Aws Node To Node Encryption Disabled
Description
Detects AWS OpenSearch domains that have node-to-node encryption disabled. Node-to-node encryption is a critical security feature that encrypts communication between nodes in an OpenSearch cluster using TLS, protecting sensitive data in transit from potential eavesdropping or man-in-the-middle attacks.
Detection Strategy
• Scans all OpenSearch domains in the specified AWS region
• Checks the 'NodeToNodeEncryptionOptions.Enabled' configuration for each domain
• Reports a vulnerability if node-to-node encryption is disabled (false) or not configured
• Includes the domain's ARN and encryption status in the vulnerability report
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.