{"id":93,"date":"2011-08-24T18:39:00","date_gmt":"2011-08-24T14:39:00","guid":{"rendered":"http:\/\/yohoho.msp360.com\/?p=93"},"modified":"2021-01-27T15:24:43","modified_gmt":"2021-01-27T11:24:43","slug":"explorer-security-assessment","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/explorer-security-assessment\/","title":{"rendered":"Security Assessment in MSP360 Explorer for Amazon S3"},"content":{"rendered":"<p>Just a few days ago Amazon S3 team sent an email to many of their customers warning them about the bucket settings with the following subject: \"Important Security Notification regarding your Amazon S3 bucket settings.\" The email was sent to the users with the buckets configured in such as way that allows changing bucket contents by anonymous users causing potential data loss.<!--more--><\/p>\n<p>This email stirred up a number of discussions <a href=\"https:\/\/forums.aws.amazon.com\/thread.jspa?threadID=74701&amp;tstart=0\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">such as this one on the Amazon S3 forum<\/a> and a number of requests for a simple tool to validate the bucket settings and a quick fix.\u00a0 We have decided to add a simple Security Assessment report to MSP360 Explorer for Amazon S3 that will validate the bucket settings, find the buckets configured for anonymous access and offer a quick way to fix it (or in other words disable anonymous access).<\/p>\n<ol>\n<li>To run the report, click <b>Security Assessment<\/b> in the product menu and then <strong>Run Now<\/strong>:<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"image001\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2011\/08\/image001_thumbB1.png\" alt=\"Security Assessment-1\" width=\"186\" height=\"61\" border=\"0\" \/><br \/>\nor select an item in the context menu:<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"image003\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2011\/08\/image003_thumbB3.png\" alt=\"Security Assessment-2\" width=\"265\" height=\"139\" border=\"0\" \/><\/li>\n<li>The new tab will open and start analyzing the buckets. Once it is done,\u00a0you will get a window with a <b>summary report<\/b> like the one below:<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"image005\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2011\/08\/image005_thumbB3.png\" alt=\"Security Assessment-3\" width=\"411\" height=\"252\" border=\"0\" \/><\/li>\n<li>The buckets with public read access will show up with the exclamation mark icon. Now you can right-click the problematic bucket and click <b>Fix<\/b> to remove anonymous access:<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"image007\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2011\/08\/image007_thumbB1.png\" alt=\"Bucket Anonymous Access Issue Fix-1\" width=\"543\" height=\"415\" border=\"0\" \/><br \/>\nYou can also fix the permissions for all buckets at once using the <strong>Fix All<\/strong> toolbar button:<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"image009\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2011\/08\/image009_thumbB2.png\" alt=\"Bucket Anonymous Access Issue Fix-2\" width=\"214\" height=\"117\" border=\"0\" \/><\/li>\n<\/ol>\n<p>We hope you like the new feature and keep using <a href=\"https:\/\/www.msp360.com\/explorer\/amazon-s3.aspx\">MSP360 S3 Explorer<\/a> for other S3 and CloudFront related tasks on the Windows platform.<\/p>\n<blockquote><p>Note: this post applies to MSP360 Explorer 2.9.2 and later.<\/p><\/blockquote>\n<p>As always we would be happy to hear your feedback and you are welcome to post a comment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just a few days ago Amazon S3 team sent an email to many of their customers warning them about the bucket settings with the following subject: &#8220;Important Security Notification regarding your Amazon S3 bucket settings.&#8221; The email was sent to the users with the buckets configured in such as way that allows changing bucket contents [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[877,898,882],"tags":[],"class_list":["post-93","post","type-post","status-publish","format-standard","hentry","category-blog-articles","category-msp360-explorer","category-msp360-news"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/93","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=93"}],"version-history":[{"count":0,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/93\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=93"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=93"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}