AWS LAB

Find vulnerabilities on EC2 instance using Amazon Inspector

Lab Details

  1. This lab walks you through the steps to launch the EC2 instance and configure an Inspector with an Assessment target and template.
  2. You will practice using Amazon Inspector target as EC2 Instance having AWS Agent installed. Once the Assessment target and template are created, you will run the template to find the vulnerabilities on the configured instance. 
  3. Duration: 45 minutes
  4. AWS Region: US East (N. Virginia) us-east-1

Introduction

What is Amazon Inspector

  • Amazon Inspector allows us to find vulnerabilities on configured EC2 instances.
  • There are 2 types of assessment runs are performed, Network assessment and Host assessment
  • Network assessment has Network Reachability package rule while Host assessment has three types of package rule i.e. Common vulnerabilities and exposures, Center for Internet Security (CIS) Benchmarks, Security best practices for Amazon Inspector.
  • There are mainly three types of Severity levels for rules in Amazon Inspector i.e. High, Medium, and Low.
  • Informational severity of findings is just best practices recommended by Amazon Inspector. 

Architecture Diagram

Task Details

  1. Launching Lab Environment
  2. Launching an EC2 Instance
  3. SSH into EC2 Instance
  4. Install an AWS Agent
  5. Create an assessment target
  6. Create an assessment template
  7. Run the assessment template
  8. Download the assessment run report
  9. Validation of the Lab

Lab Steps

Task 1: Launching Lab Environment

  1. Launch the lab environment by clicking on . Please wait until the lab environment is provisioned. It will take less than 2 minutes to provision the lab environment.
  2. Once the Lab is started, you will be provided with IAM user namePasswordAccessKey and Secret Access Key.
  3. Click on the , AWS Management Console will open in a new tab.
  4. In the AWS sign in page, the Account ID will be present by default.
    • Leave the Account ID as default. Do not remove or change the Account ID otherwise you cannot proceed with the lab.
  5. Copy and paste the IAM user name and Password into AWS Console. Click on Sign in to log into the AWS Console.?

Note : If you face any issues, please go through FAQs and Troubleshooting for Labs.

Task 2 : Launching an EC2 Instance

  1. Make sure you are in US East (N. Virginia) us-east-1 Region. 
  2. Navigate to EC2 by clicking on the  menu in the top, then click on  in the  section.
  3. Navigate to on the left panel and click on 
  4. Choose an Amazon Machine Image (AMI): Search for Amazon Linux 2 AMI in the search box and click on the select button.
  5. Choose an Instance Type: select  and then click on the 
  6. Configure Instance Details: No need to change anything in this step, click on 
  7. Add Storage: No need to change anything in this step, click on 
  8. Add Tags: Click on 
    • Key    : Name
    • Value    : Inspector-EC2
    • Click on 
  9. Configure Security Group:
    • Assign a security group: Create a new security group
    • Security group name: Inspector-SG
    • Description: Security group for Inspector EC2
    • To add All traffic,
      • Choose Type: SSH
      • Source: Custom (Allow specific IP address) or Anywhere (From ALL IP addresses accessible).
    • To add another rule, click on the  button.
      • Choose type: Custom TCP Rule
      • Port Range: 20
      • Source: Custom and 0.0.0.0/0
    • To add another rule, click on the  button.
      • Choose type: Custom TCP Rule
      • Port Range: 21
      • Source: Custom and 0.0.0.0/0
    • To add another rule, click on the  button.
      • Choose type: Custom TCP Rule
      • Port Range: 23
      • Source: Custom and 0.0.0.0/0
    • After that, click on 
  10. Review and Launch: Review all settings and click on .
  11. Key Pair : Create a new key pair, enter MyEC2Key, click on  , and store it on your local machine, Click on .
  12. Launch Status: Your instance is now launching, Click on the instance ID and wait for complete initialization of instance till status change to .
     
  13. Note down the sample IPv4 Public IP Address of the EC2 instance. A sample is shown in the screenshot below.

Task 3 : SSH into EC2 Instance

Task 4: Install an AWS Agent

  1. Switch to root user: sudo su
  2. Download the agent installation script by running one of the following commands:
  3. To install the agent, run the following command:
    • sudo bash install

Task 5: Create an assessment target

  1. Navigate to Inspector by clicking on the  menu in the top, then click on   in the  section.
  2. On the home page, click on the Get started button.
  3. Click on the Cancel button present on the right bottom corner, to see the options. Run weekly, Run once and Advanced setup is for quick setup. 
  4. On the Leftside bar, click on the Assessment targets.
  5. Click on the  button.
  6. Fill in the details, Name: Demo
  7. All instances: Select Include all EC2 instances in this AWS account and region.
  8. Install Agents: Selected by Default
  9. Click on the Save button, to create an Assessment Target.
  10. The assessment target is now created. 

Task 6: Create an assessment template

  1. On the Leftside bar, click on the Assessment templates.
  2. Click on the  button.
  3. Fill in the below details, as follows:
    • Name: Whiz
    • Target Name: Select Demo
    • Rules packages: Select all four rules, one-by-one
    • Duration: 1 Hour (Recommended)
    • Keep all other options as default.
    • Click on the Create button.
  4. Assessment template Whiz is now getting created.
  5. It’s created, in the next step. You will run the template to find the vulnerabilities on the created EC2 instance.

Task 7: Run the assessment template

  1. Select Assessment templates Whiz, and click on the Run button.
  2. The assessment run has started.
  3. To see the Assessment Run and its result, click on the Assessment runs present on the left sidebar.
  4. Click on the number of findings to know about the vulnerabilities found by Inspector on the EC2 instance.
  5. There are currently 5 findings.
  6. Click on the expand button for the first finding, to see the details.
  7. The description field has details about the finding, while the Recommendation field has the message to solve the issue and avoid this finding.

Task 8: Download the assessment run report

  1. Click on the Assessment runs, present on the left sidebar.
  2. Choose the Download report button. 
  3. After you click on the Download report option, you will be prompted with a screen to select the report type and format.
  4. Keep the option default, Report type as Findings report, and report format as PDF. Click on the Generate Report button.
  5. It would take a couple of seconds to generate the report.
  6. Once ready, it will open in the new tab of your browser.
  7. Note: Vulnerabilities of Informational severity will not be shown in the report. To see that regenerate the report with the Full report option.
  8. If there are more than 3 vulnerabilities found, it is recommended to generate the report the check the issue. 

Task 9: Validation of the lab

  1. Once the lab steps are completed, please click on the  button on the right-side panel.
  2. This will validate the resources in the AWS account and displays whether you have completed this lab successfully or not.
  3. Sample output : 

Completion and Conclusion

  1. You have successfully created and launched Amazon EC2 Instance.
  2. You have successfully created an Inspector assessment target and template.
  3. You have successfully found the vulnerabilities on the configured EC2 instance.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: