Security and hardening best practices for hosting Sitecore on AWS
AWS offers a broad selection of compliant services that meet various regulatory standards such as HIPAA, FedRAMP, FISMA, NIST SP 800-171 and PCI-DSS amongst others. We are seeing an increasing interest in Healthcare providers using Sitecore wanting to leverage the broad range of services available on AWS. Sitecore XP is a digital marketing platform of choice that empowers marketers with comprehensive digital marketing tools, a 360 degree view of the customer needs, and machine learning-generated insights. Consumers are increasingly selecting a hospital, researching healthcare professionals, or booking appointments using digital channels that are easily managed and supported by Sitecore XP.
However, a secure and compliant hosting service for Sitecore requires understanding best practices and secure engineering practices. In our earlier blog on hosting Sitecore on AWS we describe how to develop a Multi-AZ hosting enclave within a VPC. This post is about common security best practices to help secure the Sitecore XP platform. Hardening of your Sitecore architecture will vary on the server role and you should refer to the Hardening guide provided by Sitecore. However, here are some quick and easy tips to help you get started and reduce risk factors in Sitecore setup and configuration. In general, we want to do the following:
o Deny Script and Execute permissions
o Disable the Upload Watcher to allow files to be uploaded through a Sitecore client
o Restrict file types from being uploaded
o Remove the X-Aspnet-Version HTTP header
o Remove the X-Powered-By HTTP header
o Remove the X-AspNetMvc-Version HTTP header
There are a number of other security and operations best practices that are made easy on AWS. Implementing patching and vulnerability scanning using EC2 Systems Manager and AWS Inspector; and continuous threat monitoring and intelligence using Amazon GuardDuty.
stackArmor is a Sitecore certified provider and is staffed with experienced cloud solution architects that have many years of experience in cloud migration and operations, cybersecurity and devops solutions for security focused customers. We provide certified Sitecore developers and administrators to help meet your Sitecore WCMS needs. Our experts help protect you from the cyberthreat challenges through systems engineering best practices developed over decades while working with US Federal Agencies requiring compliance with NIST, HIPAA, FFIEC, FISMA, FedRAMP, DHS and DISA.