Top 5 AWS security misconfigurations and how to fix them
Meet the AWS cloud security villains
Adopting Amazon Web Services (AWS) — the dominant cloud service provider — can help organizations innovate faster and accelerate their digital transformation. But there are common security pitfalls when moving to AWS. Fortunately, there are steps your team can take to avoid them.
In this series, we'll explore these five risks — as personified by supervillains — and look at some ways to keep them at bay.
Download the Cloud Security Advocates Unite PDF
Meet the villains on YouTube
Insecure resource misconfigurations
Abra Confdabra
With the migration of applications and storage to the cloud for cost savings, as well as digital transformation for enterprises across the globe, resources that were behind the closed doors of a hardware firewall are now at the mercy of cloud infrastructure misconfigurations. An AWS S3 bucket that's left open to the internet is one of the most common examples of cloud resource misconfigurations — and a common reason for a lot of publicity around data breaches.
Don't leave your data exposed to the Magician, as they use sleight of hand to steal sensitive data out from right under your nose...
Learn to secure your resource configurations
Dangling DNS
Sub doMine
Public websites that are managed and hosted on a public cloud provider (like AWS) can be prone to dangling DNS if the files and servers hosting the website can be replaced by an attacker’s server — resulting in a subdomain takeover. And unless an organization is keeping a close eye on each of its DNS entries, risks can exist in environments for a long time before they get discovered — with the potential for long-term impact.
Learn to keep your DNS from dangling
Leaked credentials
MisCred
Identity is the new perimeter in the public cloud — and exposed or compromised credentials linked to these identities have been found to be the most common reason for most data breaches. Outside of data breaches, ransomware is the next biggest impact of leaked credentials. Fortunately, there are simple steps that teams can take to make sure credentials stay safe and secret.
Learn to prevent credential leaks
Identification and authentication failure
Con-Identity
Identification and authentication failures occur when a user’s identity, authentication, or session management is not implemented appropriately, leaving the cloud-hosted application unprotected against this attack. Attackers can exploit these unprotected cloud-hosted applications to get access to usernames, passwords, and session tokens and assume identities temporarily or permanently. Don't be fooled by Con-Identity and other con artists that try to sneak past security.
Learn to prevent identity and auth failures
Lack of IAM controls
whoIAM
If any of the identities that can authenticate to AWS lose their credentials due to a public data breach or by being accidentally shared with an attacker, this can be quite bad for the organization. This gets worse when the compromised identity has permissions that allow them to do a lot more than what their current role in the organization should allow. Luckily, there are simple steps that teams can take to keep this villain at bay.
Next in the series
Abra Confdabra: Insecure resource misconfigurations
When insecure resource configurations or vulnerable cloud workload resources are left accessible over the internet, attackers can compromise and exploit them for malicious activity.
Keep reading