Customers are only allowed to scan their own instances; they are not permitted to do testing against any Amazon Web Services (AWS) service itself (you cannot scan S3 or the EC2 API endpoints). Additionally, scans cannot be directed at m1.small or t1.micro instances, and customers are not allowed to perform scans until they receive approval from AWS. The approval process typically takes two to three days once the request is submitted, assuming that the customer properly completed the AWS Vulnerability/Penetration Testing Request Form. The details of approval can be found here.
Customers using Alert Logic® Cloud Insight™ do not need to request permission for scanning or fill out this form because it is one of a small number of vulnerability scanning products that have been pre-authorized to run without requiring permission from AWS. In order to get the pre-authorization, a product must enforce all of the requirements that AWS would have a user agree to if they submitted the request form. For example, because Cloud Insight is only able to scan instances that are discovered using the IAM Role that the customer provides, it is not possible to use it to scan instances that belong to someone else. Additionally, Alert Logic filters out m1.small and t1.micro instances which prevent a user from scanning them.
Below are the guidelines on how to fill out the Alert Logic Threat Manager™ AWS Vulnerability/Penetration Testing Request Form:
DNS Zone Walking:
- NameServer Domain Name and IP Address
N/A - no DNS Zone Walking is performed
Source Data:
- IP Address
If internal scans will be run, the Threat Manager appliance/instance internal IP address will be entered here.
If external or PCI scans will be run, use the following IP addresses: 204.110.218.0/23, 208.71.208.0/22, 185.54.124.0/22. - Is the above IP address located in your offices?
No - Who owns the IP addresses?
Alert Logic - Phone contact for testing team
1-877-484-8383 - Does the testing company have an NDS with AWS?
No
Testing Details:
- Expected peak bandwidth (Gbps)*
0.005Gpbs (5Mbps) - Expected peak requests per second (RPS)*
3RPS - Expected peak Queries per second (QPS) for DNS Zone Walking
N/A - no DNS Zone Walking is performed - What criteria/metrics will you monitor to ensure the success of this test?
The scan progress and results are displayed in the Alert Logic console:
https://console.overview.alertlogic.com/#/exposures/scans/2?aaid=2&locid=defender-us-denver - Do you have a way to immediately stop the traffic if we/your discover any issue?
Yes, the scan can be stopped in the Cloud Defender portal:
https://console.overview.alertlogic.com/#/exposures/scans/2?aaid=2&locid=defender-us-denver
Comments
0 comments
Please sign in to leave a comment.