Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → aquasecurity → Cloud Security Remediation Guides

aquasecurity / Cloud Security Remediation Guides

Security Remediation Guides

Labels

aws cloud azure

Projects that are alternatives of or similar to Cloud Security Remediation Guides

🍔 A Node.js Serverless Framework for front-end/full-stack developers. Build the application for next decade. Works on AWS, Alibaba Cloud, Tencent Cloud and traditional VM/Container. Super easy integrate with React and Vue. 🌈

Stars: ✭ 5,080 (+4098.35%)

Mutual labels: aws, cloud, azure

Machine Learning Platform and Recommendation Engine built on Kubernetes

Stars: ✭ 1,435 (+1085.95%)

Mutual labels: aws, cloud, azure

Reads from existing Cloud Providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration

Stars: ✭ 452 (+273.55%)

Mutual labels: aws, cloud, azure

Android in docker solution with noVNC supported and video recording

Stars: ✭ 4,042 (+3240.5%)

Mutual labels: aws, cloud, azure

☁️ Go API for open cloud

Stars: ✭ 112 (-7.44%)

Mutual labels: aws, cloud, azure

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Stars: ✭ 3,926 (+3144.63%)

Mutual labels: aws, cloud, azure

Cloud Security Posture Management (CSPM)

Stars: ✭ 1,338 (+1005.79%)

Mutual labels: aws, cloud, azure

Multi-Cloud Security Auditing Tool

Stars: ✭ 3,803 (+3042.98%)

Mutual labels: aws, cloud, azure

🐳🐳🐳 This repository is part of a blog series on Docker Swarm example using VirtualBox, OVH Openstack, Azure and Amazon Web Services AWS

Stars: ✭ 43 (-64.46%)

Mutual labels: aws, cloud, azure

The Go Cloud Development Kit (Go CDK): A library and tools for open cloud development in Go.

Stars: ✭ 8,124 (+6614.05%)

Mutual labels: aws, cloud, azure

List of resources - courses, sample code, articles and screencasts for learning AWS, Azure, GCP and Alibaba Cloud

Stars: ✭ 100 (-17.36%)

Mutual labels: aws, cloud, azure

Pulumi - Developer-First Infrastructure as Code. Your Cloud, Your Language, Your Way 🚀

Stars: ✭ 10,887 (+8897.52%)

Mutual labels: aws, cloud, azure

Leapp is the tool to access your cloud; It securely stores your access information and generates temporary credential sets to access your cloud ecosystem from your local machine.

Stars: ✭ 306 (+152.89%)

Mutual labels: aws, cloud, azure

Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources

Stars: ✭ 385 (+218.18%)

Mutual labels: aws, cloud, azure

An open source platform for managing and analyzing biomedical big data

Stars: ✭ 274 (+126.45%)

Mutual labels: aws, cloud, azure

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

Stars: ✭ 526 (+334.71%)

Mutual labels: aws, cloud, azure

Deploy your apps on any Cloud provider in just a few seconds

Stars: ✭ 1,132 (+835.54%)

Mutual labels: aws, cloud, azure

Cloud cost estimates for Terraform in pull requests💰📉 Love your cloud bill!

Stars: ✭ 4,505 (+3623.14%)

Mutual labels: aws, cloud, azure

Compare the various managed cloud services offered by the major public cloud providers in the market.

Stars: ✭ 678 (+460.33%)

Mutual labels: aws, cloud, azure

ManageIQ Open-Source Management Platform

Stars: ✭ 1,089 (+800%)

Mutual labels: aws, cloud, azure

View All Similar Projects ➔

CloudSploit Security Remediation Guides

CloudSploit's remediation guides are intended to be an open-source resource for improving cloud security. Many cloud IaaS providers like AWS, Azure, and Google Cloud have a shared responsibility model. They provide the physical and architectural security, along with tools to properly secure the services they offer, but it is up to the user to configure those settings properly.

Background

This repository is an extension of CloudSploit's open-source scanning engine. We first released the scanning engine in 2015, and this documentation repository is a natural follow up to that tool. The goal of these guides are to provide detailed steps on remediation common security issues in cloud services.

