Using Amazon's EC2 (Elastic Compute Cloud) can pose a security threat to organizations and individuals alike, though Amazon's not to blame, according to researchers from Eurecom, Northeastern University, and SecludIT. Rather, third parties evidently are not following best security practices when using preconfigured virtual machine images available in Amazon's public catalog, leaving users and providers open to such risks as unauthorized access, malware infections, and data loss.
The researchers say similar security vulnerabilities may be present in other public clouds from such providers as Rackspace, IBM, Joyent, and Terremark. The underlying message is that for all the power and opportunity of public clouds, providers and users alike need to approach with caution and embrace best security practices. Cloud infrastructure providers can't be expected to assess the security of every image, bit, and transaction that occurs on their machines any more than an apartment landlord can be responsible for everything that happens within his or her complex -- that is, what tenants do behind closed doors in the spaces they rent.
The security vulnerabilities in EC2 stem from the misuse and mismanagement of the AMIs (Amazon Machine Images), according to a research report titled "A Security Analysis of Amazon's Elastic Compute Cloud Service." AMIs are virtual images of preconfigured operating systems and applications, provided by third-party developers as well as Amazon itself, for quickly and easily deploying services via EC2. Over a five-month period, the researchers analyzed more than 5,000 AMIs -- both Linux and Windows -- which they grabbed from data centers in Europe, Asia, and the United States.
The researchers found a host of security problems with the AMIs they analyzed. First, 98 percent of the Windows AMIs and 58 percent of the Linux AMIs contained software with critical vulnerabilities. "This observation was not typically restricted to a single application but often involved multiple services: An average of 46 for Windows and 11 for Linux images," according to the report. "On a broader scale, we observed that a large number of images come with software that is more than two years old."
These vulnerabilities leave users exposed to malware, as well as to unsolicited connections, which malicious hackers could use to gather information about an AMI's usage and to collect IP target addresses for future attacks through a built-in backdoor.
