Check your Elastic Load Balancers (ELBs) listeners for insecure configurations. Cloud Conformity recommends only using secure protocols, such as HTTPS or SSL, to encrypt the communication between the client and your load balancers.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When an ELB has any listeners that are not configured to use a secure protocol, such as HTTPS or SSL, the front-end connection between the client and the load balancer is vulnerable to eavesdropping and man-in-the-middle (MITM) attacks. The risk becomes even higher when transmitting sensitive private data such as credit card numbers. If your ELBs are using insecure listeners, such as HTTP, apply the information provided in this guide (see Remediation/Resolution section) to update their configuration.
Audit
To determine if your load balancers are only using secure listeners, perform the following:
Remediation / Resolution
To secure the connection between the client and the load balancer, update each ELB configuration to use listeners with HTTPS or SSL protocols (an X.509 SSL certificate is required). To implement HTTPS / SSL for your ELBs front-end listeners, perform the following:
References
- AWS Documentation
- What Is Elastic Load Balancing?
- HTTPS Load Balancers
- Listeners for Your Load Balancer
- Listener Configurations for Your Load Balancer
- Configure an HTTPS Listener for Your Load Balancer
- SSL Negotiation Configurations for Elastic Load Balancing
- Predefined SSL Security Policies for Elastic Load Balancing
- SSL Security Policies for Elastic Load Balancing
- Update the SSL Negotiation Configuration of Your Load Balancer
- AWS Command Line Interface (CLI) Documentation
- elb
- describe-load-balancer-policies
- list-certificates
- list-server-certificates
- create-load-balancer-listeners
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
ELB Listener Security
Risk level: High