Sierra and Amazon EC2 Security
A few weeks back there was an interesting article describing a security breach on Amazon’s EC2 Cloud. Of particular interest is this quote:
“On another part of the Sensepost presentation, they looked specifically at vulnerabilities of Amazon’s Web Services. To start off, they detailed the process involved in setting up a new instance on EC2… While Amazon has provided 47 machine images they built themselves, the remaining 2721 images were build by other EC2 users. Can you really believe that all of these images were built securely? Basically, the template directory is just a big archive of user-generated content.”
In contrast to the numerous public AMIs in use on the Amazon cloud, SaffronSierra AMIs are “home grown”; in other words, we use internally built CentOS 5.3 AMIs to run our Sierra product. Saffron has complete control (dependent on patch releases from CentOS of course) over the content of our AMIs, which means our level of confidence in the security of our AMI instances is much higher than if we took the popular route of constructing new AMIs from those that exist publicly.
Phil Chen has a great tutorial on building CentOS AMIs using a Linux loop device; this is the approach we took. I can’t recommend Phil’s tutorial enough; it was comprehensive and worked “out of the box”. Those interested in creating CentOS 5.3 AMIs should definitely start there.
This entry was posted on Tuesday, February 2nd, 2010 at 11:29 am and is filed under SaffronSierra. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.
