Network misconfigurations

ELB Allows HTTP connections

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

An ELB listener is configured to use HTTP connections between the clients and the load balancer. HTTP connections aren’t encrypted and are thus susceptible to eavesdropping and interception.

  • Recommended Mitigation

    Remove any HTTP listeners attached to your load balancers. Instead, use HTTPS listeners for secure, encrypted communication between the load balancer and its clients.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.