In the 21st century, the era of mobilization and the internet, we are always in search of new ways to secure our privacy and data. Currently, the most promising method is two or more factor authentication which we call Multi-Factor Authentication. Most ubiquitous examples might be e-mail authentication or payment gateways. But the past record of MFA is also not exceptional since security breaches happen in the ecosystem of MFA as well. Therefore, you cannot solely rely on this.
So, what should you do for these sign-in consoles that are not even secure with MFA in AWS?
Having metric filters and alarms in place
In the management console of AWS, you can monitor all the API calls and console sign-in by directing CloudTrail logs to CloudWatch Logs in order to establish corresponding metric filter and alarm. An alarm is triggered every time an IAM user calls for an API or sign in into your console. A report by Forrester (Market Research Company) also states that 80% of security breaches involve privileged credentials. Implementing CloudTrail and CloudWatch logs will increase the level of protection and visibility into your AWS account. Since all these records get stored into your S3 bucket, you can check your every record and logs anytime.
Why do you need the help of Centilyitcs?
Centilytics ensures that a trail in CloudTrail should be created and metric filter alarm has been configured in CloudWatch. We provide you with all the important information regarding your trails and logs in a tabular form for a better understanding. Centilytics monitors all of your settings in real-time and reminds you of the criticality of paying attention if something is not working. This helps ensure that your data remains safe.
||Ok: Following trail has CW logs groups configured with metric filter, alarm, SNS topic with at least one subscriber.|
||Warning: No SNS topic exist OR no subscribers to the list Of SNS topics this alarm OR no alarm exists, hence no associated SNS topic OR desired filter pattern doesn’t exist on any of the alarm existing in this region OR metric filter doesn’t exist, hence no associated alarm and SNS topic.|
||Critical: Delivery to CloudWatch logs not configured|
Description of further columns are as follows:
Account Id: Shows the respective account ID of the user’s account.
Account Name: Shows the account name corresponding to the user’s account.
Region: This column shows the region of your instance where it has been used
Identifier: Shows you the service with its trial name.
Log Group Name: It represents the name of the group which has permission to use the service.
Metric Filter Name: Shows you the name that you have given to the metric filter.
Alarm Name: Shows you the name of the alarm which you have assigned.
SNS Topic Name: SNS refers to the Simple Notification Service group. A group of individuals who receive the alert message.
Custom Severity Description: Shows the severity of your metric filter and its functions custom description.
|Account Id||Applying account Id filter will display all the public snapshots for the selected account Id.|
|Region||Applying the region filter will display all the public snapshots corresponding to the selected region.|
|Severity||Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all instances with critical severity. Same will be the case for Warning and Ok severity types.|
|Resource Tags||Applying resource tags filter will display those public snapshots which have been assigned the selected resource tag. For e.g., If the user has tagged some public snapshots by a resource tag named environment, then selecting an environment from the resource tags filter will display all those snapshots.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which are tagged as “environment:production”. The user can use the tag value filter only when a tag name has been provided.|
|Compliance||Applying Compliance filter, you can further refine your security and health checks.|