Description: 

This policy ensures that none of your Elastic or Public IP addresses are listed in Shodan. Shodan is a search engine that allows users to search for internet-connected devices. If your IP address is listed in Shodan, it means that anyone can see it, which could pose a security risk.


Rationale: 

This policy is important because it helps to protect your privacy and security. By ensuring that none of your IP addresses are listed in Shodan, you can help to prevent unauthorized entities from accessing your devices or data.


Impact: 

If this policy is not followed, it could result in unauthorized entities being able to access your devices or data. This could lead to data breaches, financial losses, and other security incidents.


Default Value: 

By default, your IP addresses are not listed in Shodan. However, if you have any open ports on your devices, they could be discovered by Shodan.


Pre-requisites: 

To follow this policy, you will need to have the following:

  • Access to the AWS console
  • Knowledge of how to manage your Elastic and Public IP addresses


Remediation Steps: 

If you find that one of your IP addresses is listed in Shodan, you will need to take the following steps to remediate the issue:

  • Identify the device or service that is associated with the IP address.
  • Secure the device or service so that it is not accessible to unauthorized entities.
  • Contact Shodan to have the IP address removed from their database.


Test Plan: 

To test that this policy is working as expected, you can perform the following steps:

  • Use the Shodan search engine to search for your IP addresses.
  • If your IP addresses are not listed in Shodan, then the policy is working as expected.


AWS Console Process:

To follow this policy using the AWS console, you can perform the following steps:

  • Go to the AWS EC2 console.
  • Click on the Elastic IPs tab.
  • Select the Elastic IP address which you want to check.
  • Click on the Details tab.
  • Verify that the Publicly Accessible checkbox is not checked.

If the checkbox is checked, then you will need to uncheck it to prevent the IP address from being publicly accessible.


AWS CLI Process:

To follow this policy using the AWS CLI, you can perform the following steps:

  • Run the following command to list all of your Elastic IP addresses:
    aws ec2 describe-addresses
  • For each Elastic IP address, run the following command to get the public accessibility status:
    aws ec2 describe-addresses --public-ip-address <public-ip-address>
  • Verify that the PubliclyAccessible property is set to false.

If the PubliclyAccessible property is set to true, then you will need to run the following command to uncheck the Publicly Accessible checkbox:

aws ec2 unassign-address --public-ip-address <public-ip-address>


Backout Plan: 

If you need to revoke the changes that you have made to the policy, you can perform the following steps:

  • Recheck the Elastic IP addresses to make sure that they are not publicly accessible.
  • If the Elastic IP addresses are publicly accessible, then you will need to recheck the policy and make sure that it is configured correctly.

Note: 

This policy only applies to Elastic IP addresses. If you have any other public IP addresses, you will need to follow different policies to ensure that they are not listed in Shodan.


Reference:

Shodan: https://www.shodan.io/