Amazon CloudFront
๐ Utilizing insecure SSL protocols in CloudFront origins can expose data to interception and compromise. Ensuring the use of secure, up-to-date cryptographic algorithms is vital for protecting data during transmission.
- Section: Encryption
- Severity: High
- CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Tampering, Spoofing, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
๐ Implementing an insecure security policy in CloudFront can lead to vulnerabilities, risking data integrity and confidentiality. Adhering to secure configuration practices is crucial to safeguard against potential threats.
- Section: Encryption
- Severity: High
- CWE: CWE-16 Configuration
- Assurance Scope: PCI, NIST, HIPPA, MAS
- Threat Modeling Principal: Tampering, Spoofing, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
๐ The absence of logging in CloudFront hinders the ability to monitor and respond to security incidents. Enabling logging is essential for effective security oversight and incident analysis.
- Section: Monitoring
- Severity: High
- CWE: CWE-778 Insufficient Logging
- Assurance Scope: PCI, NIST, HIPPA, GDPR, APRA
- Threat Modeling Principal: Tampering, Spoofing, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
๐ Not integrating AWS CloudFront with the Web Application Firewall (WAF) leaves it vulnerable to web-based attacks. Integration with WAF is critical for mitigating threats and ensuring robust protection against web-based vulnerabilities.
- Section: Networking
- Severity: High
- CWE: CWE-76 Improper Neutralization of Equivalent Special Elements
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Tampering, Spoofing, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
Updated 5 months ago