Gate 39 Media performs proactive monitoring of all its hosting solutions. This includes websites, web portals, applications, cloud services, data solutions, and managed services per agreement.
As part of the proactive monitoring, Gate 39 Media collects logs to investigate anomalies, attempts of cyberattacks, and incidents.
What is the Process in Case of an Incident?
Members of the IT Department will use investigative techniques including reviewing system logs, looking for gaps in logs, reviewing intrusion detection on firewall logs, and interviewing witnesses to determine how the incident was caused. Only authorized personnel should be performing interviews or examining IT systems. A chain of custody must be established and all potential evidence preserved and secured for turnover to proper authorities.
|
Policy |
Retention |
|---|---|
|
CloudWatch Logs |
3 months. |
|
AWS WAF Logs |
5 years. |
|
CloudFront Logs |
6 years. |
|
Backup |
6 years. |
|
|
What are CloudWatch Logs?
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources.
CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis. CloudWatch Logs enables you to see all of your logs, regardless of their source, as a single and consistent flow of events ordered by time, and you can query them and sort them based on other dimensions, group them by specific fields, create custom computations with a powerful query language, and visualize log data in dashboards.
Read More: What is Amazon CloudWatch Logs? - Amazon CloudWatch Logs
What are AWS WAF Logs?
You can enable logging to get detailed information about the traffic that is analyzed by your web ACL. Logged information includes the time that AWS WAF received a web request from your AWS resource, detailed information about the request, and details about the rules that the request matched. You can send your logs to an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
Read More: Logging web ACL traffic - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced
What are CloudFront Logs?
CloudFront standard logs provide detailed records about every request that’s made to a distribution. These logs are useful for many scenarios, including security and access audits.
Read More: CloudFront logging - Amazon CloudFront
What is the Backup Retention Process?
Each night during low traffic times, there is an encrypted, full backup of each site created on the server (possibly Plesk or Ubuntu).
For best security practice, backup files are then moved and stored "off-site":
-
Within 24 hours of completing the backup process, the backup files are transferred to Amazon S3 standard storage. Backups are sorted into their own directory to ensure a separation of data, and are retained here for 30 days.
-
After 30 days, these backup files are moved from AWS S3 to AWS Infrequent Access. After 60 days, they are moved to Amazon S3 Glacier storage for long-term storage.
Read More: What is the Gate39 Media web hosting backup policy?