AWS-ELBv2-ELBv2-NLB-Listener-Security

Severity : High

Description: This control ensures that ELBv2 NLB listeners are using encrypted protocols. The use of unencrypted protocols is not recommended. sing unencrypted protocols and no security policies for SSL negotiation configuration within Load Balancers will expose the connection between the client and the load balancer to various SSL/TLS vulnerabilities. Encrypted protocols paired with secure port and security policy will secure SSL negotiation configuration in order to follow security best practices and protect their front-end connections.

Remediation Steps:

Perform following to delete a listener from ELB :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to EC2 console.

3. In the navigation pane, choose Load Balancers.

4. Select the load balancer.

5. Got to Listeners tab, click Edit.

6. Select the Non TLS listener, click the Actions dropdown button from the panel top menu and select Edit.

7. Under Protocol and Port select TLS, under Default actions choose desired action and target.

8. Under Security Policy section select desired ELBSecurityPolicy policy

Important:

• Encrypted protocols such as TLS should be used as it helps in maintaining the confidentiality and integrity of the data.

Reference:

• Update a TLS listener for your Network Load Balancer - Elastic Load Balancing

• What is a Network Load Balancer? - Elastic Load Balancing