Customers are only allowed to scan their own instances; they are not permitted to do testing against any Amazon Web Services (AWS) service itself (you cannot scan S3 or the EC2 API endpoints). Additionally, scans cannot be directed at m1.small or t1.micro instances, and customers are not allowed to perform scans until they receive approval from AWS. The approval process typically takes two to three days once the request is submitted, assuming that the customer properly completed the AWS Vulnerability/Penetration Testing Request Form. The details of approval can be found in the AWS Penetration Testing documentation.
If you need to run a vulnerability scan that originates from outside your environment against AWS assets, you will need to complete the form. Any other type of Alert Logic scans have already been pre-authorized. If you need to run an internal scan, you will not need to complete this form because the scan originates from within your environment.
Below are the guidelines on how to fill out the Alert Logic AWS Vulnerability/Penetration Testing Request Form:
DNS Zone Walking
- NameServer Domain Name and IP Address
N/A - no DNS Zone Walking is performed
Source Data
- IP Address
If internal scans will be run, the Alert Logic appliance/instance internal IP address will be entered here.
If external or PCI scans will be run, use the following IP addresses: 204.110.218.0/23, 208.71.208.0/22, 185.54.124.0/22. - Is the above IP address located in your offices?
No - Who owns the IP addresses?
Alert Logic - Phone contact for testing team
1-877-484-8383 - Does the testing company have an NDA with AWS?
Yes
Testing Details
- Expected peak bandwidth (Gbps)*
0.005Gpbs (5Mbps) - Expected peak requests per second (RPS)*
3RPS - Expected peak Queries per second (QPS) for DNS Zone Walking
N/A - no DNS Zone Walking is performed - What criteria/metrics will you monitor to ensure the success of this test?
The scan progress and results are displayed in the Alert Logic console:
https://console.overview.alertlogic.com/#/exposures/scans/2?aaid=2&locid=defender-us-denver - Do you have a way to immediately stop the traffic if we/your discover any issue?
Yes, the scan can be stopped in the Alert Logic console:
https://console.overview.alertlogic.com/#/exposures/scans/2?aaid=2&locid=defender-us-denver
Comments
0 comments
Please sign in to leave a comment.