Monitor health-check endpoints for tampering and alert on abnormal status changes.
Networking / Loadbalancer / Controls / DEV
Secure Health-Check Telemetry
CCC.LB.CN06 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.LB.CP12 | Target Health Checks | Ability to continuously perform health checks on backend backend targets in form of checking the response to HTTP request, TCP connection or checking other application-specific parameter |
| CCC.LB.CP13 | Health Checks-based Target Removal | If the health check detects that a backend target is unhealthy the load balancer will remove that unhealthy target from its list of available backend instances. This ensures that traffic is no longer routed to the unhealthy target. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.LB.TH05 | Health Checks Are Exploited to Take Services Offline | Manipulating health-check endpoints or responses can cause healthy targets to be marked unavailable, leading to denial of service. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.LB.CN06.AR01 | When more than 10 percent of targets change from healthy to unhealthy within five minutes, an alert MUST be issued. | tlp-green, tlp-amber, tlp-red |