Free Assessment

Amazon_EC2_5

Ensure All ELB have the latest SSL Security Policies configured

Description

Elastic Load Balancing uses an Secure Socket Layer (SSL) negotiation configuration, known as a security policy, to negotiate SSL/TLS connections between a client and the load balancer. A security policy is a combination of SSL/TLS protocols, ciphers, and the Server Order Preference option.

Elastic Load Balancing supports configuring your load balancer to use either predefined or custom security policies.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that are used to encrypt confidential data over insecure networks such as the Internet. The TLS protocol is a newer version of the SSL protocol. In the Elastic Load Balancing documentation, we refer to both SSL and TLS protocols as the SSL protocol.

  • Note: an SSL certificate configured on the ELB and an SSL Security Policy is not
    mandatory if you are terminating SSL connections directly on the EC2
    instances, and using a TCP listener on the ELB (TCP pass-through)

Remediation

Using the Amazon unified command line interface:

(Note that you should replace <elb> with your ELB name, and <latest_ssl_policy> with the proper policy name)
aws elb set-load-balancer-policies-of-listener –load-balancer-name <elb> –load-balancer-port 443 –policy-names <latest_ssl_policy>


References:

  1. http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-options.html
  2. http://docs.aws.amazon.com/cli/latest/reference/elb/set-load-balancer-policies-of-listener.html
  3. http://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancer-policies.html
  4. http://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html
  5. https://aws.amazon.com/premiumsupport/knowledge-center/elb-listener-policy-cli/
  6. http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-options.html

Service

EC2

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More