Harden Deep Security
Deep Security as a Service and the Deep Security AMI from AWS Marketplace AMIs all run on Amazon Linux. The Deep Security team has hardened those products based on the Center for Internet Security (CIS) standard for Amazon Linux.
Hardening involves making changes to secure the system and make it less vulnerable to attack. For Deep Security, the changes included updating the web installer so that it terminates after the Deep Security Manager is online, removing unnecessary software, and configuring system settings to use the principal of least privilege, wherever it is applicable.
Deep Security AMI from AWS Marketplace is also protected by a Deep Security Agent installed on the same host as the Deep Security Manager. The Agent has a default " Deep Security Manager" policy applied to it, which provides basic intrusion prevention rules and firewall rules that filter traffic to the Manager.
There are several measures you can take to increase the security of your Deep Security deployment.
- Protect Deep Security Manager with an agent
- Bind Deep Security Agent to a specific manager
- Replace the Deep Security Manager SSL certificate
- Encrypt communication between Deep Security Manager and the database
- Change the Deep Security Manager database password
- Enable Content Security Policy and HTTP Public Key Pinning
- Enforce user password rules