Questions tagged with Network Security
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
We received an email from a whitehat security researcher who was leased a public ip address that we used to own and still had an dns entry pointing to.
Does aws have mechanisms to prevent this?
Can a...
Accepted AnswerNetwork Security
1
answers
0
votes
54
views
asked 19 days agolg...
Hi all,
I'm working on an automation process that creates a **WAFv2 WebACL** whenever a **CloudFront distribution** is created, using **EventBridge** and **Step Functions**.
The automation should...
2
answers
1
votes
471
views
asked 24 days agolg...
Hello Experts,
I have a few Network Load Balancers in my environment which do not have any security groups attached.
Additionally, the NACLs for the subnet allow all inbound and outbound traffic....
2
answers
0
votes
120
views
asked a month agolg...
How to use AWS WAF to prevent "awselb/2.0" server information exposure in HTTP response header?lg...
![vulnerability snapshot](/media/postImages/original/IM2QRdsK_0Tx-P4R-ruiM5jg)
We identified this vulnerability in our VAPT reports. unfortunately, AWS doesn't provide any option to remove the header....
3
answers
0
votes
881
views
asked a month agolg...
Please consider two EC2s, A & B.
When I ping/telnet (consider SGs allow this) from A to B with private IPs, IGW doesn't participate, traffic gets sent from private IP as a SRC address of A to the...
1
answers
0
votes
84
views
asked a month agolg...
Hello, I recently updated my google chrome browser to 124.0.6367.119 and found that my connections to AWS were being blocked. Right before I downloaded the update I was able to access the console. The...
0
answers
0
votes
237
views
asked a month agolg...
Hi,
I have API endpoints for writing the score of players after each game from the server. So my worry is, how can I make sure only the server is authorized to invoke the api? Is a resource policy...
1
answers
0
votes
171
views
asked 2 months agolg...
I requested to reach concerto. A server is created for me. However, as you see in the uploaded photo , there is a login id and password. As I couldn't see any information about ID in the outputs...
2
answers
0
votes
203
views
asked 2 months agolg...
Today we found that on our RDS on every DB there is an extra table name "YOUR_DB_IS_HACKED" containing these below content. we checked that this table is created on on "2024-03-19".
> ('Your database...
2
answers
0
votes
341
views
asked 2 months agolg...
Hi there,
I’m looking at the egress traffic generated from my AWS account and I noticed several calls to all region ec2 endpoints. It seems to be a kind of health check, however I’m not sure. In...
1
answers
0
votes
258
views
asked 2 months agolg...
**How to prevent "awselb/2.0" server information exposure in HTTP response header?**
![Enter image description here](/media/postImages/original/IMv3AXjmLYTdqIcQRHBiG8Yg)
**Please provide a solution...
2
answers
0
votes
680
views
asked 3 months agolg...
I'm very new to AWS, so apologise if I am asking what might be a ridiculous question.
I am trying to understand more about security groups. Based of what I found from reading various...
2
answers
0
votes
642
views
asked 3 months agolg...