SecuringS3

docx

School

South University *

*We aren’t endorsed by this school

Course

670

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

3

Uploaded by groupmage

Report
Protecting Data in S3 Data stored in BallotOnline’s S3 buckets may contain highly sensitive information, such as voter records, names, addresses, and other identifying factors of our company’s consumer base. With this in mind, we must remain security-minded with all of our resources, and that’s where Amazon GuardDuty comes in. With Amazon GuardDuty, customers are able to watch out for odd or unexpected activity in one or more AWS accounts. To do this, logs like VPC Flow Logs, CloudTrail Event Logs, and DNS Logs are analyzed and kept an eye on. Furthermore, Amazon GuardDuty gathers information from several sources and focuses on threat detection by looking for known malicious IP addresses and URLs as well as abnormalities. GuardDuty’s capabilities allow BallotOnline to more effectively safeguard the sensitive information contained within our network. Creating the S3 Template -We begin the lab by creating a stack in CloudFormation with the provided template. As seen in the visualizer, the template creates an S3 bucket with the necessary policies and configurations to replicate BallotOnline’s buckets.
Enabling Protection for S3 - Using GuardDuty, we can actively detect malicious or unauthorized activity in our account and services, including S3. By analyzing CloudTrail S3 data events, GuardDuty continuously monitors activity on our S3 buckets. We proceeded with enabling GuardDuty on our account, and our S3 Protection is automatically activated.
Findings are made by GuardDuty whenever it notices something strange or suspicious happening in your AWS account. A finding is an alert that tells you about a possible security risk that the GuardDuty service has found. The finding details include information about the finding actor, the AWS resource(s) that were used in the unusual behavior, the time the activity took place, and other things. Some examples of findings are: - Discovery:S3/MaliciousIPCaller: This finding tells you that an S3 API action was called from an IP address that has been linked to known malicious or illicit behavior. The noticed API is often linked to the discovery part of an attack, which is when an attacker is learning about your AWS environment. - PenTest:S3/KaliLinux: This finding tells you that an AWS account is being used to make S3 API calls from a computer running Kali Linux. Someone might have gotten hold of your passwords. Professionals in the field of security use Kali Linux to find holes in EC2 servers that need to be fixed through penetration testing. Attackers also use this tool to find holes in your EC2 setup and get into your AWS system without permission. - Policy:S3/BucketBlockPublicAccessDisabled: This finding tells you that the S3 bucket's Block Public Access setting was turned off. When turned on, the S3 Block Public Access settings limit the policies or access control lists (ACLs) that are applied to buckets as a safety measure to keep data from accidentally becoming public. Normally, S3 Block Public view is turned off on a bucket so that anyone can view it and the items in it. When S3 Block Public Access is turned off for a bucket, the rules or ACLs that are set up for the bucket control who can access it. This doesn't mean that the bucket is open to everyone, but you should check the policies and ACLs that are applied to it to make sure that the right clearances are given. - Stealth:S3/ServerAccessLoggingDisabled: This finding tells you that S3 server access logging is turned off for a bucket in your AWS system. If this option is turned off, no web request logs are kept for any attempts to reach the specified S3 bucket. However, S3 management API calls to the bucket, like DeleteBucket, are still kept track of. Web requests for items in this bucket will still be tracked if S3 data event logging is turned on for this bucket through CloudTrail. Unauthorized users mask their activity by turning off logs.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Lab 19 Q&A.docx
Lab 18 Q & A.docx
Lab Questions.docx
Student Lab - Configuring Hyper-V.docx
Student Lab - Enable Hyper-V in Santa Fe NetLab.docx
Advanced Management Tools Q&A.docx
Assignment 8 - Intrusion Detection.pdf
Wireshark_Intro_v8.0.docx
Assignment 7 - Preparing for Atatcks.docx
ExploreConfigInfo1.png
week 3 compliance.docx
week 4 compliance final.docx