- PingSafe Knowledge Base
- AWS Knowledge Base
- AWS Elastic Load Balancing (ELB)
-
Getting Started on PingSafe
-
Integrations
-
AWS Knowledge Base
- Amazon EKS
- Amazon RDS
- Amazon Kinesis
- AWS Organizations
- Amazon SQS (Simple Queue Service)
- AWS Cloudtrail
- AWS Certificate Manager
- AWS IAM
- AWS Workspaces
- Amazon S3
- AWS Systems Manager (AWS SSM)
- Amazon EC2
- Amazon Redshift
- Amazon EMR
- Amazon CloudFront
- Amazon DynamoDB
- Amazon Managed Workflows for Apache Airflow (MWAA)
- Amazon Route 53
- AWS Key Management Service (KMS)
- Amazon CloudWatch
- Amazon ElasticSearch
- AWS Database Migration Service
- AWS Config
- AWS X-Ray
- Amazon API Gateway
- Amazon Athena
- Amazon SageMaker
- AWS Elastic Load Balancing (ELB)
- AWS Lambda
- AWS Auto Scaling
- Amazon GuardDuty
- Amazon Elastic File System (Amazon EFS)
- Amazon Elastic Container Registry (Amazon ECR)
- AWS Glue
- Amazon Simple Notification Service (SNS)
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS Secrets Manager
- AWS Transfer Family
- Amazon Access Analyzer
-
Azure Knowledge Base
- Container Registries
- Azure Virtual Machines
- Network Security Group
- PostgreSQL
- Azure Monitor
- Azure Security Center
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Key Vaults
- Load Balancers
- App Services
- Azure Active Directory
- Activity Log
- Azure Policy
- Kubernetes Services
- Azure Resources
- Azure Cosmos DB
- CDN Profiles
- MySQL Servers
- Azure Virtual Network
- Azure Network Watcher
- Azure Cache for Redis
-
GCP Knowledge Base
- Google Cloud VPC
- Google Cloud IAM
- Google Cloud Load Balancing
- Google Cloud Logging
- Google Cloud Kubernetes Engine
- Google Cloud Pub/Sub
- Google Compute Engine
- Google Cloud Key Management Service (KMS)
- Google Cloud DNS
- Google Cloud Storage
- Google Cloud Dataproc
- Google Cloud SQL
- Google Cloud Spanner
- Google Cloud Deployment Manager
- Google Cloud BigQuery
- Google Cloud Dataflow
-
Digital Ocean Knowledge Base
ELB WAF Disabled
Risk Level: Low
Description:
This plugin ensures that WAF is activated on all Application Load Balancers. Enabling WAF gives you more control over requests to the load balancer, permitting or disallowing traffic based on Web ACL rules.
About the Service :
The Amazon ECS service may be configured to employ Elastic Load Balancing to uniformly distribute traffic among your service's jobs. The transport layer (TCP/SSL) or the application layer (HTTP/HTTPS) are where a Classic Load Balancer makes routing choices. A fixed relationship between the load balancer port and the container instance port is presently required by traditional load balancers.
Impact :
Enabling WAF gives you more control over requests to the load balancer, permitting or disallowing traffic based on Web ACL rules.
Steps to reproduce :
- Login to your AWS Management Console.
- Navigate to the EC2 console.
https://ap-south-1.console.aws.amazon.com/ec2/
- Click on Load Balancers under Load Balancing.
- Select the load balancer that you want to examine.
- In the Description tab, check if WAF fail open is enabled or not.
- Since it is not enabled hence we can conclude that the best security practices are not followed.
- Repeat steps for other EC2 load balancers as well.
Steps for remediation :
- Login to your AWS Management Console.
- Navigate to the EC2 console.
https://ap-south-1.console.aws.amazon.com/ec2/ - Click on Load Balancers under Load Balancing.
- Select the load balancer that you want to examine.
- In the Description tab, check if WAF fail open is enabled or not.
- Since it is not enabled hence we can conclude that the best security practices are not followed.
- Click on Edit and enable WAF and then click on Save to save changes.
- Repeat steps for other EC2 load balancers as well.
References: