250 – Non-encrypted hard drives

Description

Disk or hard drives without encryption, leave data stored on a computer or network storage system unprotected. Full disk encryption is a great way to protect sensitive customer data.

Impact

- Access to company sensitive information - Modify or delete the information stored in the disks

Recommendation

Set the encrypted property for all the hard drives instances defined as code.

Threat

Authenticated attacker with local access to the machine

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: L
• Attack complexity: H
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): L
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 266 - Disable insecure functionalities

Fixes

• Aws
• Cloudformation
• Go
• Java
• Scala

Last updated

2024/02/16