CloudWiki
Rules
Description

To add an extra layer of defense against non-targeted attacks, it is important to ensure that the default endpoint port (i.e. 5439) is not being used by your Redshift database clusters. Changing the default port number is a basic security measure, but it does not provide complete security from port scanning and network attacks. To implement advanced Redshift database security, you should consider implementing additional security measures, such as restricting public access, controlling cluster access through security groups and Network Access Control Lists (NACLs), and encrypting client connections to the database clusters using SSL.

Remediation

To ensure Redshift clusters are not using their default endpoint port, you can follow these remediation steps:

  1. Identify the Redshift clusters that are using the default endpoint port (i.e. 5439).
  2. Update the security group associated with the Redshift clusters to allow inbound traffic on the new port that you want to use instead of the default port.
  3. Update the port configuration of the Redshift clusters by modifying the cluster properties and specifying the new port number.
  4. Test the connectivity to the Redshift clusters using the new port to ensure that the clusters are accessible.
  5. Monitor the Redshift clusters to ensure that there are no issues related to the port change.

It is important to note that changing the default endpoint port for Redshift clusters is a basic security measure and should be combined with additional security measures such as restricting public access, controlling clusters access through security groups and Network Access Control Lists (NACLs), and encrypting the client connections to the database clusters using SSL, to implement advanced Redshift database security.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.