Amazon Web Service Microservice Security Analysis
DOI:
https://doi.org/10.22335/rlct.v14i2.1546Keywords:
Encryption, cipher, computer crime, data securityAbstract
The increase in the use of information systems, of communications through the Internet in recent decades and the possibility of sharing data instantly have brought with them terms such as cybersecurity, since, from the beginning, there have been unscrupulous people who want to obtain confidential information, that is why new attack vectors are invented every year and with it new methods to persuade them, there is currently a growing boom on technologies based on microservices and cloud computing, this due to its high scalability, maintainability and facility to create infrastructure safely. Amazon web services offers various services that allow you to convert simple platforms into robust applications with different connections, using different technologies and databases, as well as allowing you to add security to both the applications and the data, this last concept is the main source of any system. This is why in this article an exploration of the encryption on databases and documents is made, using AWS services such as Key management server, Relational database service and S3, at the end it will be found that the encrypted files and databases will not be readable by malicious people, in case an attack materializes.
Downloads
References
Abdullah, A. M. (2017). Advanced Encryption Standard (AES) algorithm to Encrypt and Decrypt Data. Cryptography and Network Security, 16: 1-12.
Amazon Web Services. (2020). Guía para desarrolladores: AWS Key Management Service. https://docs.aws.amazon.com/es_es/kms/latest/developerguide/kms-dg.pdf#overview
Amazon Web Services. (SF). Amazon Elastic Block Store (EBS) Almacenamiento en bloque de alto rendimiento y con facilidad de uso a cualquier escala. https://aws.amazon.com/es/ebs/
Amazon Web Services. (SF). Amazon Elastic Container Service (Amazon ECS), Ejecutar contenedores de alta seguridad, fiables y escalables. https://aws.amazon.com/es/ecs/
Amazon Web Services. (SF). AWS cryptographic services and tools guide: Cryptographic algorithms. https://docs.aws.amazon.com/crypto/latest/userguide/crypto-ug.pdf#concepts-algorithms
Amazon Web Services. (SF). Secrets Manager, Alterne, administre y recupere fácilmente credenciales de bases de datos, claves API y otros datos confidenciales durante todo su ciclo de vida. https://aws.amazon.com/es/secrets-manager/
ARN From IDG. (SF). Top 10 most notorious cyber attacks in history. https://www.arnnet.com.au/slideshow/341113/top-10-most-notorious-cyber-attacks-history/
Ceballos, A., Bautista, F., Mesa, L., Argáez, C., Durán, A., Miranda, F. & Santos, H. (2019). Tendencias cibercrimen Colombia 2019-2020. https://caivirtual.policia.gov.co/sites/default/files/tendencias_cibercrimen_colombia_2019_-_2020_0.pdf
Computing. (2010). Cloud Computing, una perspectiva para Colombia. http://www.interactic.com.co/dmdocuments/clud_computing.pdf
Computing. (2020). Los 10 ciberataques más grandes de la década. https://www.computing.es/seguridad/noticias/1116703002501/10-ciberataques-mas-grandes-de-decada.1.html
Data Breach. (2019). Amadeus Traveler Data Exposed in a Thwarted Data Leak. https://www.databreaches.net/amadeus-traveler-data-exposed-in-a-thwarted-data-leak/
Digital Information World. (2021). Canalys Report Predicts That Cybersecurity Will Demonstrate an Estimated 10 percent Growth. https://www.digitalinformationworld.com/2021/01/canalys-report-predicts-that.html
Encrypting Amazon RDS resources - Amazon Relational Database Service. https://aws.amazon.com/es/secrets-manager/
Interpol. (2020). Ciberamenazas relacionadas con la COVID-19. https://www.interpol.int/es/Delitos/Ciberdelincuencia/Ciberamenazas-relacionadas-con-la-COVID-19
Lyons, J. (2021). Worst Cyberattacks of 2021 (So Far). SDXCentral. https://www.sdxcentral.com/articles/news/worst-cyberattacks-of-2021-so-far/2021/
McGrew, D., y Viega, J. (2008). The security and performance of the Galois/Counter Mode (GCM) of operation (full version). http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/gcmgcm-ad.pdf
Mehrotra, K., y Turton, W. (2021). CNA Financial Paid $40 Million in Ransom After March Cyberattack. https://www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack?sref=ExbtjcSG
Naren, J., Sowmya, S., & Deepika, P. (2014). Layers of Cloud – IaaS, PaaS and SaaS: A Survey. International Journal of Computer Science and Information Technology, 5(3): 4477-4480.
Pagnnota, S. (2016). Los 10 incidentes de seguridad más grandes de 2016. https://www.welivesecurity.com/la-es/2016/12/29/incidentes-de-seguridad-mas-grandes/
Centro Cibernético Policial. (2020). Balance Cibercrimen. https://caivirtual.policia.gov.co/sites/default/files/balance_cibercrimen_2020_-_semana_45.pdf
Stack Overflow. (2021). Developer Survey 2021. https://insights.stackoverflow.com/survey/2021#overview
The Hacker News. (2016). 427 Million Myspace Passwords leaked in major Security Breach. https://thehackernews.com/2016/06/myspace-passwords-leaked.html
Waldman, A. (2021) 10 of the biggest cyber attacks of 2020. https://www.techtarget.com/searchsecurity/news/252494362/10-of-the-biggest-cyber-attacks
Downloads
Published
Versions
- 2022-09-27 (6)
- 2022-09-26 (5)
- 2022-08-31 (4)
- 2022-08-02 (3)
- 2022-08-02 (2)
- 2022-06-30 (1)
Issue
Section
License
Copyright (c) 2022 Revista Logos Ciencia & Tecnología
This work is licensed under a Creative Commons Attribution 4.0 International License.
This journal provides free and immediate access to its content (https://creativecommons.org/licenses/by/4.0/legalcode#languages), under the principle that making research available to the public free of charge supports greater global knowledge exchange. This means that the authors transfer the Copyrights to the journal, so that the material can be copied and distributed by any means, as long as the authors’ recognition is maintained, and the articles are not commercially used or modified in any way.
