Konstantin Vlasenko

An engineer is someone who can make for a dollar what any fool could make for two. – Alan Kay

Tag Archives: security

AWS EC2: It is not possible to “sniff” traffic that is intended for a different virtual instance

It is not possible for a virtual instance running in promiscuous mode to receive or “sniff” traffic that is intended for a different virtual instance. While customers can place their interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each other’s traffic. Attacks such as ARP cache poisoning do
not work within Amazon EC2 and Amazon VPC. While Amazon EC2 does provide ample protection against one customer inadvertently or maliciously attempting to view another’s data, as a standard practice customers should encrypt sensitive traffic – Amazon Web Services: Overview of Security Processes

AWS is built for enterprise security standards

Certifications

Phisical security

  • Datacenters in nondescript facilities
  • Physical access strictly controlled
  • Must pass two-factor authentication at least twice for floor access
  • Physical access logged and audited

HW, SW, Network

  • Systematic change management
  • Phased updates deployment
  • Safe storage decommission
  • Automated monitoring and self-audit
  • Advanced network protection

 

source: Using Amazon Web Services for Disaster Recovery Webinar (16:07)

Follow

Get every new post delivered to your Inbox.