Issues

Report

Metadash

Metadash Issue Report

July 12, 2024

Grade

C

Connections
  • Hooli (AWS 9782)
Statistics
  • 11% Danger88% Warning
  • 85% Security14% Stability

AWS IAM

Issue Level Category
Excessive max password age

Having a max password age set to too long of a period increases the risk of compromised credentials. Shorter expiration periods are essential for regular password updates, reducing the window of opportunity for attackers to exploit compromised credentials.

Warning Security
Password minimum length too short

Longer and more complex passwords are essential for robust security, and a short minimum length makes it easier for malicious actors to compromise user accounts through brute-force or other password attacks.

Warning Security
Password expiration disabled

Disabling password expiration poses a security risk as it allows user credentials to remain unchanged indefinitely. This increases the likelihood of compromised accounts going undetected, potentially leading to unauthorized access and security breaches.

Warning Security
Password reuse allowed

Password reuse should be avoided as it increases the vulnerability of accounts

Warning Security

subnet-0dae79e86a6ad01b1

Subnet us-west-2c
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

hooli-west-db-main

Database us-west-2b
Issue Level Category
Database publicly accessible

Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information.

Danger Security
Database backups disabled

Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss.

Danger Stability
Database not redundant

Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones.

Warning Stability
Database storage unencrypted

Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements.

Warning Security

hooli-west-db-warehouse

Database us-west-2c
Issue Level Category
Database publicly accessible

Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information.

Danger Security
Database backups disabled

Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss.

Danger Stability
Database upgrade disabled

Enabling auto minor version upgrade on databases can help ensure that your database is always running on the latest version, with important security patches and bug fixes applied automatically. This can improve the overall security and performance of your database and reduce the risk of potential vulnerabilities or downtime.

Warning Security
Database not redundant

Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones.

Warning Stability
Database storage unencrypted

Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements.

Warning Security

hooli-east-db-warehouse

Database us-east-1a
Issue Level Category
Database backups disabled

Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss.

Danger Stability
Database publicly accessible

Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information.

Danger Security
Database upgrade disabled

Enabling auto minor version upgrade on databases can help ensure that your database is always running on the latest version, with important security patches and bug fixes applied automatically. This can improve the overall security and performance of your database and reduce the risk of potential vulnerabilities or downtime.

Warning Security
Database not redundant

Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones.

Warning Stability
Database storage unencrypted

Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements.

Warning Security

elb-1

Load Balancer us-west-2a
Issue Level Category
Load balancer allows insecure access

Allowing a load balancer to use HTTP can expose your application to security risks, as HTTP traffic is not encrypted and can be intercepted and manipulated by attackers.

Danger Security
Load balancer logging disabled

Enabling access logging for load balancers allows you to monitor and analyze traffic to your application, and can help troubleshoot issues with your application's performance. Additionally, access logs can provide valuable insights for security auditing and compliance purposes.

Warning Security

sg_3

Firewall us-west-2
Issue Level Category
Firewall PostgreSQL port public

Having the PostgreSQL database's 5432 port open to the public internet poses a severe security risk. It exposes the database to potential attackers who can exploit vulnerabilities or attempt unauthorized logins through this open port.

Danger Security
Firewall not used

Having unused firewalls can increase the risk of security breaches as they can be mistakenly assigned to running instances or left open, allowing unauthorized access to resources.

Warning Security

hooli-east-db-main

Database us-east-1d
Issue Level Category
Database publicly accessible

Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information.

Danger Security
Database backups limited

Setting the backup period to at least 30 days on databases ensures that users have a longer retention period for data recovery, in case of accidental or intentional data loss, and enables compliance with data retention regulations.

Warning Stability
Database not redundant

Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones.

Warning Stability
Database storage unencrypted

Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements.

Warning Security

sg_3

Firewall us-east-1
Issue Level Category
Firewall PostgreSQL port public

Having the PostgreSQL database's 5432 port open to the public internet poses a severe security risk. It exposes the database to potential attackers who can exploit vulnerabilities or attempt unauthorized logins through this open port.

Danger Security
Firewall not used

Having unused firewalls can increase the risk of security breaches as they can be mistakenly assigned to running instances or left open, allowing unauthorized access to resources.

Warning Security

hooli-east-docs

Storage
Issue Level Category
Storage allows insecure access

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Warning Security
Storage logging disabled

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Warning Security
Storage deletion insecure

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Warning Security
Storage versioning disabled

Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements.

Warning Stability

hooli-east-logs

Storage
Issue Level Category
Storage allows insecure access

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Warning Security
Storage logging disabled

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Warning Security
Storage deletion insecure

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Warning Security

hooli-terraform

Storage
Issue Level Category
Storage allows insecure access

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Warning Security
Storage logging disabled

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Warning Security
Storage deletion insecure

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Warning Security
Storage versioning disabled

Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements.

Warning Stability

hooli-west-docs

Storage
Issue Level Category
Storage allows insecure access

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Warning Security
Storage logging disabled

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Warning Security
Storage deletion insecure

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Warning Security
Storage versioning disabled

Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements.

Warning Stability

hooli-west-logs

Storage
Issue Level Category
Storage allows insecure access

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Warning Security
Storage logging disabled

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Warning Security
Storage deletion insecure

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Warning Security
Storage versioning disabled

Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements.

Warning Stability

subnet-005b74680281b290c

Subnet us-west-2a
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

subnet-00654de6240e77c5d

Subnet us-west-2b
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

subnet-07379bee5d35011bd

Subnet us-west-2d
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

default

Firewall us-east-1
Issue Level Category
Default firewall used

Using default firewalls can leave your resources vulnerable to security breaches, as they are designed to allow traffic from any source.

Warning Security
Default firewall has rules

Having no rules in default firewalls is the safest option as it restricts all inbound and outbound traffic to your resources.

Warning Security
Firewall ports open

Allowing a firewall to have all ports open increases the attack surface and makes your resources more vulnerable to potential security breaches.

Warning Security
Firewall traffic unrestricted

Allowing unrestricted traffic within a firewall can create security vulnerabilities and should be avoided. Restricting traffic to only necessary ports and limiting access to trusted sources reduces the risk of unauthorized access and improves overall security.

Warning Security

subnet-013cf5230c5af5985

Subnet us-east-1a
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

subnet-019b1ff3603480ca7

Subnet us-east-1e
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

subnet-02ea5da7fe754a76a

Subnet us-east-1d
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

subnet-05690443d5dcdc403

Subnet us-east-1c
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

subnet-083ec4646db383daf

Subnet us-east-1b
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

subnet-05ca8c3d3433f01b9

Subnet us-east-1f
Issue Level Category
Subnet allows all egress traffic

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Warning Security
Subnet allows all ingress traffic

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Warning Security
Subnet logging disabled

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Warning Security

default

Firewall us-west-2
Issue Level Category
Default firewall used

Using default firewalls can leave your resources vulnerable to security breaches, as they are designed to allow traffic from any source.

Warning Security
Default firewall has rules

Having no rules in default firewalls is the safest option as it restricts all inbound and outbound traffic to your resources.

Warning Security
Firewall ports open

Allowing a firewall to have all ports open increases the attack surface and makes your resources more vulnerable to potential security breaches.

Warning Security
Firewall traffic unrestricted

Allowing unrestricted traffic within a firewall can create security vulnerabilities and should be avoided. Restricting traffic to only necessary ports and limiting access to trusted sources reduces the risk of unauthorized access and improves overall security.

Warning Security
© 2024 Metadash, Inc. • TermsPrivacy