This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shay_Levin
Admin
Admin
‎2020-04-16 07:43 AM

How to Prevent S3 Buckets from Leaking Data - strictly follow these 7 simple rules

AWS S3 leaks have reappeared in headlines time and time again. When an AWS S3 bucket is configured as open to the public, anyone who finds the link can access the data without any additional hacking.

So, the question is, how can you avoid it?

As we know that all S3 leaks are related to misconfigurations, here are the rules:

  1. Block public access on the account level. These settings apply account-wide for all current and future buckets and access points. In case you need to allow public access to one or more buckets, override the setting on the specific bucket.
  1. Grant permission to your Amazon S3 resources trough IAM Policy, so only authenticate IAM users or IAM rules would be able to access the buckets.
  2. Use a bucket policy only if you can't achieve the same result with IAM Policy. It’s quite easy to mistakenly add a statement that publishes all the content publicly.
  1. Never use an S3 bucket ACL.
  2. Don't mix public data and private data in the same bucket.
  3. Name the bucket in a way that everyone will know whether it contains private or public data.
  4. Use Dome9 compliance rule sets and policy for running constant automatic checks against your buckets' configuration, to find non-compliant organization policy buckets.

Want to know more about how to write a Dome9 GSL query that checks if you have any buckets with public access? Check out our cloud security posture repository (CSPR) here

0 Kudos
1 Reply
tomricardo
Explorer
‎2020-05-02 06:29 AM

It is important to check your S3 bucket policy as well. If your IAM Policy does not have an explicit deny, a S3 bucket policy can have an allow that will override what would be a default deny.
0 Kudos
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events