Another phase in the auditing process is the Network auditing which comprises of VPC network auditing in a cloud based environment. The auditor have to ensure that
a. correct VPC is being used by the instances in the organization.
b. Proper Access control lists are in place.
Access control list is an important factor here. In any organization, the administrator should configure the network such that it follows a 'Least privilege principle'. i.e., by default the network should deny any connections; and for those to be allowed, administrator needs to explicitly configure the same. This protects the network from any external attacks.
The below screen-cast covers the whole VPC auditing process.
Comentarios