{"id":1483,"date":"2022-02-27T21:47:32","date_gmt":"2022-02-27T21:47:32","guid":{"rendered":"https:\/\/arpio.dev\/?p=1483"},"modified":"2022-04-22T13:36:37","modified_gmt":"2022-04-22T13:36:37","slug":"3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention","status":"publish","type":"post","link":"https:\/\/arpio.io\/staging\/8013\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/","title":{"rendered":"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks"},"content":{"rendered":"\r\n

There\u2019s a <\/span>lot of discussion on the internet<\/span><\/a> today about a possible increase in cyberattack activity on the heels of the tragic events in Ukraine.\u00a0 While we certainly hope none of that materializes, this is probably a pretty good day to ensure that you\u2019ve got the basics covered for protecting your AWS environments.<\/span><\/p>\r\n

Here are 3 essential things you can do today to improve your protection against cyber threats to your AWS environment.<\/span><\/p>\r\n

#1 Turn on MFA \u2013 Everywhere<\/span><\/h3>\r\n

Everyone understands that multi-factor authentication is the best defense against a broad range of attacks that leverage a legitimate user\u2019s credentials to illegitimately access an environment.\u00a0 We\u2019re constantly surprised, though, by how many people we see accessing their AWS environments without the benefit of MFA.\u00a0 This is table stakes for protecting your environment.<\/span><\/p>\r\n

You should turn on MFA in 3 locations:<\/span>
<\/span><\/p>\r\n

    \r\n
  1. Root User<\/b> \u2013 every AWS account has a \u201croot user,\u201d whose login is an email address provided when the account was created.\u00a0 This user has full permission within your AWS account.\u00a0 <\/span>
    <\/span>
    <\/span>You should not be using this user for day-to-day activities in your account (although we do see a lot of that), and you should be     enabling MFA here first.<\/a><\/span>

    <\/span><\/li>\r\n
  2. Console Users<\/b> \u2013 your team members frequently access AWS via a web browser, though the AWS console.\u00a0 They may login directly to the AWS console as an IAM user, or they may login through an SSO solution as an IAM role.<\/span>
    <\/span>
    <\/span>If logging in directly, have your team members log into the console, find their user in IAM, and     add an MFA device to their IAM user.<\/a><\/span>
    <\/span>
    <\/span>If using SSO, follow the instructions from your SSO provider for enabling MFA for the application that accesses your AWS environment. <\/span>

    <\/span><\/li>\r\n
  3. Access Tokens<\/b> \u2013 most devops engineers access AWS through scripts and tools that leverage access tokens, generated by AWS, for authentication.\u00a0 This almost always means they\u2019re accessing with the tokens for a specific IAM user.<\/span>
    <\/span>
    <\/span>Turning on MFA for the IAM user does not add a requirement that they provide their second factor when they authenticate with those tokens.\u00a0 This is major hole \u2013 engineers typically store their tokens in a well-known location on their workstations, and an attacker or malware that compromises their workstation knows exactly where to look for them.<\/span>
    <\/span>
    <\/span>Turning on MFA for access tokens is a separate step, that is harder than it should be.\u00a0 We have a blog post to describe     how it\u2019s done<\/a> (and how you enforce it)<\/span>.<\/span><\/li>\r\n<\/ol>\r\n

    #2 Enable Security Alerting<\/span><\/h3>\r\n

    It\u2019s pretty obvious that you\u2019d want to get notified if a bad actor compromises your environment.\u00a0 Unfortunately, basic security monitoring isn\u2019t turned on by default in AWS.\u00a0 You can invest a lot of money in acquiring security tools to help here, but the first step is simply to follow the guidance that AWS provides around enabling monitoring and alerting on CloudTrail events.\u00a0\u00a0<\/span><\/p>\r\n

    AWS provides a pretty thorough set of CloudTrail alarms that can be easily setup in your account with a single CloudFormation template<\/a><\/span>.\u00a0 You should install this template today.\u00a0 You may need to pair down some of the alarms if the operations they flag are actually part of your day-to-day activities (the only thing worse than no alerting is noisy alerting).\u00a0 But make sure you retain the alarms around AccessDenied* and *UnauthorizedOperation error codes \u2013 those errors should not be a normal part of your operations.<\/span><\/p>\r\n

    #3 Back-up Data Outside of Your Production Accounts<\/span><\/h3>\r\n

    Most companies focus their backup and DR efforts on accidental data loss and platform outage scenarios.\u00a0 But the most critical disasters to protect from are malicious, like ransomware.\u00a0 If that happens, you could be out lots of bitcoin to recover, or you may not be able to recover at all.<\/span><\/p>\r\n

    The essential best practice around backups is to store them \u201cair-gapped\u201d so that a bad actor cannot delete them and undermine your recoverability.\u00a0 In a physical environment, you might do that by completely disconnecting them from your network.\u00a0 In an AWS environment, the common practice is to store them in a second AWS account.\u00a0 This account is your \u201cbunker\u201d \u2013 nobody is granted access to it, and the attack vectors that allow access to your production environment do not exist here.\u00a0 It\u2019s your last line of defense if it get compromised.<\/span><\/p>\r\n

    In a perfect world, you\u2019d never need this advice.\u00a0 But as we\u2019re certainly reminded this week, we live in a very imperfect world.\u00a0 Please be safe, and please protect your AWS environments.<\/span><\/p>\r\n

