Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EBS Snapshots Should Not Be Publicly Restorable

This rule ensures that EBS snapshots are not publicly restorable to maintain security measures.

RuleEBS snapshots should not be publicly restorable
FrameworkNIST 800-171 Revision 2
Severity
Medium

Rule Description

This rule ensures that Amazon Elastic Block Store (EBS) snapshots are not publicly restorable to maintain compliance with the NIST 800-171 Revision 2 security standard. By preventing public restoration of EBS snapshots, potential unauthorized access to sensitive data is mitigated.

Troubleshooting Steps

If EBS snapshots are found to be publicly restorable, follow these troubleshooting steps:

  2. 1.
    Identify the affected EBS snapshots by reviewing their settings.
  4. 2.
    Determine how the snapshots were made publicly restorable.
  6. 3.
    Verify if any unauthorized access or data breaches have occurred as a result of the publicly restorable state.
  8. 4.
    Determine the cause of the misconfiguration or unauthorized access.

Necessary Codes

No specific codes are required for this rule.

Remediation Steps

To remediate the issue and ensure EBS snapshots are not publicly restorable, follow these steps:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Open the Amazon EC2 service.
  6. 3.
    Navigate to the "EBS Snapshots" section.
  8. 4.
    Identify the publicly restorable EBS snapshots.
  10. 5.
    Select the snapshot(s) that need to be updated.
  12. 6.
    Click on the "Actions" button and choose "Modify Permissions".
  14. 7.
    In the "Modify Snapshot Permissions" window, select the "Private" option.
  16. 8.
    Optionally, you can specify specific AWS accounts to grant access to by selecting the "Custom" option and adding the desired account ID(s).
  18. 9.
    Click "Save" to apply the changes.

Verification

To verify that the EBS snapshots are no longer publicly restorable, follow these steps:

  2. 1.
    Navigate to the Amazon EC2 service in the AWS Management Console.
  4. 2.
    Open the "EBS Snapshots" section.
  6. 3.
    Review the permissions of the previously affected snapshots.
  8. 4.
    Ensure that the snapshots are set to "Private" and that no "public" or unauthorized accounts have access.
  10. 5.
    If required, confirm that the snapshots are accessible to the intended AWS accounts.
  12. 6.
    Perform regular checks to ensure ongoing compliance with the rule.

By following the above remediation steps, you can ensure that EBS snapshots are no longer publicly restorable, maintaining compliance with the NIST 800-171 Revision 2 security standard.

Is your System Free of Underlying Vulnerabilities?
Find Out Now