Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Example SOC Alert Ticket

Summary

Load Balancers without TLS/SSL enabled.

Timeline of Response

  • alert detected on 2019-03-27
  • ticket opened on 2019-03-27
  • must be closed by 2019-04-03, per Company SLA

Response Playbook

Scope / Involved Customers

This affects:

  • Fleet OR
  • Environments:
    • Account1 (aws account #)
    • Account2 (aws account #) OR
  • Customers:
    • Company1 (customer id #)
    • Company2 (customer id #)

Alert

"AWS Config has detected an insecure configuration in an Application Load Balancer. It does not have TLS 1.2 encryption enabled. This is required for reliable transport security."

http://aws.amazon.com/config/finding/abcdef123466

External Resources

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html

https://docs.aws.amazon.com/config/latest/developerguide/elb-predefined-security-policy-ssl-check.html

https://aws.amazon.com/about-aws/whats-new/2018/06/application-load-balancer-adds-new-security-policies-including-policy-for-forward-secrecy/

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

https://docs.aws.amazon.com/config/latest/developerguide/elb-predefined-security-policy-ssl-check.htm

Technical Notes

...

Proposed Fixes

  1. Enabled SSL encryption on the specific customer Load Balancers.
  • use with AWS Web Console, or aws-cli
  • command:
aws elb set-load-balancer-listener-ssl-certificate \
  --load-balancer-name <value> \
  --load-balancer-port <value>
  • test:
nmap -sV --script ssl-enum-ciphers -p 443 <host> \
  | grep -F 'least strength'
  • verify:
|_  least strength: A

OR

  1. Require all ALBs in the Fleet have TLS 1.2 enabled.
  • prevent the deployment of any ALB without TLS 1.2
    • updated provisioning engine to block deployment
  • detect any ALBs without ALB
    • enabled AWS Config in all AWS accounts
  • automatically enabled TLS 1.2 on all Load Balancers
  • weekly report on Load Balancer encryption

Stakeholders

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.