Amazon Elastic Load Balancer V2
š The absence of encryption for traffic to load balancers poses a significant risk, leaving sensitive data vulnerable to interception. Implementing encryption is crucial for safeguarding data integrity and confidentiality.
- Section: Encryption
- Severity: Critical
- CWE: CWE-311 Missing Encryption of Sensitive Data
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Tampering, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
š Utilizing an insecure Elastic Load Balancer (ELB) security policy can lead to vulnerabilities in data protection, underscoring the need for robust security measures and policy enforcement.
- Section: Encryption
- Severity: High
- CWE: CWE-311 Missing Encryption of Sensitive Data
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Tampering, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
š Failing to configure Amazon Network Load Balancers (NLBs) for TLS traffic termination exposes data to potential interception. Ensuring TLS termination is crucial for data security during transmission.
- Section: Encryption
- Severity: High
- CWE: CWE-311 Missing Encryption of Sensitive Data
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Tampering, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
š The absence of enabled audit logs for Elastic Load Balancers compromises the ability to monitor and investigate security incidents, highlighting the importance of comprehensive logging for security oversight.
- Section: Monitoring
- Severity: High
- CWE: CWE-778 Insufficient Logging
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Tampering, Repudiation
- Rule Set: Threat Modeling - Cloud Configuration Check
š Not enabling deletion protection for ELBv2 Load Balancers raises the risk of accidental removal, emphasizing the need for safeguards to maintain infrastructure stability and prevent unintended disruptions.
- Section: Networking
- Severity: Medium
- CWE: CWE-16 Configuration
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Tampering, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
š Having less than two healthy target instances for each AWS ELBv2 load balancer can lead to service disruptions and degraded performance, underscoring the need for adequate resource allocation and monitoring.
- Section: Networking
- Severity: High
- CWE: CWE-410 Insufficient Resource Pool
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Denial of Service, Availability
- Rule Set: Threat Modeling - Cloud Configuration Check
š Attaching unrestricted security groups to ELBv2 load balancers can lead to security vulnerabilities, highlighting the necessity of stringent security group configurations to mitigate unauthorized access risks.
- Section: Networking
- Severity: High
- CWE: CWE-16 Configuration
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Escalation of Privileges, Availability
- Rule Set: Threat Modeling - Cloud Configuration Check
š The use of unrestricted security groups with Classic Load Balancers can create significant security gaps, underlining the importance of precise security group controls to prevent potential breaches.
- Section: Networking
- Severity: High
- CWE: CWE-16 Configuration
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Escalation of Privileges, Availability
- Rule Set: Threat Modeling - Cloud Configuration Check
š Mismatches between ELBv2 listener configurations and allowed security group ports can introduce security loopholes, accentuating the need for alignment between load balancer settings and security policies.
- Section: Networking
- Severity: High
- CWE: CWE-16 Configuration
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Escalation of Privileges, Availability
- Rule Set: Threat Modeling - Cloud Configuration Check
š Inconsistencies between Classic ELB listener configurations and security group port allowances pose security risks, stressing the importance of harmonizing configuration settings for robust security.
- Section: Networking
- Severity: High
- CWE: CWE-16 Configuration
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Escalation of Privileges, Availability
- Rule Set: Threat Modeling - Cloud Configuration Check
š An Elastic Load Balancer v2 with all unhealthy targets signifies a severe issue in operational efficiency, requiring urgent action to restore system health and ensure service continuity.
- Section: Monitoring
- Severity: Medium
- CWE: CWE-16 Configuration
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: NA
- Rule Set: Rapticore Benchmark
Updated about 1 year ago