Protecting the Cloud with Two-Factor: AWS Authentication Security for IaaS Providers
The cloud - the benefits it offers to new IT models are numerous for organizations that choose to use a cloud hosting provider for any part of their infrastructure:
- Quickly scale resources up or down as demand changes
- Efficient/optimized use of computing resources means lower overall operating costs
- No need to build a server infrastructure, eliminating associated capital expense costs
- Eliminates any maintenance costs associated with hardware
- Faster time to deployment for new applications, increased productivity
While the benefits can be numerous, an outsourced cloud means more centralized controls. Often a cloud hosting provider’s services also include an administrative/management dashboard with the controls to manage an organization’s cloud services. This means the username and password to your cloud's administrative dashboard or accounts are the master keys to your entire IT infrastructure.
And when those credentials are stolen, exploited and accounts taken over, it can be very difficult to get control back, making the entry points to these accounts even more valuable to potential attackers. ‘Cloud security’ takes on many meanings, but guarding the front door should be an integral first step to protecting data, networks, resources and other company assets located in the cloud.
That’s what happened to U.K.-based Code Spaces, a Subversion (SVN) and Git hosting provider that was forced out of business after an attacker gained control of their Amazon EC2 management console panel - all over the timespace of 12 hours. Amazon Elastic Compute Cloud (EC2) is part of the Amazon’s Web Services (AWS), providing a cloud platform that users/organizations can rent to host and run their services on.
While AWS offers a cost-effective pricing model and flexibility for developers, controlling access to the cloud lies in the responsibility of each organization. And, it’s especially important when it comes to protecting a hosting provider’s infrastructure, as a breach and take-down of their main administrative cloud account can mean major damage to numerous clients.
According to TechTarget.com, employees at Code Spaces had uploaded terabytes of data to their repositories at AWS. After a DDoS (Distributed Denial of Service) attack hit the company (a ruse to divert attention from their breach of the EC2 control panel, as CSOOnline.com reports), they found that an unknown attacker had access to their EC2 control panel. After attempting to change their password, the attacker used ‘backup logins’ to regain access and delete “EBS snapshots, S3 buckets, all AMI's (Amazon Machine Images), some EBS instances and several machine instances.”
EBS is Amazon’s Elastic Block Store that provides block level storage volumes that you can attach to EC2 instances; an EBS snapshot is a copy of the data at any given point in time that can be backed up to Amazon’s S3 (Simple Storage Service), a web-based file storage service. The company posted a rather dismal update on their website regarding the status of their repositories for their clients:
- All svn repositories that had the following url structure have been deleted from our live EBS's and all backups and snapshots have been deleted:
- https://[ACCOUNT].codespaces.com/svn/[REPONAME]
- All Svn repositories using the following url format are still available for export but all backups and snapshots have been deleted:
- https://svn.codespaces.com/[ACCOUNT]/[REPONAME]
- All Git repositories are available for export but all backups and snapshots have been deleted
- All Code Spaces machines have been deleted except some old svn nodes and one git node.
- All EBS volumes containing database files have been deleted as have all snapshots and backups.
So, considering the attacker had deleted random yet critical components of their infrastructure, from backups/offsite backups to storage file containers to the information necessary to launch virtual servers in the cloud, it’s no surprise that the hosting provider came to no other resolution than to close their doors. They released a statement about the cost of the resolution of this issue:
Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of on going credibility.
With that in mind, keeping cloud logins secure is important to also keeping your company in business. Streamlining login security is also essential to making security easy to implement and manage, which is why using one two-factor solution that works for both on-premises and enterprise-level cloud apps is ideal.
Adding an extra layer of security with two-factor authentication means a remote attacker can't log into your administrative accounts by simply exploiting stolen credentials. With Duo Security's mobile app, attackers would need to have your administrator's physical device in order to successfully authenticate and gain access to your cloud management console panel.
Duo Security is an official AWS partner - find out more about how administrators can protect their AWS infrastructure and applications (e.g. for PCI or HIPAA compliance) with drop-in, open-source integrations for SSH, PAM, OpenVPN, and web SDKs for Python, Ruby, Java, PHP, Node.js, Classic ASP, ASP.NET, and ColdFusion.
Setting up two-factor authentication for individual third-party accounts is easy - check out Duo Security's Guide to Third-Party Accounts for screenshots and step-by-step instructions.
Learn more about protecting your accounts in Two-Factor Authentication for Cloud Apps.