This post presents with a few bunches of AWS network security checklist. It is basically a curated list of items that needs to checked in AWS control panel/console for improved security. Please be noted that, this checklist is tailored specifically for AWS and can be implemented only by configuring the AWS console. Other code level and server level security measures should be done seperately.
| 1 | Enable CloudTrail logging across all AWS. |
| 2 | Turn on CloudTrail log file validation. |
| 3 | Enable CloudTrail multi-region logging. |
| 4 | Integrate CloudTrail with CloudWatch. |
| 5 | Enable access logging for CloudTrail S3 buckets. |
| 6 | Enable access logging for Elastic Load Balancer (ELB). |
| 7 | Enable Redshift audit logging. |
| 8 | Enable Virtual Private Cloud (VPC) flow logging. |
| 9 | Require multifactor authentication (MFA) to delete CloudTrail buckets. |
| 10 | Turn on multifactor authentication for the “root” account. |
| 11 | Turn on multi-factor authentication for IAM users. |
| 12 | Enable IAM users for multi-mode access. |
| 13 | Attach IAM policies to groups or roles. |
| 14 | Rotate IAM access keys regularly, and standardize on the selected number of days. |
| 15 | Set up a strict password policy. |
| 16 | Set the password expiration period to 90 days and prevent reuseCustomer Visualforce pages with standard headers. |
| 17 | Don’t use expired SSL/TLS certificates. |
| 18 | User HTTPS for CloudFront distributions. |
| 19 | Restrict access to CloudTrail bucket. |
| 20 | Encrypt CloudTrail log files at rest. |
| 21 | Encrypt Elastic Block Store (EBS) database. |
| 22 | Provision access to resources using IAM roles. |
| 23 | Ensure EC2 security groups don’t have large ranges of ports open. |
| 24 | Configure EC2 security groups to restrict inbound access to EC2. |
| 25 | Avoid using root user accounts. |
| 26 | Use secure SSL ciphers when connecting between the client and ELB. |
| 27 | Use secure SSL versions when connecting between client and ELB. |
| 28 | Use a standard naming (tagging) convention for EC2. |
| 29 | Encrypt Amazon’s Relational Database Service (RDS). |
| 30 | Ensure access keys are not being used with root accounts. |
| 31 | Use secure CloudFront SSL versions. |
| 32 | Enable the require_ssl parameter in all Redshift clusters. |
| 33 | Rotate SSH keys periodically. |
| 34 | Minimize the number of discrete security groups. |
| 35 | Reduce number of IAM groups. |
| 36 | Terminate unused access keys. |
| 37 | Disable access for inactive or unused IAM users. |
| 38 | Remove unused IAM access keys. |
| 39 | Delete unused SSH Public Keys. |
| 40 | Restrict access to Amazon Machine Images (AMIs). |
| 41 | Restrict access to EC2 security groups. |
| 42 | Restrict access to RDS instances. |
| 43 | Restrict access to Redshift clusters. |
| 44 | Restrict access to outbound access. |
| 45 | Disallow unrestricted ingress access on uncommon ports. |
| 46 | Restrict access to well-known ports such as CIFS, FTP, ICMP, SMTP, SSH, Remote desktop. |
| 47 | Inventory and categorize all existing custom applications by the types of data stored, compliance requirements and possible threats they face |
| 48 | Involve IT security throughout the development process. |
| 49 | Grant the fewest privileges as possible for application users. |
| 50 | Enforce a single set of data loss prevention policies across custom applications and all other cloud services. |
| 51 | Encrypt highly sensitive data such as protected health information (PHI) or personally identifiable information (PII). |
As a LastPass user, you might have noticed the changes introduced last day. The message… Read More
What is this web security checklist? Here is a curated web security checklist for developers… Read More
In the last part of the blog series we have seen the history of internet… Read More
Welcome back budding pen-testers. :) In the first part of the blog series we have… Read More
Last day I was riddling with Evilginx, a phishing attack tool. It needs to be… Read More
I have been using an older version of Kali Linux. I used to update occasionally.… Read More
View Comments
thank you for this awesome content. I was preparing for my exam and this helped me a lot.