AWS Security Monitoring Checklist — Part 2
In Part One, we covered some important security configurations checklists relating to AWS objects such as S3, IAM and Cloudtrail. In this installment, we will continue exploring more configurations of other AWS objects.
Learn Cloud Security
AWS Virtual Private Cloud (VPC)
AWS VPC provides an isolated network within the AWS cloud. It's like an elongated organization network connected over a VPN network. VPC helps control the configuration of gateways, routers and so forth, and provides an additional layer of security for organizations moving towards use of the AWS cloud. Following is a security monitoring checklist for every security team performing monitoring of VPC:
Security Monitoring Checklist
- Monitoring of AWS VPC to ensure that no network ACL exists which allow ingress traffic from all ports
- Monitoring of AWS VPC to ensure that no network ACL exists which allow egress traffic to all ports
- Monitoring of AWS VPC to find unused virtual private gateways
- Monitoring of AWS VPC to find if any VPC endpoint is exposed by checking for principal value in policy
- Monitoring of AWS VPC to find out if flow logs have been enabled or not
AWS Elastic Cloud Compute (EC2)
AWS EC2 is a unit which can be provisioned on demand and can be scaled up or down as per requirement. Following is the EC2 checklist for security monitoring:
Security Monitoring Checklist
- Monitoring of AWS EC2 to ensure they are not using any blacklisted AMIs
- Monitoring of AWS EC2 to ensure they are not using a default security group
- Monitoring of AWS EC2 to ensure that there is no security group with unrestricted outbound access
-
Monitoring of AWS EC2 to ensure that there is no unrestricted inbound access to following services:
- FTP
- MSSql
- MySql
- MongoDB
- SMTP
- Telnet
- SSH
- Netbios access
- (And so on)
- FTP
- Monitoring of AWS EC2 to ensure that unused EC2 keypairs are decommissioned
AWS Elastic Load Balancer (ELB)
AWS ELB is a service that balances the incoming load among backend EC2 instances. It's like a normal load balancer in traditional IT organization. Following is the checklist for ELB security monitoring:
Security Monitoring Checklist
- Monitoring of AWS ELB to ensure that no insecure protocols or ciphers are deployed. This is generally decided by the organization per their current compatibility and security standards, which should be followed by best practices such as server order preference
- Monitoring of AWS ELB to ensure that it has a valid Security Group associated with it
- Monitoring of AWS ELB to ensure that it has the latest security policies deployed
AWS Elastic Block Storage (EBS)
AWS EBS is a service that provides block-level storage attached to EC2.These EBS volumes work independently. Following is the checklist for EBS security monitoring:
Security Monitoring Checklist
- Monitoring of AWS EBS to ensure that it is encrypted
- Monitoring of AWS ELB to ensure that it is encrypted with KMS CMKs, in order to have full control over keys
- Monitoring of AWS ELB to ensure that the EBS snapshots are not publicly available
- Monitoring of AWS ELB to ensure that the EBS snapshot is also encrypted
AWS Relational Database Service (RDS)
AWS RDS is a service that allows to quickly provision, operationalize and scale relational databases. Following is the checklist for RDS security monitoring:
Security Monitoring Checklist
- Monitoring of AWS RDS to ensure that the DB security groups do not allow unrestricted inbound access. It should be noted that DB security groups were possible for EC2 classic instances before 04/12/2013. After that date, only EC2-VPC instances are supported, which in turn use VPC security groups
- Monitoring of AWS RDS to ensure that the Auto Minor version feature is enabled
- Monitoring of AWS RDS to ensure that the RDS instances are encrypted
- Monitoring of AWS RDS to ensure that RDS instances are encrypted using KMS CMKs, in order to have full control
- Monitoring of AWS RDS to ensure that the RDS instances are not publicly accessible
- Monitoring of AWS RDS to ensure that RDS snapshots are not publicly accessible
- Monitoring of AWS RDS to ensure that RDS snapshots are encrypted
AWS Redshift
AWS Redshift is a data warehouse service which provides a cost-efficient and simple way to analyze data trends using existing business tools. Following is the checklist for Redshift security monitoring:
Security Monitoring Checklist
- Monitoring of AWS RDS to ensure that Redshift clusters are encrypted
- Monitoring of AWS RDS to ensure that encrypted Redshift clusters are using KMS CMKs for full control
- Monitoring of AWS RDS to ensure that Redshift clusters are not publicly available
- Monitoring of AWS RDS to ensure that activity logging is enabled
- Monitoring of AWS RDS to ensure that Redshift clusters are launched within VPC
This completes our coverage of other important AWS objects and their respective checklists for security monitoring.
Sources
Getting Started with Amazon RDS
Amazon Elastic Block Store (EBS)
Learn Cloud Security