AWS to scan for misconfigurations
- By David Ramel
- Aug 27, 2019
Amazon Web Services said it will proactively scan for misconfiguration errors like the one that enabled the recent hack of Capital One data stored on the AWS cloud.
AWS for years has been plagued by a continuing series of well-publicized hacks and discoveries of open data stores, exposing data from private and public sector organizations, including the United States Army Intelligence and Security Command, Defense Department commands and the National Geospatial-Intelligence Agency. Nearly all of such incidents have been enabled by user misconfigurations, often on AWS S3 storage buckets.
AWS responded to questions about the incident from Sen. Ron Wyden (D- Ore.), outlining the processes and services it has in place to help customers correctly set up their storage permissions and unveiling a new more proactive scanning strategy.
In a letter to Wyden, AWS Chief Information Security Officer Stephen Schmidt wrote: "While the Capital One attack happened due to the application misconfiguration … there are several actions AWS will take to better help our customers ensure their own security." These include:
- AWS will proactively scan the public IP space for customers' firewall resources to try and assess whether they may have misconfigurations.
- AWS will redouble efforts to help customers set the least permissive permissions possible.
- AWS will push harder to make its Macie and GuardDuty anomaly detection services more broadly adopted and accessible across all regions.
"We will look at additional 'belt and suspenders' we can add to subsystems deeper in our stack (like the instance metadata service) to provide even more protection for customers," Schmidt said. "Security will always continue to evolve at a rapid pace, and we will surely find other areas we can improve moving forward. But, you can rest assured that we will learn from this event alongside our partner, and be relentless in continuing to evolve our services over time."
According to Capital One, the breach affected some 100 million people in the U.S. and another 6 million in Canada. The company provided more information on the incident here and here.
After the incident, AWS said its cloud platform was not compromised in any way and functioned as it was designed.
This article was first posted to AWS Insider, a sibling site to GCN.
David Ramel is an editor and writer for Converge360.