Welcome! Log In Create A New Profile

Advanced

Memcached Security and You

Posted by Dustin 
Dustin
Memcached Security and You
August 08, 2010 12:30PM
I wrote a blog post on memcached security since people keep talking
about it:

http://dustin.github.com/2010/08/08/memcached-security.html

Please either argue with me about it (it's approaching 4, so that's
probably not my best writing), or make people look at it. Maybe
both. If you have more, we'll link to more.

Basically, it comes down to this:

1) Don't run public services you don't intend to.
2) Don't run memcached as root (I can't imagine why someone would
do this, but I mention it whenever I can).

Amazon sent out an email to many of their users pointing out the
misconfigurations (see below). They referred to a ``vulnerability.''
I don't particularly like that word, but if it'll make people think
about it, sure. The vulnerability here is that a service that you
have no business (or in most cases, even desire to be) running
publicly has ``features'' you didn't know about that let people do
more than just slow your site down.

-------
We've sent you this email to let you know that we have observed that
you may be running memcached in an insecure configuration.
Specifically, we have noticed that you have at least one security
group that allows the whole internet to have access to the port most
commonly used by memcached (11211).

There has been a lot of recent attention by the security community
about the lack of access controls on memcached and recently some
exploits have been published. This has highlighted the importance of
running with strict access controls. While we are not aware of any
unauthorized access to your Amazon EC2 instances, we do believe you
should have your technical team look at this immediately.

We suggest that you audit your security group settings and restrict
access to only the instances and IP addresses that need access. Most
users only authorize other Amazon EC2 instances to access their
memcached server. If you need to access your memcached server from
outside of Amazon EC2, you can also authorize just trusted addresses
to access your security group.

If you need additional assistance, you can reach our Premium Support
team by sending email to aws-security-support@amazon.com.
-------
Loganaden Velvindron
Re: Memcached Security and You
August 08, 2010 09:30PM
Replied ;-)

//Logan
C-x-C-c

On Sun, Aug 8, 2010 at 2:24 PM, Dustin <[email protected]> wrote:

>
> I wrote a blog post on memcached security since people keep talking
> about it:
>
> http://dustin.github.com/2010/08/08/memcached-security.html
>
> Please either argue with me about it (it's approaching 4, so that's
> probably not my best writing), or make people look at it. Maybe
> both. If you have more, we'll link to more.
>
> Basically, it comes down to this:
>
> 1) Don't run public services you don't intend to.
> 2) Don't run memcached as root (I can't imagine why someone would
> do this, but I mention it whenever I can).
>
> Amazon sent out an email to many of their users pointing out the
> misconfigurations (see below). They referred to a ``vulnerability.''
> I don't particularly like that word, but if it'll make people think
> about it, sure. The vulnerability here is that a service that you
> have no business (or in most cases, even desire to be) running
> publicly has ``features'' you didn't know about that let people do
> more than just slow your site down.
>
> -------
> We've sent you this email to let you know that we have observed that
> you may be running memcached in an insecure configuration.
> Specifically, we have noticed that you have at least one security
> group that allows the whole internet to have access to the port most
> commonly used by memcached (11211).
>
> There has been a lot of recent attention by the security community
> about the lack of access controls on memcached and recently some
> exploits have been published. This has highlighted the importance of
> running with strict access controls. While we are not aware of any
> unauthorized access to your Amazon EC2 instances, we do believe you
> should have your technical team look at this immediately.
>
> We suggest that you audit your security group settings and restrict
> access to only the instances and IP addresses that need access. Most
> users only authorize other Amazon EC2 instances to access their
> memcached server. If you need to access your memcached server from
> outside of Amazon EC2, you can also authorize just trusted addresses
> to access your security group.
>
> If you need additional assistance, you can reach our Premium Support
> team by sending email to aws-security-support@amazon.com.
> -------




--
`` Real men run current !''
Sorry, only registered users may post in this forum.

Click here to login