YES3 Scanner is an open-source software that scans and analyzes 10+ totally different configuration gadgets to your S3 buckets in AWS. This contains entry comparable to public entry through ACLs and bucket insurance policies – together with the complicated mixtures of account and bucket settings that may make a S3 bucket successfully public.
“We constructed this software after realizing potential customers wanted a greater technique to scan their S3 assets for entry and ransomware safety. We needed to have a software that not solely scans for entry points with S3, but in addition checks for added layers of safety together with serving to to stop in opposition to ransomware,” Jason Kao, Founding father of Fog Safety, instructed Assist Web Safety.
When evaluating the present panorama of each paid and free instruments for assessing S3 safety, Kao and his staff discovered important gaps. “We observed points with current instruments and even safety and compliance frameworks, together with false negatives, false positives, deceptive and incomplete outcomes,” he stated.
Compounding the problem, AWS has launched options like default encryption, Block Public Entry, and the flexibility to disable ACLs lately. Whereas these enhancements supply extra layers of safety, Kao famous they will additionally complicate efforts to know a corporation’s true knowledge safety posture in AWS.
That complexity is precisely what the YES3 Scanner goals to sort out. “The individuality of YES3 Scanner comes from our understanding of how the totally different S3 configuration gadgets work with one another,” Kao defined. He added that many instruments out there fall quick by providing solely a partial image. “Safety requires a complete and full understanding of all related configuration gadgets,” he stated. “That’s why we developed YES3.”
YES3 Scanner checks for the next S3 configuration gadgets:
- Bucket Entry Management Lists (ACLs)
- Bucket Coverage (Useful resource-Primarily based Coverage)
- Bucket Web site Settings
- Account Public Entry Block
- Bucket Public Entry Block
- Disabled ACLs (through Possession Controls)
- Bucket Encryption Settings
- Object Lock Configuration
- Bucket Versioning Settings
- Bucket Lifecycle Configuration
Future plans and obtain
“Our future plans are to incorporate extra evaluation on S3 and cloud configuration comparable to logging to assist present holistic safety in opposition to entry and ransomware within the cloud. We additionally plan to take heed to what customers request to see how we are able to improve the software for his or her use instances. Moreover, we plan on constructing extra detailed layers of safety – together with each on the multi-account (organizational) degree and on the object/knowledge degree in S3,” Kao defined.
YES3 Scanner is obtainable at no cost on GitHub. Extra data is on this weblog.
Should learn:
Subscribe to the Assist Web Safety ad-free month-to-month e-newsletter to remain knowledgeable on the important open-source cybersecurity instruments. Subscribe right here!
