Protecting Data in Transit to Amazon RDS

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

If you're connecting to Amazon RDS from Amazon EC2 instances in the same region, you can rely on the security of the AWS network, but if you're connecting from the Internet, you might want to use SSL/TLS for additional protection.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

SSL/TLS provides peer authentication via server X.509 certificates, data integrity authentication, and data encryption for the client-server connection. SSL/TLS is currently supported for connections to Amazon RDS MySQL and Microsoft SQL instances. Amazon RDS for Oracle Native Network Encryption encrypts the data as it moves into and out of the database.

See Also

https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION, PHYSICAL AND ENVIRONMENTAL PROTECTION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-6, 800-53|AC-11, 800-53|AC-18, 800-53|AU-13, 800-53|IA-3, 800-53|IA-7, 800-53|PE-19, 800-53|SA-8, 800-53|SC-7, 800-53|SC-8, 800-53|SC-9, 800-53|SC-13, 800-53|SC-16, 800-53|SC-23, 800-53|SC-28, 800-53|SI-7, 800-53|SI-8

Plugin: amazon_aws

Control ID: 038af49795c5a3cdaa6ce856e53c36269a9e19a4baefd37323e461c4bfa2ea12