Redshift clusters should use a non-default port for communication

문서 > Datadog 보안 > OOTB Rules > Redshift clusters should use a non-default port for communication

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Confirm Redshift clusters are not using default port 5439 to protect against non-targeted attacks.

Rationale

Using a custom port can protect your publicly accessible AWS Redshift clusters against potential brute-force and dictionary attacks. Although setting a custom port can help fend off these attacks, it is also recommended to restrict public access, use SSL to encrypt client connections to database clusters, and control cluster access through security groups and Network Access Control Lists (NACLs) to add an additional layer of security for your account.

Remediation

From the console

Follow the [Getting information about cluster configuration][7] docs to access your cluster configuration information. If the cluster has a port 5439, it is the default port. Modify the port number in the console.

From the command line

Run describe-clusters with a cluster-identifier to retrieve cluster metadata.
describe-clusters.sh
```
    aws redshift describe-clusters
	    --cluster-identifier cluster-name
    
```

Run create-cluster-snapshot with create a snapshot of your database cluster.

create-cluster-snapshot.sh

    aws redshift create-cluster-snapshot
        --cluster-identifier cluster-name
        --snapshot-identifier snapshot-identifier
    

Run restore-from-cluster-snapshot to create a new cluster from the snapshot created above. Use the retrieved metadata in step one to configure a new port number.

restore-from-cluster-snapshot.sh

    aws redshift restore-from-cluster-snapshot
        ...
        --cluster-identifier cluster-name
        --snapshot-identifier snapshot-identifier
        --port 2000
     