Back to All Checks
Medium ELB Regional

Classic Load Balancer should be configured with defensive or strictest desync mitigation mode

NISTISO 27001HIPAA

Description

This check ensures that Classic Load Balancers with SSL/HTTPS listeners are configured with a security policy that includes defensive or strictest desync mitigation mode to protect against HTTP desync attacks.

Remediation

To configure a security policy with desync mitigation mode for Classic Load Balancers, follow these steps:

Steps

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  2. On the navigation pane, under LOAD BALANCING, choose Load Balancers.
  3. Select the Classic Load Balancer.
  4. Choose the Listeners tab.
  5. For the SSL or HTTPS listener, choose Change under the Cipher column.
  6. Select a security policy that includes defensive or strictest desync mitigation mode.

Compliance

NISTISO 27001HIPAA
Start Your Free Security Check