Description

A misconfiguration or default setting on Elastic Load Balancers that can cause to unintentionally increase the attack surface of the company cloud infrastructure.

Impact

- Result in the connection between load balancer and server being exploited. - The front-end connection between the client and the load balancer is vulnerable to eavesdropping and man-in-the-middle (MitM) attacks.

Recommendation

- Application load balancers should use acceptable policies. - Create a custom ELB SSL security policy that contains secure ciphers. - Strongly advised that the load balancer uses a secure listener.

Threat

Unauthorized attacker from adjacent network performing a MitM.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes