How to Secure Web Apps Running on Linux EC2 Instance

Posted by Craig Jorgensen
Craig Jorgensen

If your organization is running a web application, you are likely to use EC2. Further, there is a high likelihood your instances are all Linux. Linux systems are robust and a suitable first choice for server applications like a MEAN stack express.js web server, an application built using open source LAMP stack, commercial proprietary software, or basic server using Apache or Nginx. Linux is also very widely used for both SQL and NoSQL database applications like Redis, Mongo, or Postgres or MySQL.

How to Secure Web Apps Running on Linux EC2 InstancePhoto by Divyadarshi Acharya on Unsplash

These days Linux EC2 instances on AWS are most commonly employed to serve a cloud instance that can be accessed using SSH from anywhere on the Internet. They allow for backend operations like debugging, development, and production support. However, this raises a very particular question: has the server accidentally become available on a publicly accessible port?

Such architecture has been quite popular and widely accepted as the norm in IT applications since the maintainability, accessibility, data center facilities, and load balancing can easily be made available using AWS. However, one big security challenge comes with these standard setups: malicious actors are also very aware and deeply understand these setups. 

With malicious actors possessing in-depth knowledge, they can exploit vulnerabilities at a larger scale and affect a lot more people and organizations all at once. To ensure sanity and continued durability of services, we must follow some rules to protect us from such unwanted events. 

 

How to implement security in Linux servers?

One must be cautious since there is no such thing as an entirely secure system (including Linux servers). Attackers can always find a way to break into a system. We must simply make the cost of doing so higher than the intended value the attacker gets out of it.

Typically disgruntled employees, competitors, or some rogue hackers attempt such cheap tricks. No matter the intent, we must make malicious actors’ life more complicated and bear minor inconveniences to protect our systems in the long run better. This article only covers the minimum coverage necessary for running apps in EC2 instances.

 

SSH Security Mechanisms

Always be vigilant and monitor logs and for abnormal behavior, login attempts outside the geographical locations of users, and activity that seems suspicious. Since SSH is the primary privileged access method, let’s first dive SSH.

To secure remote SSH access, you can either:

  • access based source IP access if the users have a static IP
  • Via two factor authentication

Since AWS and EC2 Linux instances are used in conjunction, anybody with your private key can log in to your cloud instance. So, keep your cloud key secure! By accessing one system, a malicious actor can quickly gain access to another. A step you can take to prevent unwarranted access is to understand the default security settings and improve them. Default settings are going to be the first point of attack for a malicious actor. You can use secondary tools to enhance app security even further.

According to Moore's Law, technology advances at a breakneck pace; thus, we need to review security standards regularly. What we consider to be cryptographically secure today may not be tomorrow. 

Additional steps to take into consideration:

  • Allow only the minimum number of ports accessible from external sources. (preferably only your web application’s HTTPS port 443 if you can)
  • If you allow payments on your web application, make sure to add additional security about payment processing. (Make sure to be PCI compliant for card transactions)

Conclusion

With web applications, constant vigilance is required when keeping both your and your user’s data secure. First and foremost, NEVER USE THE DEFAULT SECURITY SETTINGS!! Always customize your credentials and change admin settings. Next, it is an excellent idea to utilize secondary forms of security, such as minimizing port access and using SSL where possible to encrypt communications. Take these necessary precautions, and you’ll find that most malicious actors will move on to easier prey.

Did you enjoy this content? Follow our linkedin page!

 

Looking for similar content?

Craig Jorgensen

Written by Craig Jorgensen

I'm a recent graduate from South Dakota State University with a degree in Computer Science. For me programming is both a passion and an occupation, but have been broadening my horizons as Customer Success Manager with Query.AI, where we are using Natural Language Processing to allow users to “talk to your data”.