-1

I have a general security question related to data sharing between ec2 services. I have 2 ec2 instances in the same aws region which communicate with each other over a Java Socket on a specific port (lets say 27200). I've set the firewall on their security-group so that they only accept connections from each-other over this port and not from any other ip. Is it needed to encrypt this connection with SSL to protect from someone listening in or is this impossible anyway?

user143278
  • 47
  • 2

2 Answers2

1

To answer your specific general question, people on the big bad internets cant snoop this intra server communication. EC2 instance traffic within the same availability zone will go over Amazon's infrastructure. But as a general security principle, if you want traffic protected, encrypt it, always.

Sirch
  • 5,785
  • 4
  • 20
  • 36
  • Does this mean that ssl would be to protect only from the case where attackers managed to hack into an amazon data centre and monitor its internal network? – user143278 Jul 28 '13 at 12:12
  • If you dont know what you are doing, the most likely attack vector is your own machines. – Sirch Jul 28 '13 at 12:16
1

The notion of an internet-facing port being "private" is somewhat dubious. Without encryption, the traffic can be sniffed. Communications between servers could be vulnerable to a man in the middle attack. There are multiple methods by which an attacker can spoof an IP address, and this might allow them to send malicious packets to either of the servers.

Communications between servers might need be private, authenticated, or both. You might be able to secure communication with SSL/TLS. Although there are other cryptographic aproaches as well.

fiftytwocards
  • 36
  • 2