Ensure that versioning is enabled for all S3 buckets
Risk Level: Low
Description
This plugin identifies the S3 buckets where the bucket versioning is disabled. SentinelOne CNS recommends ensuring versioning is enabled for S3 buckets. By maintaining versions, you can easily retrieve lost data in the event of a compromise and avoid a cumbersome backup restoration process or object overwriting.
About the Service
Amazon S3: Amazon Simple Storage Service, popularly known as Amazon S3, is a storage space available on the cloud. Using Amazon S3, you can store and retrieve any amount of data. The S3 versioning process maintains versions of an S3 bucket whenever any action is carried out. Please note that the previous versions are not deleted and the extra data stored will incur charges. You can read more about it here.
Impact
Not enabling, S3 versioning is opening doors to a new type of attack. By identifying that versioning is disabled for your bucket, attackers can not only steal the data but also hold it for ransom.
Steps to Reproduce
Using AWS Console-
- Log In to your AWS Console.
- Open the S3 Management Console. You can use this link (https://console.aws.amazon.com/s3) to navigate directly if already logged in.
- Select the S3 bucket you wish to investigate and click on the Properties tab from the top navigation bar.
- Move to the Bucket Versioning section in the Properties Tab and examine whether it is enabled or disabled for the bucket. If it is disabled, you might not be able to retrieve data in the event of data loss.
- Repeat steps 3 to 4 for all the S3 buckets you want to investigate.
Steps for Remediation
Follow the steps to enable bucket versioning-
- Log In to your AWS Console.
- Open the S3 Management Console. You can use this link (https://console.aws.amazon.com/s3) to navigate directly if already logged in.
- Select the S3 bucket you wish to investigate and click on the Properties tab from the top navigation bar.
- Move to the Bucket Versioning section in the Properties Tab and select the Edit option below.
- In the edit option, select the Enable option and click on Save Changes to enable bucket versioning for the specific S3 bucket. Also, enable Multi-factor authentication to add an extra layer of security.
- Repeat steps 3 to 5 for all the vulnerable S3 buckets.