Virtual Private Network (VPN) – How to track configuration changes

Virtual-Private-Network-VPN-Configuration-Changes_Cloud-Security

AWS Virtual Private Cloud (VPC) is a commercial cloud-based service for enterprise customers who prefer to run their workloads in the private cloud. It enables you to configure AWS resources, services, and application over IPsec (for data security). VPC also allows you to define your own range of IP addresses, the creation of the subnets and the configuration of route tables & network gateways.
You can configure a Virtual Private Network (VPN) in your Amazon VPC to create a connection between your remote network and VPN software appliances which are running in your Amazon VPC network. This makes it easier to manage both the ends for compliance purpose as well as for the gateway devices which are not currently supported by AWS VPC’s Virtual Private Network solution.

Manage your Virtual Private Network in Amazon VPC

A comprehensive set of services facilitated by AWS to carter the need for managing and monitoring the AWS VPC network. And, the best tools to monitor any network configuration changes are CloudTrail along with CloudWatch. Since CloudTrail provides logs of each API calls for an account including calls made through AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services. Therefore, security analysis of your virtual private network, resource change tracking, and compliance auditing for an account become much easier.

Also, if you deliver CloudTrail data to CloudWatch logs then, you can store, monitor, and process API calls for network-specific changes and to send appropriate notifications. CloudWatch alarms notify you about specific security and network API activity that occurred. Therefore, this approach is the most convenient and recommended approach for customers to use the AWS Config console who want to keep track of CloudTrail changes.

However, it does not deliver the details of which specific resource or configuration values were changed.

How Centilytics ensures that your cloud is secure?

Centilytics has a dedicated insight that notifies you about the configuration of CloudTrail and whether these logs have been sent to CloudWatch or not. This insight ensures that CloudWatch always triggers an alarm to notify you about any change that occurs in network configuration by CloudTrail. Hence, you can secure your virtual private network and will not miss out on any changes or trouble causing activities.

Insight Description:

OK-Virtual Private Network Change Alarm
 OK: CloudTrail has CloudWatch logs groups configured with metric filter, alarm, SNS topic with at least one subscriber.
Warning-Virtual Private Network Change Alarm
Warning: For your CloudWatch alarms, either no SNS topic is created or no individual is present in the list of topic subscribers to receive the alerts. 
Critical-Virtual Private Network Change Alarm
 Critical: Delivery to CloudWatch logs not configured

 

Description of further columns are as follows:

Account Id: Shows the respective account ID of the user’s account.

Account ID-Virtual Private Network Alarm

Account Name: Shows corresponding account name to the user’s account.

Account Name-Virtual Private Network Alarm

Region: This column shows the region of your instance where it has been used.

Region-Virtual Private Network Alarm

Identifier: Shows you the service with its trial name.

Identifier-Virtual Private Network Alarm

Log Group Name: It represents the name of the group which has permission to use the service.

Log Group Name-Virtual Private Network Alarm

Metric Filter Name: Shows the name that you have given to the metric filter.

Metric Filter Name-Virtual Private Network Alarm

Alarm Name: Shows you the name of the alarm which you have assigned.

Alarm Name-Virtual Private Network Alarm

SNS Topic Name: SNS refers to the Simple Notification Service group. A group of individuals who receive the alert message

SNS Topic Name-Virtual Private Network Alarm

Custom Severity Description: Shows the severity of your metric filter and its functions custom description.

Custom Severity Discription-Virtual Private Network Alarm

Filters Applicable:
Filter Name Description
Account Id Applying account Id filter will display all the public snapshots for the selected account Id.
Region Applying the region filter will display all the public snapshots corresponding to the selected region.
Severity Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all instances with critical severity. Same will be the case for Warning and Ok severity types.
Resource Tags Applying resource tags filter will display those public snapshots which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those snapshots.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which are tagged as “environment: production”. The user can use the tag value filter only when a tag name has been provided.
Compliance Applying the Compliance filter, you can further refine your security and health checks.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here