Issues
Report
Metadash Issue Report
January 18, 2025
Grade
C
Connections
- Hooli (AWS 9782)
Statistics
- 12% Danger87% Warning
- 85% Security14% Stability
AWS IAM
Issue | Level | Category |
---|---|---|
Excessive max password age
Having a max password age set to too long of a period increases the risk of compromised credentials. Shorter expiration periods are essential for regular password updates, reducing the window of opportunity for attackers to exploit compromised credentials. |
Warning | Security |
Password minimum length too short
Longer and more complex passwords are essential for robust security, and a short minimum length makes it easier for malicious actors to compromise user accounts through brute-force or other password attacks. |
Warning | Security |
Password expiration disabled
Disabling password expiration poses a security risk as it allows user credentials to remain unchanged indefinitely. This increases the likelihood of compromised accounts going undetected, potentially leading to unauthorized access and security breaches. |
Warning | Security |
Password reuse allowed
Password reuse should be avoided as it increases the vulnerability of accounts |
Warning | Security |
subnet-0dae79e86a6ad01b1
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
elb-1
Issue | Level | Category |
---|---|---|
Load balancer allows insecure access
Allowing a load balancer to use HTTP can expose your application to security risks, as HTTP traffic is not encrypted and can be intercepted and manipulated by attackers. |
Danger | Security |
Load balancer logging disabled
Enabling access logging for load balancers allows you to monitor and analyze traffic to your application, and can help troubleshoot issues with your application's performance. Additionally, access logs can provide valuable insights for security auditing and compliance purposes. |
Warning | Security |
sg_3
Issue | Level | Category |
---|---|---|
Firewall PostgreSQL port public
Having the PostgreSQL database's 5432 port open to the public internet poses a severe security risk. It exposes the database to potential attackers who can exploit vulnerabilities or attempt unauthorized logins through this open port. |
Danger | Security |
Firewall not used
Having unused firewalls can increase the risk of security breaches as they can be mistakenly assigned to running instances or left open, allowing unauthorized access to resources. |
Warning | Security |
hooli-west-db-main
Issue | Level | Category |
---|---|---|
Database backups disabled
Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss. |
Danger | Stability |
Database publicly accessible
Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information. |
Danger | Security |
Database not redundant
Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones. |
Warning | Stability |
Database storage unencrypted
Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements. |
Warning | Security |
hooli-west-db-warehouse
Issue | Level | Category |
---|---|---|
Database backups disabled
Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss. |
Danger | Stability |
Database publicly accessible
Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information. |
Danger | Security |
Database upgrade disabled
Enabling auto minor version upgrade on databases can help ensure that your database is always running on the latest version, with important security patches and bug fixes applied automatically. This can improve the overall security and performance of your database and reduce the risk of potential vulnerabilities or downtime. |
Warning | Security |
Database not redundant
Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones. |
Warning | Stability |
Database storage unencrypted
Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements. |
Warning | Security |
hooli-east-db-warehouse
Issue | Level | Category |
---|---|---|
Database publicly accessible
Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information. |
Danger | Security |
Database backups disabled
Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss. |
Danger | Stability |
Database not redundant
Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones. |
Warning | Stability |
Database storage unencrypted
Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements. |
Warning | Security |
Database upgrade disabled
Enabling auto minor version upgrade on databases can help ensure that your database is always running on the latest version, with important security patches and bug fixes applied automatically. This can improve the overall security and performance of your database and reduce the risk of potential vulnerabilities or downtime. |
Warning | Security |
sg_3
Issue | Level | Category |
---|---|---|
Firewall PostgreSQL port public
Having the PostgreSQL database's 5432 port open to the public internet poses a severe security risk. It exposes the database to potential attackers who can exploit vulnerabilities or attempt unauthorized logins through this open port. |
Danger | Security |
Firewall not used
Having unused firewalls can increase the risk of security breaches as they can be mistakenly assigned to running instances or left open, allowing unauthorized access to resources. |
Warning | Security |
hooli-east-db-main
Issue | Level | Category |
---|---|---|
Database publicly accessible
Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information. |
Danger | Security |
Database backups disabled
Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss. |
Danger | Stability |
Database not redundant
Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones. |
Warning | Stability |
Database storage unencrypted
Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements. |
Warning | Security |
hooli-east-docs
Issue | Level | Category |
---|---|---|
Storage allows insecure access
Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data. |
Warning | Security |
Storage logging disabled
Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability. |
Warning | Security |
Storage deletion insecure
Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss. |
Warning | Security |
Storage versioning disabled
Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements. |
Warning | Stability |
hooli-east-logs
Issue | Level | Category |
---|---|---|
Storage allows insecure access
Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data. |
Warning | Security |
Storage logging disabled
Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability. |
Warning | Security |
Storage deletion insecure
Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss. |
Warning | Security |
hooli-terraform
Issue | Level | Category |
---|---|---|
Storage allows insecure access
Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data. |
Warning | Security |
Storage logging disabled
Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability. |
Warning | Security |
Storage deletion insecure
Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss. |
Warning | Security |
Storage versioning disabled
Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements. |
Warning | Stability |
hooli-west-docs
Issue | Level | Category |
---|---|---|
Storage allows insecure access
Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data. |
Warning | Security |
Storage logging disabled
Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability. |
Warning | Security |
Storage deletion insecure
Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss. |
Warning | Security |
Storage versioning disabled
Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements. |
Warning | Stability |
hooli-west-logs
Issue | Level | Category |
---|---|---|
Storage allows insecure access
Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data. |
Warning | Security |
Storage logging disabled
Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability. |
Warning | Security |
Storage deletion insecure
Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss. |
Warning | Security |
Storage versioning disabled
Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements. |
Warning | Stability |
subnet-005b74680281b290c
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
subnet-00654de6240e77c5d
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
subnet-07379bee5d35011bd
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
default
Issue | Level | Category |
---|---|---|
Default firewall used
Using default firewalls can leave your resources vulnerable to security breaches, as they are designed to allow traffic from any source. |
Warning | Security |
Default firewall has rules
Having no rules in default firewalls is the safest option as it restricts all inbound and outbound traffic to your resources. |
Warning | Security |
Firewall ports open
Allowing a firewall to have all ports open increases the attack surface and makes your resources more vulnerable to potential security breaches. |
Warning | Security |
Firewall traffic unrestricted
Allowing unrestricted traffic within a firewall can create security vulnerabilities and should be avoided. Restricting traffic to only necessary ports and limiting access to trusted sources reduces the risk of unauthorized access and improves overall security. |
Warning | Security |
subnet-013cf5230c5af5985
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
subnet-019b1ff3603480ca7
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
subnet-02ea5da7fe754a76a
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
subnet-05690443d5dcdc403
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
subnet-083ec4646db383daf
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
subnet-05ca8c3d3433f01b9
Issue | Level | Category |
---|---|---|
Subnet allows all egress traffic
Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network. |
Warning | Security |
Subnet allows all ingress traffic
Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network. |
Warning | Security |
Subnet logging disabled
Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet. |
Warning | Security |
default
Issue | Level | Category |
---|---|---|
Default firewall used
Using default firewalls can leave your resources vulnerable to security breaches, as they are designed to allow traffic from any source. |
Warning | Security |
Default firewall has rules
Having no rules in default firewalls is the safest option as it restricts all inbound and outbound traffic to your resources. |
Warning | Security |
Firewall ports open
Allowing a firewall to have all ports open increases the attack surface and makes your resources more vulnerable to potential security breaches. |
Warning | Security |
Firewall traffic unrestricted
Allowing unrestricted traffic within a firewall can create security vulnerabilities and should be avoided. Restricting traffic to only necessary ports and limiting access to trusted sources reduces the risk of unauthorized access and improves overall security. |
Warning | Security |