AWS whitepapers documentation change
Summary
Removed entire content of the Recovery section including incident response procedures, NIST guidelines, backup verification steps, and password rotation recommendations.
Security assessment
This is a deletion of existing security documentation without adding new content. While the removed content was security-related, the change itself doesn't address a specific vulnerability or incident. No evidence exists that this deletion fixes a security issue.
Diff
diff --git a/whitepapers/latest/aws-security-incident-response-guide/recovery.md b/whitepapers/latest/aws-security-incident-response-guide/recovery.md index 8feff6ddf..8b1378917 100644 --- a//whitepapers/latest/aws-security-incident-response-guide/recovery.md +++ b//whitepapers/latest/aws-security-incident-response-guide/recovery.md @@ -1 +0,0 @@ -[View a markdown version of this page](recovery.md) @@ -3,73 +1,0 @@ -[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#recovery "Open PDF") - -[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html) - -# Recovery - -Recovery is the process of restoring systems to a known safe state, validating that backups are safe or unaffected by the incident prior to restoration, testing to verify that the systems are working properly post-restoration, and addressing vulnerabilities associated with the security event. - -The order of recovery depends on your organization’s requirements. As part of the process of recovery, you should perform a business impact analysis to determine, at minimum: - - * Business or dependency priorities - - * The restoration plan - - * Authentication and authorization - - - - -The NIST SP 800-61 Computer Security Incident Handling Guide provides several steps to recover systems, including: - - * Restoring systems from clean backups. - - * Verify that backups are evaluated before restoring to systems to make sure that the infection is not present and to prevent a resurgence of the security event. - -Backups should be evaluated on a regular basis as part of disaster recovery testing to verify that the backup mechanism is working properly and the data integrity meets recovery point objectives. - - * If possible, use backups from before the first event timestamp identified as part of root cause analysis. - - * Rebuilding systems from scratch, including redeploying from trusted source using automation, sometime in a new AWS account. - - * Replacing compromised files with clean versions. - -You should exercise great caution when doing this. You must be absolutely certain the file you are recovering is known safe and unaffected by the incident - - * Installing patches. - - * Changing passwords. - - * This includes passwords for IAM principals that might have been abused. - - * If possible, we recommend using roles for IAM principals and federation as part of a least privilege strategy. - - * Tightening network perimeter security (firewall rulesets, boundary router access control lists). - - - - -Once the resources have been recovered, it is important to capture lessons learned to update incident response policies, procedures, and guides. - -In summary, it is imperative to implement a recovery process that facilitates a return to known safe operations. Recovery can take a long time and requires a close linkage with containment strategies to balance business impact against risk of reinfection. Recovery procedures should include steps for restoring resources and services, IAM principals, and performing a security review of the account to assess residual risk. - - **Javascript is disabled or is unavailable in your browser.** - -To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. - -[Document Conventions](/general/latest/gr/docconventions.html) - -Eradication - -Conclusion - -Did this page help you? - Yes - -Thanks for letting us know we're doing a good job! - -If you've got a moment, please tell us what we did right so we can do more of it. - -Did this page help you? - No - -Thanks for letting us know this page needs work. We're sorry we let you down. - -If you've got a moment, please tell us how we can make the documentation better.