About Deep Security hardening
The Deep Security AMI from AWS Marketplace AMIs run on Amazon Linux. The Deep Security team has hardened that product based on the Center for Internet Security (CIS) standard for Amazon Linux.
Hardening involves making changes to secure the system and make it less vulnerable to attack. For Deep Security, the changes included updating the web installer so that it terminates after the Deep Security Manager is online, removing unnecessary software, and configuring system settings to use the principal of least privilege, wherever it is applicable.
Deep Security AMI from AWS Marketplace is also protected by a Deep Security Agent installed on the same computer as the Deep Security Manager. The Agent has a default " Deep Security Manager" policy applied to it, which provides basic intrusion prevention rules and firewall rules that filter traffic to the manager.
There are several measures you can take to increase the security of your Deep Security deployment.
- Protect Deep Security Manager with an agent
- Protect Deep Security Agent
- Replace the Deep Security Manager TLS certificate
- Update the load balancer's certificate
- Encrypt communication between the Deep Security Manager and the database
- Change the Deep Security Manager database password
- Configure HTTP security headers
- Enforce user password rules
- Set up multi-factor authentication
- Manage trusted certificates
- SSL implementation and credential provisioning