P I S A J o u r n a l
SEP-2012
Issue
Since the virtual machine uses private IP address, Amazon use a security group to port forward the desired public ports to virtual machines. The security group looks like a public firewall to the virtual machine. It gives a false sense of security to the Amazon customers. Since there is no host firewall enabled in Amazon Linux AMI by default, running services are exposed to other Amazon cloud virtual machines. The following screen capture shows the result of nmap scanning to the hosts in the same subnet. Services like MySQL and tomcat could be identified in others’ virtual machines.
Page 13 of 32
A Publication of Professional Information Security Association
16