Showing results for 
Search instead for 
Did you mean: 
Create a Post
Cloud Security Posture Advisory
Cloud Security Posture Advisory board is dedicate to Cloud Security Posture Repository (CSPR). CSPR is a shared security and compliance knowledge platform for AWS, Azure and GCP. It provides an evolving set of security and compliance best practices, curated and developed by Check Point Cloudguard Dome9 team.

Encrypt Amazon RDS instances and snapshots at rest

Amazon RDS encrypted DB instances use the industry-standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances. After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance. You don't need to modify your database client applications to use encryption.   Enabling the encryption option for your Amazon RDS DB instances is one click away   With CloudGuard Dome9 GSL tool, you can run a simple query and know in few seconds if you have in any of the AWS regions an unencrypted RDS DB RDS should have isStorageEncrypted = 'true' and kmsKeyId

AWS - Secure your RDS ( Amazon Relational Database Service ) with CloudGuard Dome9

RDS misconfiguration is common. manually identifying misconfiguration and remediate immediately is almost impossible. How do you become aware of RDS misconfiguration? RDS should not be defined with a public IP ! Do you know how many RDS are deployed in your AWS account? Do you know in which regions are your RDS deployed? Do you know if your RDS has public IP? Firewall and router configurations should be used to restrict connections between untrusted networks and any system components in the cloud environment. Check this How-to video for continuously finding misconfiguration and  Auto Remediate.  Don't forget to Check our CLOUD SECURITY POSTURE REPOSITORY (CSPR)  for Cloud Security Best Practices  

AWS - Secure Your Cloud - Ensure no security groups allow ingress from to SSH (TCP:22)

Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access to port 22. But what do you do if you have hundreds of security groups and many team members that manage those security groups ? How do you make sure that your environment is continuously secured ?! You can remediate manually by following the steps below, or you can learn how to remediate violated security group automatically by watching this How-To Video.  REMEDIATION Removing unfettered connectivity to remote console services, such as SSH, reduces a server's exposure to risk.1. Login to the AWS Management Console at In the left pane, click Security Groups3. For each security group, perform the following:4. Select the security group5. Click the Inbound Rules tab6. Identify the rules to be removed7. Click the x in the Remove column8. Click Save