iCompaas Support

Profile Applicability:
 Level 1

Description:
 Conducting security assessments regularly is crucial for identifying vulnerabilities, misconfigurations, and weaknesses in the AWS environment. This includes performing penetration testing, vulnerability scanning, and ensuring that database instances are secure and compliant with industry best practices and regulatory requirements.

Rationale:
 Security assessments help detect potential threats or issues that may otherwise go unnoticed. Regular assessments allow teams to proactively address vulnerabilities, apply patches, and improve overall security posture. Conducting security assessments is also required for compliance with frameworks like SOC 2, ISO 27001, and HIPAA.

Impact:
 Without regular security assessments, vulnerabilities may remain undetected, leaving the environment exposed to potential attacks. A lack of proper security testing could lead to breaches, data loss, or non-compliance, potentially affecting business continuity and reputation.

Default Value:
 By default, AWS does not conduct automated security assessments for Aurora instances. Regular assessments must be conducted by the organization or through third-party tools.

Pre-requisites:

• An AWS account with appropriate permissions to conduct security assessments.
  
  

• A defined security assessment schedule and methodology.
  
  

• Access to vulnerability scanning or penetration testing tools, such as AWS Inspector, third-party security tools, or manual testing resources.
  
  

Test Plan:

Using AWS Console:

1. Navigate to AWS Security Hub to review security findings from automated checks and assessments.
   
   

2. Check the Inspector service in the AWS Console to ensure that security assessments are being conducted for Aurora database instances and associated resources.
   
   

3. Verify that AWS Trusted Advisor is enabled and configured to review security configurations of your Aurora instance.
   
   

4. Review the CloudTrail logs to ensure that all activities are being logged and monitored for potential security issues.
   
   

Using AWS CLI:

1. List security findings from AWS Security Hub:
   

    aws securityhub describe-findings --query "Findings[].{Title:Title, Severity:Severity.Label, ResourceType:Resources[0].Type}" 

   
   

2. Check if AWS Inspector assessments are enabled for the Aurora instance:
   

    aws inspector list-assessment-runs --query "assessmentRunArns[]"

   
   

3. Ensure that CloudTrail is active to capture all relevant logs:
   

    aws cloudtrail describe-trails --query "trailList[].{TrailName:Name, S3BucketName:S3BucketName}"

   
   

4. Run the AWS Config service to check for non-compliant configurations:
   

    aws configservice describe-compliance-by-resource --resource-type AWS::RDS::DBInstance

   
   

Implementation Plan

Using AWS Console:

1. Enable AWS Inspector to conduct automated security assessments on Aurora instances.
   
   

2. Ensure that AWS Security Hub is enabled to provide an aggregated view of security findings across AWS services.
   
   

3. Review the CloudTrail logs regularly to ensure proper auditing and tracking of all activities.
   
   

4. Set up AWS Config to monitor compliance with security best practices and identify misconfigurations or vulnerabilities.
   
   

5. Schedule regular penetration testing, vulnerability scanning, and security audits to ensure ongoing protection and compliance.
   
   

Using AWS CLI:

1. Enable AWS Inspector assessments:
   

    aws inspector start-assessment-run --assessment-template-arn <template-arn> --assessment-run-name <run-name>

   
   

2. Enable AWS Security Hub:
   

    aws securityhub enable-security-hub

   
   

3. Schedule automated security assessments with AWS Config:
   

    aws configservice put-config-rule --config-rule <rule-name> --source <source>

   
   

4. Run a manual penetration test or vulnerability scan and review the results.
   
   

Backout Plan

Using AWS Console:

1. Disable AWS Inspector assessments if no longer needed:
    Navigate to AWS Inspector, select the assessment template, and delete it.
   
   

2. Turn off AWS Security Hub if not required for ongoing monitoring:
    Go to AWS Security Hub, and disable it.
   
   

3. Revert AWS Config rules and any other security assessment configurations to their previous settings.
   
   

Using AWS CLI:

1. Disable AWS Inspector:
   

    aws inspector delete-assessment-template --assessment-template-arn <template-arn>

   
   

2. Disable AWS Security Hub:
   

    aws securityhub disable-security-hub

   
   

3. Remove AWS Config rule:
   

    aws configservice delete-config-rule --config-rule-name <rule-name>

References:

• https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html
  
  

• https://aws.amazon.com/securityhub/
  
  

• https://docs.aws.amazon.com/AmazonCloudTrail/latest/UserGuide/cloudtrail-user-guide.html
  
  

• https://docs.aws.amazon.com/config/latest/developerguide/Welcome.html