CloudWiki
Rules
Medium

Resource is Internet facing via ALB

Security & Compliance
Description

When a resource is internet facing via an ALB (Application Load Balancer), it means that the resource is accessible from the internet through the ALB. An ALB is a highly scalable load balancing service that distributes incoming traffic across multiple targets, such as EC2 instances, containers, or IP addresses, in one or more Availability Zones. ALBs provide several advanced routing capabilities, such as host- and path-based routing, that enable you to direct traffic to specific targets based on the content of the request. They also support advanced security features, such as SSL/TLS encryption, access control policies, and web application firewall (WAF) rules, that help protect your internet-facing resources from common web-based attacks. ALBs enable you to scale your internet-facing resources horizontally by adding or removing targets based on traffic patterns. They also provide detailed monitoring and logging capabilities that enable you to monitor the performance and availability of your applications and detect any issues. Overall, ALBs provide a reliable and scalable way to make internet-facing resources highly available and secure, while also providing advanced routing and security features that enable you to optimize the performance and security of your applications.

Remediation

When a resource is internet facing via an ALB (Application Load Balancer), there are several remediation steps that can be taken to improve security and reduce the risk of potential attacks. Here are some of the steps that you can take:

  1. Enable Encryption: Enable SSL/TLS encryption on the ALB to ensure that all traffic between the client and the resource is encrypted. This can help prevent interception of sensitive data.
  2. Configure Access Control: Configure access control policies to limit who can access the internet-facing resources. You can use security groups to restrict access to specific IP addresses or CIDR ranges.
  3. Implement WAF: Implement a Web Application Firewall (WAF) to protect the resource from common web-based attacks such as SQL injection, cross-site scripting, and cross-site request forgery.
  4. Regularly Update: Regularly update the ALB to ensure that it is running the latest software and security patches. This will help protect against known vulnerabilities.
  5. Monitor Activity: Monitor the activity of the resource and the ALB to detect any unusual behavior. You can set up alerts to notify you of any suspicious activity.
  6. Review Configurations: Regularly review the configurations of the ALB and the resource to ensure that they are aligned with your security policies and best practices.
  7. Enable Logging: Enable logging for the ALB to capture all incoming and outgoing traffic. This can help you detect and respond to any suspicious activity.
  8. Implement Advanced Routing: Use the advanced routing capabilities of the ALB, such as host- and path-based routing, to direct traffic to specific targets based on the content of the request.
  9. Scale Horizontally: Scale your internet-facing resources horizontally by adding or removing targets based on traffic patterns. This can improve the performance and availability of your applications.

By implementing these steps, you can reduce the risk of potential attacks and ensure that your internet-facing resources are secure. Additionally, you can optimize the performance and availability of your applications by taking advantage of the advanced routing and scaling capabilities of the ALB.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.