    About us<\/strong><\/p>\r\n

    Arpio is a leader in automated disaster recovery solutions for Amazon Web Services (AWS) cloud workloads.<\/span><\/p>\r\n

    <\/p><\/body>","protected":false},"excerpt":{"rendered":"

    There\u2019s a lot of discussion on the internet today about a possible increase in cyberattack activity on the heels of the tragic events in Ukraine.\u00a0 While we certainly hope none…<\/p>\n","protected":false},"author":4,"featured_media":1489,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","content-type":"","inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1483","post","type-post","status-publish","format-standard","has-post-thumbnail","category-blog"],"yoast_head":"\n3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks - Arpio Disaster Recovery Made Easy<\/title>\n<meta name=\"description\" content=\"Here are 3 essential things you can do today to improve your AWS environment protection against cyber threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks - Arpio Disaster Recovery Made Easy\" \/>\n<meta property=\"og:description\" content=\"Here are 3 essential things you can do today to improve your AWS environment protection against cyber threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/\" \/>\n<meta property=\"og:site_name\" content=\"Arpio Disaster Recovery Made Easy\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-27T21:47:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-22T13:36:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/arpio.io\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Doug\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Doug\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/\"},\"author\":{\"name\":\"Doug\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42\"},\"headline\":\"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks\",\"datePublished\":\"2022-02-27T21:47:32+00:00\",\"dateModified\":\"2022-04-22T13:36:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/\"},\"wordCount\":779,\"image\":{\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/\",\"url\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/\",\"name\":\"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks - Arpio Disaster Recovery Made Easy\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg\",\"datePublished\":\"2022-02-27T21:47:32+00:00\",\"dateModified\":\"2022-04-22T13:36:37+00:00\",\"author\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42\"},\"description\":\"Here are 3 essential things you can do today to improve your AWS environment protection against cyber threats.\",\"breadcrumb\":{\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#primaryimage\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg\",\"contentUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg\",\"width\":2560,\"height\":1707},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/arpio.io\/staging\/8013\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/\",\"name\":\"Arpio Disaster Recovery Made Easy\",\"description\":\"AWS Disaster Recovery\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42\",\"name\":\"Doug\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/98d763d738bde480338f289de28be30208ce6fbcdb2e370e4e94dd5e5ec5ffb5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/98d763d738bde480338f289de28be30208ce6fbcdb2e370e4e94dd5e5ec5ffb5?s=96&d=mm&r=g\",\"caption\":\"Doug\"},\"url\":\"https:\/\/arpio.io\/staging\/8013\/author\/doug\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks - Arpio Disaster Recovery Made Easy","description":"Here are 3 essential things you can do today to improve your AWS environment protection against cyber threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/","og_locale":"en_US","og_type":"article","og_title":"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks - Arpio Disaster Recovery Made Easy","og_description":"Here are 3 essential things you can do today to improve your AWS environment protection against cyber threats.","og_url":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/","og_site_name":"Arpio Disaster Recovery Made Easy","article_published_time":"2022-02-27T21:47:32+00:00","article_modified_time":"2022-04-22T13:36:37+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/arpio.io\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg","type":"image\/jpeg"}],"author":"Doug","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Doug","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#article","isPartOf":{"@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/"},"author":{"name":"Doug","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42"},"headline":"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks","datePublished":"2022-02-27T21:47:32+00:00","dateModified":"2022-04-22T13:36:37+00:00","mainEntityOfPage":{"@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/"},"wordCount":779,"image":{"@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/","url":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/","name":"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks - Arpio Disaster Recovery Made Easy","isPartOf":{"@id":"https:\/\/arpio.io\/staging\/8013\/#website"},"primaryImageOfPage":{"@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#primaryimage"},"image":{"@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg","datePublished":"2022-02-27T21:47:32+00:00","dateModified":"2022-04-22T13:36:37+00:00","author":{"@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42"},"description":"Here are 3 essential things you can do today to improve your AWS environment protection against cyber threats.","breadcrumb":{"@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#primaryimage","url":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg","contentUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2022\/02\/russia-cyber-scaled.jpeg","width":2560,"height":1707},{"@type":"BreadcrumbList","@id":"https:\/\/arpio.io\/3-steps-to-prepare-your-aws-environment-for-escalating-cyber-attacks-prevention\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/arpio.io\/staging\/8013\/"},{"@type":"ListItem","position":2,"name":"3 Steps to Prepare Your AWS Environment for Escalating Cyber Attacks"}]},{"@type":"WebSite","@id":"https:\/\/arpio.io\/staging\/8013\/#website","url":"https:\/\/arpio.io\/staging\/8013\/","name":"Arpio Disaster Recovery Made Easy","description":"AWS Disaster Recovery","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42","name":"Doug","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/98d763d738bde480338f289de28be30208ce6fbcdb2e370e4e94dd5e5ec5ffb5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/98d763d738bde480338f289de28be30208ce6fbcdb2e370e4e94dd5e5ec5ffb5?s=96&d=mm&r=g","caption":"Doug"},"url":"https:\/\/arpio.io\/staging\/8013\/author\/doug\/"}]}},"_links":{"self":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/1483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/comments?post=1483"}],"version-history":[{"count":0,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/1483\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media\/1489"}],"wp:attachment":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media?parent=1483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/categories?post=1483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/tags?post=1483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}