Project

General

Profile

Data » Security »

NIST CSF documentation

1. Asset Inventory for AWS Services:

  1. RDS (Relational Database Service):
    • Databases: MySQL databases store user PII, financial transactions, donations, and event logs.
    • Backups: Point-in-time backups for 2 days, daily backups for 2 weeks, monthly backups stored in Amazon Backup Vault for 3 months (compliance mode), with additional 6 months retention.
  2. EC2 (Elastic Compute Cloud):
    • Instances: Web and application servers with no direct public internet access. Protected by Amazon Security Groups, only necessary ports are open.
  3. Workspaces:
    • Use: Virtual desktops for employee access, secured with 2-factor authentication, locked to user IP addresses.
  4. FSx (File Storage):
    • Storage: Stores transactional data and user files. Backed up regularly under AWS compliance mode, with access limited to authorized users.

2. Risk Assessment

  1. RDS:
    • Risks: Unauthorized access to sensitive data, data corruption, and accidental data deletion.
    • Mitigation: Data encryption at rest and in transit, multi-factor authentication (MFA) for database access, regular backups, and point-in-time recovery options.
  2. EC2:
    • Risks: Misconfigurations, unauthorized access due to exposed ports or compromised credentials.
    • Mitigation: Use of firewalls (Amazon Security Groups) to limit port access, role-based access control (RBAC) using IAM roles, and regular vulnerability assessments.
  3. Workspaces:
    • Risks: Phishing attacks, compromised user credentials, unauthorized access.
    • Mitigation: Virtual desktop isolation, mandatory 2-factor authentication (2FA), logging of all access attempts, and IP-based restrictions.
  4. FSx:
    • Risks: Data loss due to file corruption, unauthorized access to file storage.
    • Mitigation: Regular backups stored in AWS Backup Vault, role-based access control, and encryption of data at rest.

3. Access Control

  1. IAM Roles and Policies:
    • Principle of Least Privilege: IAM roles are configured to ensure users and services only have the minimal permissions required to perform their tasks.
    • Multi-Factor Authentication (MFA): MFA is enforced for all users with access to critical AWS resources, including management and database access.
  2. AWS Control Panel Access:
    • Restricted Access: Access to the AWS Management Console is limited to a select group of users based on their role.
    • Virtual Desktops: Employees accessing AWS resources do so via virtual desktops, locked to specific IP addresses, and protected by 2-factor authentication.
    • Logging and Monitoring: All access to the AWS control panel is logged and monitored using Datadog, ensuring any unauthorized access attempts are immediately flagged and investigated.
  3. Automated Access Tools:
    • Internal tools have been developed for common tasks such as managing serverless capacity, accessing databases, and resetting applications. This significantly reduces the need for direct server access to almost nill, enhancing security by limiting exposure to potential unauthorized access.
  4. Security Groups:
    • Security groups are configured to limit inbound and outbound traffic to only the necessary ports and services, further protecting the underlying infrastructure.

4. Monitoring and Incident Response

  • Datadog:

    • Datadog is used for real-time monitoring of AWS instances (EC2, RDS) and databases. It tracks performance metrics, logs, and security anomalies.
    • Anomaly Detection: Datadog detects unusual behavior, such as unauthorized access attempts, high CPU usage, or abnormal traffic patterns. Alerts are generated and sent to administrators when thresholds are breached.

  • ZAP (Zed Attack Proxy):

    • Regular vulnerability scans are performed on web applications using ZAP by Checkbarx. The tool helps identify common vulnerabilities such as SQL injection, XSS, and other security risks.

  • Incident Detection and Response Plan:

    • When Datadog detects an anomaly, an alert is triggered, notifying the security team via email or integration with messaging tools (e.g., Slack).
    • Once an alert is triggered, the incident response plan is activated, which includes isolating affected systems, conducting root cause analysis, and restoring operations.
    • Incident Logs: All detected incidents are logged for post-incident analysis. Detailed logs are retained to assist with forensic investigations if necessary.

5. Backup and Recovery

  • RDS (Point-in-Time Recovery):

    • RDS is configured for point-in-time recovery, allowing the database to be restored to any second within the last 2 days. This feature is crucial for undoing accidental changes or data corruption.
    • Daily Backups: Daily backups are stored for 2 weeks, ensuring a wide recovery window for larger incidents.

  • FSx (File Storage Backups):

    • FSx file systems are backed up regularly, with backups stored in Amazon Backup Vaults for 3 months in compliance mode, ensuring they cannot be modified or deleted during that period.
    • After 3 months, backups are retained for an additional 6 months.

  • Disaster Recovery Plan:

    • In the event of a failure, RDS databases and FSx file systems can be restored within 1 hour from the most recent backup. EC2 instances can be redeployed from AMIs (Amazon Machine Images) with all configurations restored automatically.
    • Recovery procedures are regularly tested to ensure that downtime is minimized, and service is restored swiftly.

sub-pages

Tags:

0 0