Table of Contents

AWS
- ACM
  - ACM Certificate Validation
- AutoScaling
  - ASG Multiple AZ
- CloudFront
  - CloudFront HTTPS Only
  - CloudFront Logging Enabled
  - Insecure CloudFront Protocols
  - Public S3 CloudFront Origin
  - Secure CloudFront Origin
- CloudTrail
  - CloudTrail Bucket Access Logging
  - CloudTrail Bucket Delete Policy
  - CloudTrail Bucket Private
  - CloudTrail Enabled
  - CloudTrail Encryption
  - CloudTrail File Validation
  - CloudTrail To CloudWatch
- CloudWatchLogs
  - CloudWatch Monitoring Metrics
- ConfigService
  - Config Service Enabled
- EC2
  - Cross VPC Public Private Communication
  - Default Security Group
  - Default VPC In Use
  - Detect EC2 Classic Instances
  - EBS Encrypted Snapshots
  - EBS Encryption Enabled
  - EC2 Instance Key Based Login
  - EC2 Max Instances
  - Elastic IP Limit
  - Encrypted AMI
  - Excessive Security Groups
  - Instance IAM Role
  - Instance Limit
  - NAT Multiple AZ
  - Open All Ports Protocols
  - Open CIFS
  - Open DNS
  - Open Elasticsearch
  - Open FTP
  - Open MySQL
  - Open NetBIOS
  - Open Oracle
  - Open PostgreSQL
  - Open RDP
  - Open RPC
  - Open SMBoTCP
  - Open SMTP
  - Open SQL Server
  - Open SSH
  - Open Telnet
  - Open VNC Client
  - Open VNC Server
  - Overlapping Security Groups
  - Public AMI
  - Subnet IP Availability
  - VPC Elastic IP Limit
  - VPC Flow Logs Enabled
  - VPC Multiple Subnets
- ELB
  - ELB HTTPS Only
  - ELB Logging Enabled
  - ELB No Instances
  - Insecure Ciphers
- Firehose
  - Firehose Delivery Streams Encrypted
- IAM
  - Access Keys Extra
  - Access Keys Last Used
  - Access Keys Rotated
  - Certificate Expiry
  - Empty Groups
  - IAM User Admins
  - Maximum Password Age
  - Minimum Password Length
  - No User IAM Policies
  - Password Expiration
  - Password Requires Lowercase
  - Password Requires Numbers
  - Password Requires Symbols
  - Password Requires Uppercase
  - Password Reuse Prevention
  - Root Access Keys
  - Root Account In Use
  - Root MFA Enabled
  - SSH Keys Rotated
  - Users MFA Enabled
  - Users Password Last Used
- KMS
  - KMS Default Key Usage
  - KMS Key Policy
  - KMS Key Rotation
  - KMS Scheduled Deletion
- Kinesis
  - Kinesis Streams Encrypted
- Lambda
  - Lambda Old Runtimes
- RDS
  - RDS Automated Backups
  - RDS Encryption Enabled
  - RDS Multiple AZ
  - RDS Publicly Accessible
  - RDS Restorable
- Redshift
  - Redshift Encryption Enabled
  - Redshift Publicly Accessible
- Route53
  - Domain Auto Renew
  - Domain Expiry
  - Domain Transfer Lock
- S3
  - S3 Bucket All Users ACL
  - S3 Bucket All Users Policy
  - S3 Bucket Logging
  - S3 Bucket Versioning
- SES
  - Email DKIM Enabled
- SNS
  - SNS Topic Policies
- SQS
  - SQS Cross Account Access
  - SQS Encrypted
- SSM
  - SSM Encrypted Parameters
- SageMaker
  - Notebook Data Encrypted
  - Notebook Direct Internet Access
Azure
- Active Directory
  - Ensure No Guest User
  - Minimum Password Length
  - No Custom Owner Roles
  - Password Requires Lowercase
  - Password Requires Numbers
  - Password Requires Symbols
  - Password Requires Uppercase
- App Service
  - .NET Framework Version
  - Authentication Enabled
  - Client Certificates Enabled
  - HTTP 2.0 Enabled
  - HTTPS Only Enabled
  - Identity Enabled
  - Java Version
  - PHP Version
  - Python Version
  - TLS Version Check
- Azure Policy
  - Resource Location Matches Resource Group
  - Resources Allowed Locations
- Blob Service
  - Blob Container Private Access
  - Blob Service Immutable
- CDN Profiles
  - Detect Insecure Custom Origin
