Security is one of the biggest issues that causes organizations to hesitate when they consider cloud computing. It is a natural reaction, after all for most modern organizations, their data is their lifeblood. How could we entrust that to people we don't know and have little control over?
It may surprise you to know that in the eyes of many security experts, using cloud computing can make your data more secure, not less secure, as long as the correct procedures are followed. Which makes sense when you think about it, it's another aspect of the benefits of scale. I have a lot of confidence in the computer security folks here at Penn State; they are excellent. I'm also pretty confident that Amazon and Google employ even better computer security experts. However, no experts can protect you from yourself; if you start up a server, expose it to the world, and fail to patch it, it will get hacked. Therefore, the key is to follow the correct procedures.
This page describes how to safely complete this course and gives some general guidance and pointers to further information on how to safely administer a server in production.
Security in this course
In this course, we will be learning about and experimenting with a variety of cloud computing technologies. The most important method you should follow to use them safely is simply to follow the directions in the course in their entirety. Don't skip steps. Further general guidelines for security in this course can be divided into two parts. We will first use Infrastructure as a Service, by starting server instances on Amazon's compute cloud. Later in the course, we will use Platform as a Service and Software as a Service services like ArcGIS Online, Carto, and Mapbox. Good security practices for the second part of the course (platform and software as services) are easily described; use a strong, unique password for each service. If managing multiple strong passwords is an issue for you (I think it is for most humans), consider using software like 1Password. The rest of this section gives some guidelines for safe usage of Amazon server instances for the Infrastructure as a Service portion of the course.
- Stop your instances when not in use. As a general guideline, you should stop your Amazon cloud server instances while you are not using them. A good workflow while using cloud computer instances is to start them when you want to begin a work session, and then stop them when you are done. After all, a computer that is turned off is one that cannot be remotely hacked. Do not terminate an instance that you care about; it will be irretrievably deleted.
- Understand the basics of public-key cryptography. Amazon relies on public-key cryptography to give you safe access to your instances. You are given a key pair file that you use to retrieve the initial administrator password for your EC2 instances. Keep your key pair file in a safe place where you can find it and make sure it is not exposed through any web-facing folder.
- This last one is somewhat advanced and doesn't apply to exercises in this course, but it's worth sharing anyway. Be careful when making and sharing images based on EBS volumes (Amazon EC2's version of "hard drives"). Also, be very careful with whom you share access to the "hard drive" EBS volume that the instances uses. You should never make a public copy of such an EBS volume. Even files you have deleted may still be accessible to anyone you give access to. Amazon EC2 guru Eric Hammond ran a little contest to illustrate the dangers. He made a text file on an EBS volume that contained a gift card number, and then deleted it. He then made a public copy of the EBS volume and invited the readers of his blog to try to retrieve the "deleted" file and claim the prize. Soon there were posts from multiple people who were able to read the file. Details are here: Hidden Dangers in Creating Public EBI Snapshots on EC2.
Even if you are not going to be sharing copies of your instances, you may need to think about how to safely put your server into production.
Security for servers in production
A production server is one that is serving your business content, live, to end users in a highly available and highly secure manner. A complete guide to production server security is unfortunately outside the scope of this course. We are not setting up servers that are ready to go into production. However, we will be covering some aspects of server security as we go along in the course. In addition, here are some general principles that you should know:
- Turn off operating system components and services you are not using. If a computer is being used as a machine to lauch web servers and databases, but is not running a web server or a database itself, then disable the web server and database software on that computer.
- Limit account access. Use an administrative account only for administrative tasks. Normal usage should use an account with more restricted rights.
- Limit port access. Use firewalls to restrict port availability, and be cautious when opening ports. If you are using Amazon Web services, use Security Groups as well as a firewall on your operating system for defense in depth. A good introduction to using Security Groups can be found at rightscale.com.
- Sanitize any input allowed into your system. For example, if you allow people to upload images, test the uploads before saving them on your system to make sure they are valid images rather than malicious files. Be especially cautious of SQL or other data manipulation input.
- Keep your operating system and server software patched and up to date.
- Back up your data and systems. Data which is not backed up will eventually be lost. Failure rates for individual computer instances are usually high in a cloud environment, due to the use of commodity hardware. A good backup strategy involves backing up your data to two separate physical locations or two different "Regions" on Amazon EC2. Keeping a remote backup of your server can be a lifesaver in an emergency, and can make you a hero if you can get the system restored quickly. A good strategy for EBS-backed instances (that is the most popular kind of instance and the kind that we are using in this course) is to take regular snapshots of the boot EBS volume. You can then easily create a new server instance from one of the snapshots if disaster strikes.
- Don't share your private keys or passwords with anyone. Responsible administrators will never ask you to share this kind of information. I'm sure you have already heard this, but it bears repeating.
A good resource for how to safely run a server in production is the National Institute for Standards and Technology's "General Guide to Server Security," accessible at csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf. It describes the necessary planning steps, how to secure your operating system, how to secure your server software, and how to maintain your security. It also describes the multiple personnel roles that are involved in good security practices. If you will be involved in helping to administer a server in production, I suggest you read this guide and follow its recommendations.
OK, enough of the heavy stuff; it's time to start your first cloud computer in this course, an Amazon instance!