AWS Security Monitoring Checklist — Part 2
In Part One, we covered some important security configurations checklists relating to AWS objects such as S3, IAM and Cloudtrail. In this installment, we will continue exploring more configurations of other AWS objects.
Learn Cloud Security
AWS Virtual Private Cloud (VPC)
AWS VPC provides an isolated network within the AWS cloud. It's like an elongated organization network connected over a VPN network. VPC helps control the configuration of gateways, routers and so forth, and provides an additional layer of security for organizations moving towards use of the AWS cloud. Following is a security monitoring checklist for every security team performing monitoring of VPC:
Security Monitoring Checklist
- Monitoring of AWS VPC to ensure that no network ACL exists which allow ingress traffic from all ports
- Monitoring of AWS VPC to ensure that no network ACL exists which allow egress traffic to all ports
- Monitoring of AWS VPC to find unused virtual private gateways
- Monitoring of AWS VPC to find if any VPC endpoint is exposed by checking for principal value in policy
- Monitoring of AWS VPC to find out if flow logs have been enabled or not
AWS Elastic Cloud Compute (EC2)
AWS EC2 is a unit which can be provisioned on demand and can be scaled up or down as per requirement. Following is the EC2 checklist for security monitoring:
Security Monitoring Checklist
- Monitoring of AWS EC2 to ensure they are not using any blacklisted AMIs
- Monitoring of AWS EC2 to ensure they are not using a default security group
- Monitoring of AWS EC2 to ensure that there is no security group with unrestricted outbound access
-
Monitoring of AWS EC2 to ensure that there is no unrestricted inbound access to following services:
- FTP
- MSSql
- MySql
- MongoDB
- SMTP
- Telnet
- SSH
- Netbios access
- (And so on)
- FTP
- Monitoring of AWS EC2 to ensure that unused EC2 keypairs are decommissioned
AWS Elastic Load Balancer (ELB)
AWS ELB is a service that balances the incoming load among backend EC2 instances. It's like a normal load balancer in traditional IT organization. Following is the checklist for ELB security monitoring:
Security Monitoring Checklist
- Monitoring of AWS ELB to ensure that no insecure protocols or ciphers are deployed. This is generally decided by the organization per their current compatibility and security standards, which should be followed by best practices such as server order preference
- Monitoring of AWS ELB to ensure that it has a valid Security Group associated with it
- Monitoring of AWS ELB to ensure that it has the latest security policies deployed
AWS Elastic Block Storage (EBS)
AWS EBS is a service that provides block-level storage attached to EC2.These EBS volumes work independently. Following is the checklist for EBS security monitoring:
Security Monitoring Checklist
- Monitoring of AWS EBS to ensure that it is encrypted
- Monitoring of AWS ELB to ensure that it is encrypted with KMS CMKs, in order to have full control over keys
- Monitoring of AWS ELB to ensure that the EBS snapshots are not publicly available
- Monitoring of AWS ELB to ensure that the EBS snapshot is also encrypted
AWS Relational Database Service (RDS)
AWS RDS is a service that allows to quickly provision, operationalize and scale relational databases. Following is the checklist for RDS security monitoring:
Security Monitoring Checklist
- Monitoring of AWS RDS to ensure that the DB security groups do not allow unrestricted inbound access. It should be noted that DB security groups were possible for EC2 classic instances before 04/12/2013. After that date, only EC2-VPC instances are supported, which in turn use VPC security groups
- Monitoring of AWS RDS to ensure that the Auto Minor version feature is enabled
- Monitoring of AWS RDS to ensure that the RDS instances are encrypted
- Monitoring of AWS RDS to ensure that RDS instances are encrypted using KMS CMKs, in order to have full control
- Monitoring of AWS RDS to ensure that the RDS instances are not publicly accessible
- Monitoring of AWS RDS to ensure that RDS snapshots are not publicly accessible
- Monitoring of AWS RDS to ensure that RDS snapshots are encrypted
AWS Redshift
AWS Redshift is a data warehouse service which provides a cost-efficient and simple way to analyze data trends using existing business tools. Following is the checklist for Redshift security monitoring:
Security Monitoring Checklist
- Monitoring of AWS RDS to ensure that Redshift clusters are encrypted
- Monitoring of AWS RDS to ensure that encrypted Redshift clusters are using KMS CMKs for full control
- Monitoring of AWS RDS to ensure that Redshift clusters are not publicly available
- Monitoring of AWS RDS to ensure that activity logging is enabled
- Monitoring of AWS RDS to ensure that Redshift clusters are launched within VPC
This completes our coverage of other important AWS objects and their respective checklists for security monitoring.