  - Endpoint Logging Enabled
- Container Registry
  - ACR Admin User
- File Service
  - File Service All Access ACL
- Key Vaults
  - Key Expiration Enabled
  - Key Vault Recovery Enabled
  - Secret Expiration Enabled
- Kubernetes Service
  - Kubernetes Latest Version
  - Kubernetes RBAC Enabled
- Load Balancer
  - LB HTTPS Only
  - LB No Instances
- Log Alerts
  - Network Security Groups Logging Enabled
  - Network Security Groups Rule Logging Enabled
  - Policy Assignment Alerts Enabled
  - SQL Server Firewall Rule Alerts Monitor
  - Security Policy Alerts Enabled
  - Security Solution Logging
  - Virtual Network Alerts Monitor
- Monitor
  - Key Vault Log Analytics Enabled
  - Load Balancer Log Analytics Enabled
  - Log Profile Archive Data
  - Log Profile Retention Policy
  - NSG Log Analytics Enabled
- MySQL Server
  - Enforce MySQL SSL Connection
- Network Security Groups
  - Default Security Group
  - Excessive Security Groups
  - Network Watcher Enabled
  - Open All Ports
  - Open CIFS
  - Open DNS
  - Open FTP
  - Open Hadoop HDFS NameNode Metadata Service
  - Open Hadoop HDFS NameNode WebUI
  - Open Kibana
  - Open MySQL
  - Open NetBIOS
  - Open Oracle
  - Open Oracle Auto Data Warehouse
  - Open PostgreSQL
  - Open RDP
  - Open RPC
  - Open SMBoTCP
  - Open SMTP
  - Open SQLServer
  - Open SSH
  - Open Telnet
  - Open VNC Client
  - Open VNC Server
- PostgreSQL Server
  - Connection Throttling Enabled
  - Enforce PostgreSQL SSL Connection
  - Log Checkpoints Enabled
  - Log Connections Enabled
  - Log Disconnections Enabled
  - Log Duration Enabled
  - Log Retention Period
- Queue Service
  - Queue Service All Access ACL
- Resources
  - Management Lock Enabled
  - Resources Usage Limits
- SQL Databases
  - DB Restorable
  - Database Auditing Enabled
  - SQL DB Multiple AZ
- SQL Server
  - Advanced Data Security Enabled
  - Audit Action Groups Enabled
  - Audit Retention Policy
  - Azure Active Directory Admin Enabled
  - Email Account Admins Enabled
  - SQL Server Public Access
  - Send Alerts Enabled
  - Server Auditing Enabled
  - TDE Protector Encrypted
- Security Center
  - Admin Security Alerts Enabled
  - Application Whitelisting Enabled
  - Auto Provisioning Enabled
  - High Severity Alerts Enabled
  - Monitor Blob Encryption
  - Monitor Disk Encryption
  - Monitor Endpoint Protection
  - Monitor JIT Network Access
  - Monitor NSG Enabled
  - Monitor SQL Auditing
  - Monitor SQL Encryption
  - Monitor System Updates
  - Monitor VM Vulnerability
  - Security Configuration Monitoring
  - Security Contacts Enabled
  - Standard Pricing Enabled
- Storage Accounts
  - Blob Service Encryption
  - File Service Encryption
  - Log Container Public Access
  - Log Storage Encryption
  - Network Access Default Action
  - Storage Accounts AAD Enabled
  - Storage Accounts Encryption
  - Storage Accounts HTTPS
  - Trusted MS Access Enabled
- Table Service
  - Table Service All Access ACL
- Virtual Machines
  - Classic Instances
  - Scale Set Multi Az
  - Scale Sets Autoscale Enabled
  - VM Agent Enabled
  - VM Auto Update Enabled
  - VM Availability Set Enabled
  - VM Availability Set Limit
  - VM Data Disk Encryption
  - VM Endpoint Protection
  - VM Instance Limit
  - VM OS Disk Encryption
- Virtual Networks
  - Multiple Subnets
Google
GitHub
- Orgs
- Repos
  - Repo Deploy Keys Rotated
  - Repo Outside Collaborators
- Users
Oracle

Contributing

Please see the contributor's guide.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 121

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (7) 🔗