Fidelis Blog

Comments

Securing Your AWS Virtual Private Cloud

Amazon Web Services provides highly secure on-demand cloud computing services that serve as the building blocks you need to quickly start developing applications and deploy them to the cloud. AWS Virtual Public Cloud (VPC) makes it easier for you to isolate resources, route net traffic, and protect your instances.

However, to ensure the security of your AWS VPC, it’s important to fulfill your end of the shared responsibility model by using and configuring the service correctly. Ideally this is done according to best practices, by making sure things such as redundant VPN tunnels and correct traffic ACLs are in place, and that you have visibility to Virtual Private Cloud endpoints.

What is AWS VPC?

Amazon VPC allows you to create virtual networks for your AWS resources, primarily for network segmentation which improves security by enforcing boundaries for network communication. In a nutshell, a Virtual Private Cloud is a logically isolated virtual network, spanning an entire AWS Region, where your EC2 instances are launched.

The primary purpose of an Amazon VPC is enabling the following capabilities:

  • Isolating your AWS resources from other accounts
  • Routing network traffic to and from your instances
  • Protecting your instances from network intrusion

What are the Risks to a Misconfigured AWS Virtual Private Cloud?

  • Network outages (for example a bad actor shutting down traffic)
  • Critical systems and networks exposed to the public Internet due to incorrect ACLs
  • Undiscovered bad traffic because network flow logs are not enabled
  • Exposed VPC endpoints where full access is allowed for any IAM user or service

How can Halo Cloud Secure Helps to Secure Your AWS Virtual Private Cloud?

  • Checks for VPN tunnel redundancy to avoid disruption if one link goes down
  • Makes sure you don’t allow unrestricted traffic in ACLs
  • Checks that flow logs are enabled on VPC subnets to help you discover bad traffic
  • Finds exposed VPC endpoints

Learn more about how Halo Cloud Secure can help you reduce your AWS cloud attack surface. You can read more about our AWS solutions here, or request a customized demo.

squares

Get Started

See Fidelis platforms in action. Learn how our fast, scalable Fidelis Elevate and Fidelis CloudPassage Halo platforms provide deep insights into the SOC to help security teams worldwide protect, detect, respond, and neutralize even the most advanced cyber adversaries.

Stay up to date on all things security

Subscribe to the Threat Geek Blog