Introduction

CloudSploit is an AWS compliance, security and configuration monitoring scanner which is the first of its kind. It is an open source project designed to detect security risks in AWS. The CloudSploit Scans is built on NodeJS script which works on two phases. Collection and Scanning. After a successful run, CloudSploit Scans will output the HIPAA compliance fails, security misconfigurations results as an easy to audit checklist.

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The three main things addressed via HIPAA law are: Portability, Medicaid Integrity Program/Fraud and Abuse, and Administrative Simplification. The HIPAA Privacy Rule protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral.

Installing the CloudSploit Scans

The CloudSploit Scans is nodeJS script which requires nodeJS installed in the system. If nodeJS is not installed on the system, follow the steps given here and which would require Linuxbrew which can be installed from here.

We would also need an IAM user with the SecurityAudit policy tied to it. If you don’t have an IAM user for this, Please create one following the steps below,

  1. Open the IAM Console.
  2. Find your user or role.
  3. Click the “Permissions” tab.
  4. Under “Managed Policy”, click “Attach policy”.
  5. In the filter box, enter “Security Audit”
  6. Select the “Security Audit” policy and save.

Once we have an IAM user account created and ready, We can install CloudSploit by cloning the script from the GIT repo.

git clone https://github.com/cloudsploit/scans.git
cd scans

After we have CloudSploit cloned into scans directory, we are ready to install it using the following command

npm install

The command extracts a set of ‘js’ files along with some directories containing the modules to run the tool.

Setting up CloudSploit

We have the contents of the CloudSploit in the directory. We have to setup AWS credentials in the Cloudsploit. We will need the  AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN to be set up appropriately.

Lets edit the ‘index.js’ file and add the AWS credentials. AWS credentials can be used fed into the CloudSploit by 3 options. We will use the direct method which is option 1 and we will comment the rest of the options inside the ‘index.js’

After modifying and saving the ‘index.js’ file, we are ready to run the CloudSploit Scans.

Running CloudSploit Scans

Now, We will run CloudSploit with the IAM user which we created with the SecurityAudit policy. This is pretty much a straightforward tool which does an overall compliance scan.

CloudSploit Scans runs a series of steps and produces a report with the details about the account. Cloudsploit can be configured to include custom modules in its scans by updating the ‘exports.js’ file in the ‘scans’ directory.

CloudSploit Scans supports scanning an account based on certain compliance policies such as HIPAA. HIPAA stands for Health Information Portability and Accountability act, This is an Act that was created to provide protection for personal health information (PHI).

node index.js --compliance=hipaa

The CloudSploit runs a set of scans checking the HIPAA compliance in the AWS and produces the results.  Personal Health Information if exposed publicly is punishable by law due to the HIPAA. Every service that used the PHI has to go through HIPAA standards.

CloudSploit Scans also allows writing own custom plugins to perform a particular type of scan. You can create custom plugin following the steps listed here.

Conclusion

CloudSploit is a vulnerability scanner for AWS which is built on NodeJS which can be extended to perform various checks using custom plugins. It only requires an IAM user account with ‘ReadOnly’ – SecurityAudit Policy attached to it, to scan the system and produce a report of vulnerabilities. It can be very useful in performing Security Audits.

Thank you for reading! – Setu Parimi, Steve George & Indranil Roy

Sign up for the blog directly here.

Check out our professional services here.

Feedback is welcome! For professional services, fan mail, hate mail, or whatever else, contact [email protected]


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: