Friends and Relatives
  • Black Hat Interviews Dan Kaminsky
  • FS-ISAC: Cyber Attack Against Payment Processes Exercise
  • Fox News: Mexican Embassy Official Terminated After Theft Of White House BlackBerries
  • Apple
  • BSD
  • Closson
  • Darknet
  • Debian
  • Finnigan
  • ha.ckers
  • Hoff
  • Insecure
  • Krebs
  • Layer8
  • MSRC
  • Network Security Blog
  • NSA SEL
  • openSUSE
  • RedHat
  • SANS
  • Schneier
  • Security Eunoia
  • Securosis
  • Shimel
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
Subscribe

Featured Blog - Blogs.com SANS Security Reading Room KnotOriginal: fine art to hang on your body and walls Member - Security Bloggers Network

Dilbert

Sponsored Links

KnotOriginal

Featured Video

RSS Cryptography

  • Microscope-wielding boffins crack cordless phone crypto 2010/02/08
  • Making packet processing more efficient with network-optimized multicore designs: Part 2 2010/02/08
  • New Attack on Threefish 2010/02/07
  • So I deleted it without reading it. 2010/02/06
  • Kaspersky: Google hack takes spotlight from Russia 2010/02/05
  • IP Cores, Inc. Announces an Update of its Elliptic Curve Crypto Accelerator 2010/02/05
  • SMIC, SSHIC deliver smart card IC using 0.162 m EEPROM 2010/02/04
  • Revere Security Appoints Co-Inventor of Public-Key Cryptography... 2010/02/03
  • Data defenders: Researchers try to ward off increasingly sophisticated cyber attacks 2010/02/02
  • IP Cores Selects Phoenix Technologies for Israel 2010/02/02

RSS Security Bloggers Network

  • My Blackhat DC Paper, Slides, and Video are available 2010/02/08 IBM Internet Security Systems Frequency X Blog
  • Is Your BlackBerry Spying On You? 2010/02/08 spinman
  • The 800-lb Dragon’s APTitude 2010/02/08 Bill Wildprett
  • Wrapping insecure web apps with Apache 2010/02/08 Asmodian X
  • Oracle Patches Critical WebLogic Flaw 2010/02/08 Marc Handelman
  • Lisa Benson: Beanstalk 2010/02/08 Marc Handelman
  • Week 5 in Review 2010/02/08 glenn
  • Google Street View Car Gets GPSed by F.A.T. Pranksters 2010/02/08 Devin McDonald

RSS SANS ISC

  • Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html, (Tue, Feb 9th) 2010/02/09
  • When is a 0day not a 0day? Samba symlink bad default config, (Tue, Feb 9th) 2010/02/09
  • When is a 0day not a 0day? Fake OpenSSh exploit, again. , (Mon, Feb 8th) 2010/02/08
  • Mandiant Mtrends Report, (Sun, Feb 7th) 2010/02/07
  • LANDesk Management Gateway Vulnerability, (Sat, Feb 6th) 2010/02/06
  • tweaked ISC layout. Please submit screen shot and browser details if things don't look right., (Sat, Feb 6th) 2010/02/06
  • Oracle WebLogic Server Security Alert, (Sat, Feb 6th) 2010/02/06
  • New version of Andreas Schuster's Evtx Parser released http://computer.forensikblog.de/en/2010/02/evtx_parser_1_0_2.html, (Sat, Feb 6th) 2010/02/06
  • Memory Analysis - time to move beyond XP, (Fri, Feb 5th) 2010/02/06

RSS Oracle

  • Oracle to Acquire AmberPoint 2010/02/09
  • Bookmarkable page with parameters 2010/02/09
  • 32-bit to 64-bit database migration tips: OLAP upgrade 2010/02/08
  • ADF Coding Ninja 2010/02/08
  • Case Study: Swedish Rail Operator SJ Increases Revenue and Customer Satisfaction Using CRM 2010/02/08
  • Random Things: Volume #13 2010/02/08
  • v-Commerce? 2010/02/08

RSS MySQL

  • A deep look at MySQL 5.5 partitioning enhancements 2009/12/24
  • Sun "Tech Days" Conference World Tour Kicks Off in Brazil 2009/12/07
  • Tino Rachui: Using MySQL Cluster in Sun's Virtual Desktop Infrastructure 2009/11/10
  • MySQL Database Analytics with InfiniDB from Calpont – Part 2 2009/10/28
  • MySQL Database Analytics with InfiniDB from Calpont – Part 1 2009/10/27
  • What's New in the MySQL Enterprise Fall 2009 Release? - Interview with Mark Matthews and Andy Bang 2009/09/08
  • Introducing the MySQL Librarian 2009/07/14

RSS Linux

  • Oracle Drops Sun's Commitment To Accessibility - Slashdot 2010/02/09
  • LinuxCon Puts Out Call for Papers Ahead of Summer Event - OStatic (blog) 2010/02/09
  • How To Reverse Engineer A Motherboard BIOS - Benchmark Reviews 2010/02/09
  • Oracle Patches Dangerous WebLogic Server Flaw - eWeek 2010/02/09
  • Unix ENGINEER - TRADING - SYDNEY CBD! - Australian Techworld 2010/02/09

RSS MAC OSX

  • Anti-DRM Protest Against The iPad Grows 2010/02/08 Eli Milchman
  • Amazon to Hike Ebook Pricing as iPad Ships 2010/02/08 Ed Sutherland
  • Daily Deals: iPhone Acces. Bundle, External Superdrive, App Store Freebies 2010/02/08 Ed Sutherland
  • Mock Up Your iPad Ideas With IA’s Omnigraffle Template 2010/02/08 Giles Turnbull
  • The inevitable DIY iPad papercraft mockup 2010/02/08 John Brownlee
  • Apple to app devs: don’t use Core Location “primarily” for advertising 2010/02/08 John Brownlee
  • Report: Carriers to Subsidized iPads for 2-Year 3G Contracts 2010/02/08 Ed Sutherland

RSS Microsoft

  • February 2010 Bulletin Release Advance Notification 2010/02/04 MSRCTEAM
  • Security Advisory 980088 Released 2010/02/03 MSRCTEAM
  • January 2010 Out-of-Band Security Bulletin Webcast 2010/01/22 MSRCTEAM
  • Bulletin MS10-002 Released 2010/01/21 MSRCTEAM
  • Security Advisory 979682 Released 2010/01/21 MSRCTEAM
  • Advance Notification for Out-of-Band Bulletin Release 2010/01/20 MSRCTEAM
  • Security Advisory 979352 – Going out of Band 2010/01/19 MSRCTEAM

RSS Network

  • Europe lagging behind on fibre broadband adoption 2010/02/08
  • LG NAS N4B1 review 2010/02/08
  • VoIP patent under review by Patent Office 2010/02/08
  • YouTube now supports IPv6 2010/02/08
  • Where do web giants stand on IPv6? 2010/02/05
  • Intel details vPro for Core i5, i7 processors 2010/02/05
  • Microsoft IE still popular, researcher says 2010/02/05

Daily Posts

February 2010
S M T W T F S
« Jan    
 123456
78910111213
14151617181920
21222324252627
28  
Creative Commons License
The Infosecurity.US Blog is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Find the best blogs at Blogs.com.

Creative Commons Attribution-Share Alike 3.0 U.S. License ©2010 Infosecurity.US

Subscribe