Lead Image Photo by qinghill on Unsplash

Lead Image Photo by qinghill on Unsplash

AWS security scans with Scout2

Dig Deep

Article from ADMIN 44/2018
Scout2 is an open source auditing tool that helps you keep your AWS environments secure.

Amazon Web Services (AWS) regularly releases brand new services promising an abundance of intriguing features to help make life easier when provisioning your Internet infrastructure. The sheer number of services visible within the AWS Console is simply staggering, which is why AWS is still the dominant cloud provider – admittedly with Google Cloud and Microsoft Azure hot on its heels.

In this article, I demonstrate a tool that is available from a highly respected security specialist, the NCC Group [1], that automatically and safely informs you of misconfigurations and gaping holes in your AWS security posture.

NCC's website describes their focus as "… a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape."

A Ballet of Swans

The long journey AWS has taken since around 2006 is of constant innovation. And to think, much of this innovation began with virtual machines (the Xen hypervisor) as their on-demand EC2 (Amazon Elastic Compute Cloud) service combined with their super-reliable S3 storage service (Amazon Simple Storage) to fulfill the meteoric growth of their online retail shop, Amazon.com. The whole being greater than its parts, the collective power of all these mature services makes AWS the cloud behemoth it is today.

As financial institutions, governments, and corporations all over the planet make significant leaps into the cloud infrastructure, AWS innovation continues at a rapid pace. Importantly, the unbridled rate of innovation in the platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) aspects of AWS provide a welcome level of maturity that some software-as-a-service (SaaS) provisioning lacks. When it comes to infrastructure, any changes – large or small – can mean instability, and therefore costly downtime, calling for significant testing.

From a United Kingdom perspective alone, 2017 was reportedly another boom year for cloud adoption. According to the Cloud Industry Forum [2]:


… the overall cloud adoption rate in the UK now stands at 88 per cent, with 67 per cent of users expecting to increase their adoption of cloud services over the coming year. However, while organisations are clearly taking a cloud-first approach, the industry body predicts that the vast majority of companies will be maintaining hybrid IT estates for some time to come.


With the incomparable adoption of the cloud infrastructure, integrating on-premises computer rooms or external data center infrastructure has not been easy for some organizations. Suspicion of sharing infrastructure with other organizations still prevails and, from a security perspective, raises concerns of new attack vectors that were previously less important, invisible, or not present at all.

Out of this uncertainty steps a sophisticated security auditing tool, the NCC Group's Scout2, which you might be pleasantly surprised to learn is open source and readily available on the NCC GitHub page [3].

A Cloud of Grasshoppers

I use Scout2 professionally and find that it executes and completes its scans fast and is highly informative and easy to set up. Although you will want to test Scout2 in an AWS sandbox first, over time and with some exposure, you might want to run it only on your preproduction or staging environments (e.g., before trusting it in your production environment).

Whether you prefer to set up NCC's sophisticated scanning tool to run automatically hourly or daily (or even more frequently) or to run it only periodically using a manual method, as in more traditional penetration testing (e.g., one-off audits), the rapid execution of Scout2 means that it adapts perfectly.

The act of inspecting the vast array of AWS configurations using Identity Access Management (IAM) Read/List rules is surprisingly speedy, and once it's completed, a useful HTML summary page points out where issues have been spotted.

A Wreck of Seabirds

Of course, you shouldn't take risks with your potentially complex AWS configuration, so getting the IAM rules correct is the key to getting Scout2 running correctly. You have been warned!

For the example in this article, I will trust (with good reason, I hope you'll agree when the evidence becomes clear) the default IAM policy [4] for Scout2 on the NCC GitHub page. A quick look reveals the number of IAM rules required by Scout2. However, before absolutely committing to using it, you should inspect the human-readable rules the policy creates, which you'll see shortly.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=