Subscribe to Dr. Granville's newsletter

Originally posted on DataScienceCentral.

AWS - Amazon Web Services - allows you to deploy your analytic app or API on the cloud, and make it public.

However, if you are co-located on a shared server and your "neighbors" are criminals engaging in click fraud or email spamming, your IP address will be blocked by most IP blacklist vendors such as Spamhaus. This is nothing new, but what is new here is the very high proportion of bad neighbors found on AWS, and Amazon does not have the technology to detect them.

A classified study by Vincent Granville shows that 20% of click fraud on large ad networks, comes from hundreds of AWS IP addresses - the largest single source of fraud, bigger than any single traditional Botnet. Spamhaus catches about 15% of the bad IP addresses in question. The remaining IP addresses can easily be detected using IP address clustering techniques or large scale (distributed) nslookups. In some security circles, people have suggested to block all Internet traffic from Ashburn, Virginia, as this is where a large AWS server farm (infested by criminals) is located, with new IP addresses popping up every day.

If you share your IP address with one of these criminals (even though you are a good guy), your clients might just not be able to access your services, as your AWS public website/folders will be blocked by most browsers.

So what are the solutions - safer cloud - to host your analytic app if you don't have a budget for a dedicated IP address? Even a dedicated IP address is not great if it's located in an IP address block filled with blacklisted IP addresses.

There are plenty of articles about this issue, click here to find many of them.

Here are two comments posted by members:

  • It is based on analyzing web traffic from a large ad network, and finding that a significant proportion of the click fraud is from AWS IP addresses blacklisted by Spamhaus and several other similar providers (Adometry, etc.) and using our own rules. Bad IP address results in email blacklisting and other issues, for AWS users on the wrong address, just like it happens for any shared IP address that get blacklisted because of a single (very nasty) black sheep. I can't share the document, I signed a NDA with the client.
  • This is a sidebar..It's worse than that. Amazon is prob trying to mitigate malevolent users internally, however there is a nasty expolitation in VM's that are popular with Amazon users. Xen and Vmware according to this report from sec researchers, can be cross hacked from a malevolent VM. The paper is straightforward and I post it here for your delectation http://eprint.iacr.org/2014/248.pdf. The paper in general says that if you are collocated on the same metal malevolent clients can grab all your AES crypto key info from your vm app and penetrate your other infrastructure via the Bernstein correlation methods . There are ways to prevent it but like everything else it is costly ( not every chip set has AES-IN enabled) or counter to the purpose of the public clouds ( no colloc ) Security is hard to do on the cloud infrastructure. It's the reason why I was told to stop working with "sensitive" "big" data on the cloud for now.

Email me when people comment –

You need to be a member of Messaging News to add comments!

Join Messaging News

Messaging Events

Security
Tech