Medium

Resource is Internet facing via NLB

Security & Compliance
Description

When a resource is Internet-facing via a Network Load Balancer (NLB), it means that the NLB is configured to route traffic from the internet to the resource. This could pose a security risk if the resource is not properly secured or if it contains sensitive data. It is important to ensure that appropriate security measures are in place to protect the resource from unauthorized access or attacks. This includes using SSL/TLS encryption, configuring appropriate security groups, and implementing access control policies.

Remediation

When a resource is internet facing via an NLB (Network Load Balancer), there are several remediation steps that can be taken to improve security and reduce the risk of potential attacks. Here are some of the steps that you can take:

  1. Configure Access Control: Configure access control policies to limit who can access the internet-facing resources. You can use security groups to restrict access to specific IP addresses or CIDR ranges.
  2. Enable Encryption: Enable encryption on the NLB to ensure that all traffic between the client and the resource is encrypted. You can use SSL/TLS certificates to encrypt traffic.
  3. Implement Logging: Implement logging for the NLB to capture all incoming and outgoing traffic. This can help you detect and respond to any suspicious activity.
  4. Implement WAF: Implement a Web Application Firewall (WAF) to protect the resource from common web-based attacks such as SQL injection, cross-site scripting, and cross-site request forgery.
  5. Regularly Update: Regularly update the NLB to ensure that it is running the latest software and security patches. This will help protect against known vulnerabilities.
  6. Monitor Activity: Monitor the activity of the resource and the NLB to detect any unusual behavior. You can set up alerts to notify you of any suspicious activity.
  7. Review Configurations: Regularly review the configurations of the NLB and the resource to ensure that they are aligned with your security policies and best practices.

By implementing these steps, you can reduce the risk of potential attacks and ensure that your internet-facing resources are secure.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.