Amazon Machine Image (AMI) serves as the basic unit of cloud solutions. It saves time and effort in creating several similar applications.

But, what if there is a vulnerability in the AMI ? Then, that becomes a total disaster!

That’s why, hardening AMI is really critical.

At Bobcares, we help Cloud solution providers to secure these AMI used for provisioning as part of our Infrastructure Management Services.

Today, we’ll see how our Security Experts do the hardening of Amazon Linux AMI.

Purpose of Amazon Linux AMI hardening

We already know that Linux Amazon Machine Image really helps in faster creation of server instances. Now, we’ll see the importance and need for hardening it.

Just as any normal server, attacker can attempt to break into Amazon EC2 instance too.

Hardening is a process that prevents such possible attacks on the server. It involves disabling unwanted services, ports, restricting access on the instance, remove weak programs, etc.

Steps to harden Amazon Linux AMI

Now, let’s have a look at the exact steps involved in hardening Amazon Linux AMI.

1. Choosing the right base

Firstly, we need to choose a right base to build the image.

Well begun is half done!

That is correct in the case of Linux AMI. It is really important to build an AMI from a base you trust. Also, we need to use the most up-to-date operating systems, packages, and software.

That’s why, we often choose the base from Amazon marketplace or other reputable sources. This makes the hardening process more efficient.

2. Securing Services

Most of the time, we add custom components like web server, mail server, database server, etc. to the image. It is important to install security features in all these components. For instance, we need to enforce secure communication in web server using SSL, disable remote database server access, etc.

3. Removing unwanted Users

Additionally, hardening involves removal of unwanted system users. For example, CentOS server comes with users like amanda, games, etc. Maintaining such known users on the server is always a security risk.

Also, we ensure that all default passwords of users are reset. Then we choose a new password that adheres to the strict password policy.

While testing an image, we need to often create users. Normally, these users are left behind and can cause potential risk for the new server. That’s why our Support Engineers ensure to remove all user credentials from the system by removing all users, accounts, passwords, keys, and documents used in testing.

4. Securing login

Restricting access to the instance greatly helps to reduce security risks. Setting up only key-based SSH access works well in maintaining security. As a result, we can prevent the risk of password attacks.

Also from our experience, removing SSH root login completely really helps. Here, we make use of a ‘sudo‘ user to do admin tasks on the instance.

Yet another way to harden the image is to restrict server access to selected IP address and networks.

5. Limit port access

Just like unwanted users, unwanted ports also create security risks.

For instance, if your instance is meant to process only websites, it is a wise option to turn off traffic on mail port. Again, this largely depends on the applications running on the instance. With a strong firewall, we can restrict the access to the ports too.

6. Vulnerability check

After successful creation of image, it is worth to check and confirm that the image is free from known vulnerabilities. For this, our Security Experts check with tools like Chkrootkit, rkhunter, and Nessus. This helps us to take correct possible security problems.

Maintaining hardened AMI

Hardening images help us to create secure instances. Unfortunately, that is not a one time task.

System updates, vulnerability fixes, etc. happen from time to time. Therefore, hardening is a continuous process.

That’s why, our Security Engineers ensure to keep a track on the recent vulnerabilities, periodically test and patch custom images, etc. And over a period of time, we need to rebuild images too.

[Are you facing attacks in Amazon EC2 instances? We can help you to harden your Amazon EC2 instance.]

Conclusion

Hardening AMI really helps to secure the Amazon Linux instances. Today, we’ve seen the major steps that our Security Engineers perform to harden the image and avoid cyber attacks.