AWS Inspector — Security Assessment Tool
This Blog has moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.
A Security assessment tool is a vital part of IT security which does wide variety of security assessment tests on the IT resources and generate detailed reports on it. Most of these tools have the capability of prioritising vulnerabilities based on the severity. This is the indication for an IT administrator to patch the softwares. AWS Inspector is an automated security assessment scanner that can evaluate security loopholes and deviation from the best practices for applications hosted on AWS. AWS Inspector communicates with EC2 instances with the help of agents installed on it and generates reports.
AWS Inspector Terminology
Amazon Inspector agent: Inspector agents are installed on the EC2 instances. These agents collect the data (Telemetry) associated with installed software and send it to AWS Inspector services.
Assessment target: Normally it is a set of EC2 instances which you want to assess for vulnerably. Targets are identified by unique tags.
Rules and Rules package: Checks are performed on the IT resources based on certain Rules. The collection of a rule is a Rules package.
Telemetry: Behavioural or configurational data collected from EC2 instances by the inspector agent is called Telemetry.
Finding: Findings are the issues discovered by the inspector.
Configurations
Operating System: Centos 6.9
Architecture: 64 bit
Platform: AWSConfiguration of AWS Inspector involves the following steps,
- Install the Inspector Agent in EC2 instances
- Prepare EC2 Instances
- Configure the Inspector service
- Analyze findings for vulnerabilities
Install the Inspector Agent
Agents collect the data(behavioral and configurational) called telemetry from EC2 instances and pass them on to AWS Inspector for further analysis. Installation of an agent in Linux is a simple process,
- Download agent from the following path
# curl -O https://d1wk0tztpsntt1.cloudfront.net/linux/latest/install2) Make sure that the file named “install” is downloaded in the current directory.
3) Install the agent by executing the command below
# bash install
4) Execute the command below to see the status. Use chk config command to enable agent service at boot, if it is not set.
# /etc/init.d/awsagent status
Prepare EC2 Instances
You have to prepare EC2 instances by setting up the tags. Instances to be inspected are decided by the tags associated with it. Here we use key App.
Configure the AWS Inspector
AWS inspector is the most important component of the set up which analyze the data (telemetry) collected from EC2 instances.
- Select AWS inspector service and click Get started.
2) Select Advanced Setup.
3) In Define an assessment target window Enter Target Name. Uncheck “All instances” and select the Tag Key/Value pair. Click Next
4) Assign a name for the template and select options as shown on the screenshot below. I have run with the least configuration. But you can customize it. Click Next. Review and create.
5) In “Assessment runs” window wait till status changes to “Analysis complete” from “Collecting data”.
Analyze findings
- Go to the dashboard and see the findings
2) Click the Notable findings to see a detailed description about vulnerability.
Operating Systems Supported
AWS Inspector supports the 64 bit version of the following operating systems platforms right now. They may add additional OS versions in the future.
Linux
- Amazon Linux 2 (2017.12)
- Amazon Linux (2018.03, 2017.09, 2017.03, 2016.09, 2016.03, 2015.09, 2015.03, 2014.09, 2014.03, 2013.09, 2013.03, 2012.09, 2012.03)
- Ubuntu (18.04 LTS, 16.04 LTS, 14.04 LTS)
- Debian (9.0–9.4)
- Red Hat Enterprise Linux (7.2–7.5, 6.2–6.9)
- CentOS (7.2–7.5, 6.2–6.9)
Windows
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016 Base
Windows Based Systems
For Windows-based systems you may have to download and install the agent in the instance.
https://d1wk0tztpsntt1.cloudfront.net/windows/installer/latest/AWSAgentInstall.exe
Conclusion
Vulnerability assessment is the most important part of IT security. This enables the administrators to identify the security loopholes associated with a software. We have configured AWS inspector to assess the vulnerability associated with an EC2 instance. Now, we will be able to generate a security assessment report.
Related Readings
