How To Secure Your Cloud Hosting? Part 1

How to secure your cloud hosting? Part 1

So having completed the migration of your application or site to the cloud, say to AWS or RS, be prepared to get surprised by the initial hacker attack attempts on your site! Recently, we had the experience of handling two projects, one with AWS and another with RS. We were surprised to take note of our system event viewer logs.

(See the screen shot).

RDP- Remote Desktop Protocol

To start the hardening process first we disabled the RDP service in the server. This will have its own effects as something like closing our own house door. We started using the console provided.

We found that a several hundred attempts to login in to our account from the hackers worldwide within two days of launch. Bad guys from all around the world… from Iran, China, Korea and so many other countries. It seems that they are never going to stop trying to get in. So the so called hardening work started. Hardening the cloud system. Let me explain what we did to harden the cloud servers.

It is told that ‘ a ship in harbor is safe. But that is not what ships are for.’

Similarly the objective of cloud hosted site or application is to give ease of access to the intended worldwide varied audience. At the same time, we should have ease of access too for doing the admin works, adding content, making changes to the code etc., One of the oldest ways practiced by hackers is cracking the Administrator password. If our id can be taken, an outsider becomes insider. In the cloud computing model, every one including System Admin is an outsider! The cloud eco system throws open an added list of vulnerabilities. In the initial days immediately after the launch, we have to make an approach wherein we systematically close down ways of outsider intruding in to our system.

To be continued in Part 2

By Glenn Blake

About Glenn Blake

Glenn Blake is a writer for CloudTweaks and has been writing about technology trends for over 25 years.

View Website
View All Articles

Sorry, comments are closed for this post.

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…