Enable IAM users for multi mode access Attach IAM policies to groups or roles

Enable iam users for multi mode access attach iam

This preview shows page 5 - 7 out of 7 pages.

Enable IAM users for multi-mode access. Attach IAM policies to groups or roles. Rotate IAM access keys regularly, and standardize on the selected number of days. Set up a strict password policy. Set the password expiration period to 90 days and prevent reuseCustomer Visualforce pages with standard headers. Don’t use expired SSL/TLS certificates. User HTTPS for CloudFront distributions. Restrict access to CloudTrail bucket. Encrypt CloudTrail log files at rest. Encrypt Elastic Block Store (EBS) database.
Image of page 5
6 51-Point AWS Security Configuration Checklist CHEAT SHEET Provision access to resources using IAM roles. Ensure EC2 security groups don’t have large ranges of ports open. Configure EC2 security groups to restrict inbound access to EC2. Avoid using root user accounts. Use secure SSL ciphers when connecting between the client and ELB. Use secure SSL versions when connecting between client and ELB. Use a standard naming (tagging) convention for EC2. Encrypt Amazon’s Relational Database Service (RDS). Ensure access keys are not being used with root accounts. Use secure CloudFront SSL versions. Enable the require_ssl parameter in all Redshift clusters. Rotate SSH keys periodically. Minimize the number of discrete security groups. Reduce number of IAM groups. Terminate unused access keys. Disable access for inactive or unused IAM users. Remove unused IAM access keys. Delete unused SSH Public Keys. Restrict access to Amazon Machine Images (AMIs). Restrict access to EC2 security groups. Restrict access to RDS instances. Restrict access to Redshift clusters. Restrict access to outbound access. Disallow unrestricted ingress access on uncommon ports. Restrict access to well-known ports such as CIFS, FTP, ICMP, SMTP, SSH, Remote desktop. Inventory and categorize all existing custom applications by the types of data stored, compliance requirements and possible threats they face.
Image of page 6
7 51-Point AWS Security Configuration Checklist CHEAT SHEET Involve IT security throughout the development process. Grant the fewest privileges as possible for application users. Enforce a single set of data loss prevention policies across custom applications and all other cloud services. Encrypt highly sensitive data such as protected health information (PHI) or personally identifiable information (PII). McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC. 4115_0818 AUGUST 2018 2821 Mission College Blvd. Santa Clara, CA 95054 888.847.8766 Are You Ready to Secure Your AWS Environment? McAfee Skyhigh Security Cloud for Amazon Web Services offers a comprehensive monitoring, auditing and remediation solution for your AWS environment and custom applications. Download a data sheet to learn more about our product capabilities. McAfee Skyhigh Security Cloud for AWS
Image of page 7

You've reached the end of your free preview.

Want to read all 7 pages?

  • Fall '18
  • Johnn

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes