AWS Inspector is a security assessment tool does a wide variety of security assessment tests on the IT resources and generate detailed reports on it. It automatically assesses applications for exposure, vulnerabilities, and deviations from best practice. After performing an assessment, AWS Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be viewed directly or as part of detailed assessment reports which are available via Amazon Inspector console or API.
Most of these tools have capability of prioritizing vulnerabilities based on the severity. This is the indication for an IT administrator to patch the software. AWS Inspector security assessments not only help you check for unintended network accessibility of your own Amazon EC2 instances and for vulnerabilities on those EC2 instances but also offered to you as pre-defined rules packages mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for access to your EC2 instances from the Internet, remote root login being enabled, or vulnerable software versions installed.
With Amazon Inspector, you can automate security vulnerability assessments throughout your development and deployment pipelines or for static production systems in order to make security testing a regular part of development and IT operations.
In this lab, you will install the Agent on a Linux-based EC2 Instance and evaluate your instance using AWS Inspector.
Step by Step
Prepare your agent
Install Inspector agent on your EC2 instance in order to let your AWS Inspector examine your EC2 instance.
● Log in your instance.
● Download the agent to your instance.
sudo bash install
sudo /etc/init.d/awsagent start
● Check the status
sudo /opt/aws/awsagent/bin/awsagent status
Prepare your Tags
With these tags, AWS Inspector can find your instance easily.
● On the service menu, select EC2, on the left panel, click instance.
● Click tags and Add/Edit Tags.
● Click Create Tag.
● Input value and save.
- key :
- value :
Create your inspector
Create your AWS Inspector to examine your EC2 whether there is network exposure, network reachability, security best practice, common vulnerabilities and exposures, enter for Internet security (CIS) benchmarks, runtime Behavior Analysisor or not.
● Click get started and advanced setup.
● Enter Name with
- Unclick include all EC2 instances in this AWS account and region.
- Key : select App
- Value : select awsinspect
● Enter name :
● Click next and create.
● Make sure your status is collecting data.
● Wait for an hour.
Severity Levels for Rules in Amazon Inspector
It can also help you determine your response when a rule highlights a potential problem. High, Medium, and Low levels all indicate a security issue that can result in compromised information confidentiality, integrity, and availability within your assessment target.
● High : treat this security issue as an emergency and implement an immediate remediation.
● Medium : fix this issue at the next possible opportunity, for example, during your next service update.
● Low : fix this issue as part of one of your future service updates.
● Informational : Describes a particular security configuration detail of your assessment target. Based on your business and organization goals, you can either simply make note of this information or use it to improve the security of your assessment target.
Amazon Inspector Rules Packages
Network assessments: * Network Reachability
* Common Vulnerabilities and Exposures
* Center for Internet Security (CIS) Benchmarks
* Security Best Practices for Amazon Inspector
* Runtime Behavior Analysis
Now you’ve inspect your instance using AWS inspector and it create reports for your instance.
AWS inspector can also be used in other scenarios. Though AWS doesn’t guarantee that following the provided recommendations will resolve every potential security issue, it provide you some suggestion about your instance.
<< Reprinted from eCloudture Blog >>