Amazons says cloud customers can take precautions to defend against Heartbleed

Grazed from NetworkWorld. Author: Brandon Butler.

Amazon Web Services, one of the most popular cloud computing platforms, which hosts a large number of websites on the Internet, said this week that it has been able to mitigate the impact of the Heartbleed OpenSSL bug revealed this week. But, it because of a "shared security" model that AWS operates under, some customers can take action if they want to take extra precautions to ensure the vulnerability does not impact their operations.

In a blog post, AWS recommends that customers using the popular Elastic Compute Cloud (EC2) service – which provides virtual machine images – who implement OpenSSL on their own Linux images should update VMs to ensure the OpenSSL patch is in place. "As an added precaution, we recommend that you rotate any secrets or keys (e.g. your SSL certificates) that were used by the affected OpenSSL process," AWS recommends. AWS provides instructions on its blog of how to update Amazon Linux, Red Hat Enterprise Linux and Ubuntu VMs…

Other AWS services could be impacted too. In the Elastic Load Balancing services (ELBs) and CloudFront content management services, AWS says that load balancers across all regions have been updated. AWS says that "as an added precaution, we recommend that you rotate your SSL certificates" for both ELBs and CloudFront. The blog post links to directions of how to do this as well…

Read more from the source @ http://www.networkworld.com/community/node/85208

Subscribe to the CloudCow bi-monthly newsletter @ http://eepurl.com/smZeb