Atlantic Business Technologies, Inc.

Author: Chase Casadonte

  • How to Grant Transparency on Amazon Web Services

    When you start working with an Amazon Web Services partner, transparency is important. On the one hand, these cloud experts need to have a good deal of information to do their best work on your AWS environment. On the other hand, you need to know you can trust these AWS engineers with your sensitive information and processes. This kind of trust and transparency is tough while you and your potential partner are negotiating the business relationship. And before a contract has been signed. That’s why it’s important to know how to grant read-only access on AWS.

    Why Read-Only AWS Access Is Important

    Read-only access in an AWS environment is useful for when someone needs to look into your cloud environment WITHOUT being able to change anything. This way an AWS vendor can view a potential client’s setup and existing AWS applications before signing a contract and committing to helping them with AWS environments.

    In addition, often the business users who negotiate a new AWS partner relationship aren’t as well-versed in the specific needs of their own system (unlike their IT team). By granting read-only access for a potential new vendor, business users can get a better sense of what their AWS needs are and what kind of environment will work best for their business. If you want to handle technical debt (things that your system is doing/running that you aren’t aware of), providing this kind of visibility is helpful for your vendor relationship to begin with the right kind of understanding and transparency.  

    While AWS has extensive documentation about sharing views of an AWS environment, these descriptions can be intimidating to less technical users. What follows is a step-by-step guide for  how to grant read-only access to your AWS account.

    GUIDE: How to Create Read-Only Access on AWS

     From the main console screen, type in IAM. And select the suggested link.

    AWS services screenshot

    From the IAM dashboard select the Users section and then Add user button.

    Enter the new username for your read-only user (ABT_ReadOnly in this example), select the Programmatic access and AWS Management Console Access. Then select Next: Permissions.

    AWS Set User Details screenshot

    Select the Attach existing policies directly button, then use the search bar to search for ReadOnlyAccess policy. Select the check box beside that policy. Then select Next: Review.
    *NOTE: it’s imperative that you select Read Only Access Policy and set the right permissions. Otherwise you’ll grant too much control to your potential new party.

    AWS Set Permissions ScreenshotSelect Create user.

    Final create user screen on AWSOn this screen, you will need to share the following credentials with your new user: the access key id, the secret access key (select the show option), and the password (select the show option)

    You can also download the keys with the download .csv button and provide that csv with the password to your AWS vendor. Your AWS vendor will also need the link shown in the green window where it says “Users with AWS Management Console access can sign-in at:___________ “. This link will allow your new user to sign in.

    If any of these steps have you stuck, or if you’d like to ask questions about AWS user privileges, my team will be glad to help. Please reach out to us on the ABT contact form, or take a closer look at our AWS services page.

  • WPA2 Protocol Has Been Compromised. Time to Encrypt.

    As of this week, the main protocol used by wireless routers, WPA2, has been compromised. The scary thing about this new hack is it affects a protocol not specific to a system or hardware. This means that no matter what wireless device you use, whether it be Android, iOS, OS X or Windows, your system can be affected. While device and software manufacturers scramble to patch their systems, the seriousness of this hack underscores the importance of enforcing encrypted traffic via http or VPN (on all avenues regardless of a service’s importance.)

    What Does WPA2 Security Mean For You?

    Your internet connection relies on wireless and wired networking, which are divided into distinct transport layers called the OSI Model in IT Parlance (If you work with any network engineers, feel free to pick their mind on this.). The protocol used to encrypt wireless transmissions is included in layers 1 and 2 of the 7 layer OSI model.

    You can think of the OSI model like the logistics of Amazon shipping. The item that you order goes into a brown box, which then goes into a delivery truck. The delivery truck takes the package to an airport, the package gets on a plane, and the plane flies to another airport. Finally, the package is unloaded onto another truck, and eventually delivered to your door. To fit my above allegorical example, with the WPA2 crack, it’s like the bad guys (hackers) have hijacked the delivery truck on the way to your house.

    How Can You Protect Your Data?

    There is a way to protect your packages, however, and it doesn’t involve exotic security systems or advanced technologies. The solution lies in encryption, something which the majority of websites should already be doing. Notice that the website this article is hosted on uses the HTTPS green lock icon in the URL bar above. This lock icon signals that the server where the site is hosted and the browser you’re using to read this article have entered into a “trust relationship.” In a trust relationship, the browser is able to accept and decrypt data from the server with certainty that the information has not been tampered with or read.

    To illustrate how encryption would work in the context of bad guys hijacking the Amazon delivery truck, think of your encrypted package as a small transportable safe being shipped. The bad guys can see it, but they can’t open it up and have no idea what’s inside. If they do somehow manage to open it (unlikely), you’ll know because your package will be opened upon delivery.

    The HTTPS protocol is not the only way you can protect your data in flight. A “VPN”, or virtual private network, also provides transport-level encryption to protect your intercepted data from being read or tampered with. Setting up a VPN is trivially simple for a single user and there are tons of companies that offer affordable VPN plans.

    The goal of this is post is to illustrate that even though the wireless protocol itself was compromised, you can still protect yourself AND your data by following relatively simple security procedures. If you happen to be facing a difficult cybersecurity challenge, or just need general advice, contact Atlantic BT. Our security experts have decades of combined experience and are here to solve any problem you encounter.