Sources
Getting Started with Amazon RDS
Amazon Elastic Block Store (EBS)
Learn Cloud Security
Learn Cloud Security
Build your cloud security skills and get hands-on experience in Infosec Skills. What you'll learn:- Cloud architecture
- Cloud management
- Cloud pentesting
- CSP security features
- And more
In this Series
- AWS Security Monitoring Checklist — Part 2
- The rise of cloud computing: Trends and predictions
- Understanding the basics of cloud infrastructure: What you need to know
- How cloud security, data privacy, and cybersecurity convergence drives successful careers
- Secure cloud computing: What you need to know
- Working across multiple cloud service providers: CSP security learning path
- Securing cloud-based applications training: What you need to know
- Security risks of cloud migration
- DevSecOps in the Azure Cloud
- Amazon Athena Security: 6 essential tips
- Securing cloud endpoints: What you should know
- AWS security and compliance overview
- CloudGoat walkthrough series: IAM privilege escalation by attachment
- CloudGoat walkthrough series: EC2 server-side request forgery (SSRF)
- CloudGoat walkthrough series: Remote code execution
- CloudGoat walkthrough series: Lambda Privilege Escalation
- Information security strategy for the hybrid and multi-cloud
- CloudGoat walkthrough series: Cloud Breach S3
- CloudGoat walkthrough series: IAM privilege escalation by rollback
- Working with CloudGoat: The “vulnerable by design” AWS environment
- Malicious Amazon Machine Images (AMIs)
- Key findings from Ponemon’s State of Vulnerability Management in the Cloud and On-Premises report
- Cloud Pentesting Certification Boot Camp: The ultimate guide
- Cloud Based IDS and IPS Solutions [Updated 2019]
- AWS Security Monitoring Checklist [Updated 2019]
- Amazon Inspector: A cloud-based vulnerability assessment tool
- System administrator vs. cloud administrator
- 5 key cloud security use cases
- Deep Packet Inspection in the Cloud
- Honeypots in the Cloud
- Biometrics in the Cloud
- Open-Source Intelligence Collection in Cloud Platforms
- How to Safeguard Against the Privacy Implications of Cloud Computing
- AWS Cloud Security for Beginners — Part 2
- AWS Cloud Security for Beginners — Part 1
- Rise of the Rogue Cloud: The Fundamental Security Mistake Enterprises Make and How to Correct It
- Controlling the Risks of Cloud-Enabled End-Point Security Products
- The Ultimate Guide to CCSP Certification
- Five Reasons Why Security Professionals Need the Cloud
- Amazon S3 Buckets-Hardening
- Cloud Service Reconnaissance
- Cloud Computing Security: Be Secure Before Moving to Cloud
- Cloud Technology Bringing New Possibilities in Threat Management
- Attacking the Cloud
- Man in the Cloud Attacks: Prevention and Containment
- Cloud originated DDoS attacks
- Where Is Your Data Safer? In the Cloud Or On Premise?
- DDOS Protection for Public Cloud Customers
- Security Barriers in the Adaptation of Cloud Technology
- SIEM as a Service
- Cloud Security Incident Compensation
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Cloud security
Cloud security