In this lab, you are a new security engineer for AnyCompany, and your task is to identify weak areas in the company's network security and improve its efficiency and optimization. You will be using Amazon Inspector, a tool that runs scans to analyse network configurations like security groups, network ACLs, route tables, and internet gateways to find vulnerabilities in your EC2 instances.
Here are the main steps you'll be performing in the lab:
Task 1: View EC2 instances and add tags
- Tag the BastionServer instance with a "SecurityScan" tag to include it in the Amazon Inspector assessment target.
Task 2: Configure and run Amazon Inspector
Create an assessment target named "Network-Audit" and specify the BastionServer instance using the "SecurityScan" tag.
Create an assessment template with the "Network Reachability-1.1" rules package and set the duration to 15 minutes.
Initiate the assessment run to scan the network configurations for vulnerabilities.
Task 3: Analyse Amazon Inspector findings:
- Review the findings generated by Amazon Inspector, which show potential security issues like open ports reachable from the internet.
Task 4: Update security groups
Address the high-severity finding by modifying the security group attached to the BastionServer instance.
Remove the wide-open Telnet port (port 23) and restrict SSH access (port 22) to only your IP address.
Task 5: Replace BastionServer with Systems Manager
- Replace SSH access to the AppServer with Systems Manager's Session Manager, a more secure way to connect to EC2 instances without opening inbound ports or managing SSH keys.
Throughout the lab, I used the AWS Management Console to perform these tasks. At the end of the lab, I have improved network security, closed potential vulnerabilities, and replaced traditional SSH access with Systems Manager for more secure connections.
Top comments (0)