Name: Preventing Public Accessibility on DB Instances
Uploaded: 2020-10-26T15:50:32Z
Duration: 37
Description: Restricting unauthorized access will minimize the risk of compromise to your DB instances.

Preventing Public Accessibility on DB Instances

When to Enable Public Accessibility

To enhance the security of AWS RDS and DB instances, they should not have public accessibility enabled. Restricting unauthorized access will minimize the risk of compromise to your DB instances. To accomplish this and prevent public accessibility, your organization can utilize IAM policies and security groups.

For more information, visit the AWS documentation on public accessibility to RDS instances.

Transcription

Restriction of access to RDS instances is a critical part of your AWS security posture. The organization should restrict access using a combination of both Identity and Access Management policies as well as security groups. Restriction of access to EC2 instance internal connections as well as using IAM policies to restrict access to the RDS control panel will help you, as an organization, ensure that you have appropriately protected your RDS deployments.

Preventing Public Accessibility on DB Instances

Related Videos

Basic Tools for AWS Security

Cloud Attacks on the Rise

Do All Keys Have Resources Attached?

Enable Role Based Access Control (RBAC) for Azure Key Vault

Encrypt Kubernetes Secrets Using Keys

Encrypting Traffic In and Out of AWS

Encryption Decisions for Your Technology Stack

Encryption Opportunities

Encryption for EBS Volumes

Encryption for S3 Buckets

Enforce Separation of Duties When Assigning KMS Related Roles

Enforcing Strong TLS Ciphers

Ensure KMS Cryptokeys Are Not Publicly Accessible

Ensure Use of CMKs for Unattached Disks

Ensure that Virtual Hard Disks Are Encrypted

Ensure that an Expiration Date Is Set for All Keys in Non-RBAC Key Vaults

Ensure that an Expiration Date Is Set for All Secrets in Non-RBAC Key Vaults

Ensure the Key Vault Is Recoverable

Events that Drive Key Rotation

FAQs for Amazon S3 Security

How to Configure Encryption for EBS Volumes on Existing EC2 Instances

How to Configure Encryption for EBS Volumes on New EC2 Instances

How to Configure Encryption for RDS

How to Configure Encryption for S3 Buckets

Install Endpoint Protection for All Virtual Machines

Introduction to Amazon Inspector

Key Rotation and Management

Load Balancers Must Require TLS 1.2

Only Install Company-Approved Extensions on Your Virtual Machines

PCI Requirement 3.1 - Keep Cardholder Data Storage to a Minimum

PCI Requirement 3.2 - Do Not Store Sensitive Authentication Data After Authorization

PCI Requirement 3.3 Mask PAN when Displayed

PCI Requirement 3.4 Render PAN Unreadable Anywhere it Is Stored

PCI Requirement 3.4.1 Logical Access Management

PCI Requirement 3.5 Document & Implement Procedures to Protect Keys

PCI Requirement 3.5.1 Maintain a Documented Description of The Cryptographic Architecture

PCI Requirement 3.5.2 Restrict Access to Cryptographic Keys

PCI Requirement 3.5.3 Store Secret and Private Keys Used to Encrypt/Decrypt Cardholder Data

PCI Requirement 3.5.4 Store Cryptographic Keys in The Fewest Possible Locations

PCI Requirement 3.6 Document & Implement all Key-Management Processes & Procedures

PCI Requirement 3.6.1 Generation of Strong Cryptographic Keys

PCI Requirement 3.6.2 Secure Cryptographic Key Distribution

PCI Requirement 3.6.3 Secure Cryptographic Key Storage

PCI Requirement 3.6.4 Cryptographic Key Changes at Cryptoperiod Completion

PCI Requirement 3.6.5 Replacing Weakened Keys

PCI Requirement 3.6.6 Using Split Knowledge & Dual Control

PCI Requirement 3.6.7 Prevention of Unauthorized Substitution of Cryptographic Keys

PCI Requirement 3.6.8 Key-Custodian Responsibilities

PCI Requirement 3.7 Security Policies & Operational Procedures

PCI Requirement 4.1 – Use Strong Cryptography & Security Protocols to Safeguard Sensitive CHD

PCI Requirement 4.1.1 – Ensure Wireless Network Transmitting CHD Use Strong Encryption

PCI Requirement 4.3 – Ensure Security Policies and Procedures are Known to all Affected Parties

PCI Requirements 3.2.1, 3.2.2, & 3.2.3 Do Not Store Tracks, Codes, or PINs After Authorization

Re-Keying for Decryption

Requirement 4 - Encrypt Transmission of Cardholder Data Across Open, Public Networks

Requirement 4.2 – Never Send Unprotected PAN by End-User Technologies

Rotate KMS Encryption Keys Regularly

Route 53 Support for DNSSEC

Set Expiration Date for All Keys in RBAC Key Vaults

Set Expiration Date for All Secrets In RBAC Key Vaults

Take Advantage of Automatic Key Rotation within Azure Key Vault

The AWS Shared Responsibility Model

Use CMEK To Secure GKE Storage

Using AWS KMS

Using Prowler to Evaluate AWS Security

Using S3 Versioning

Using TLS 1.2 to Encrypt Data in Transit

Utilize CMKs for OS and Data Disks