• Like
  • Save
Securing Web Applications in the AWS Cloud
Upcoming SlideShare
Loading in...5
×
 

Securing Web Applications in the AWS Cloud

on

  • 437 views

Alert Logic demos Web Security Manager for Amazon Web Services

Alert Logic demos Web Security Manager for Amazon Web Services

Statistics

Views

Total Views
437
Views on SlideShare
437
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Securing Web Applications in the AWS Cloud Securing Web Applications in the AWS Cloud Presentation Transcript

    • Alert Logic Web Security Manager for AWS December 3, 2013 Jon Vaught Sales Engineer Diane Garey Product Marketing
    • Today’s Agenda • Web Security Manager for AWS Architecture – What you need to run Web Security Manager • Getting Started – Quick Tour • Next Steps – Trial – Q&A Page 2
    • Alert Logic Web Security Manager WAF Introduction Active Protection for Web Applications, Management Included Positive & Negative Security Active protection using signatures and leading learning engine Key Compliance Coverage Supports PCI 6.6 and OWASP Top 10 risks Management Included 24x7 management by experienced security analysts AWS Auto Scaling Protection scales dynamically with your web apps Security Where You Need It Works wherever you have your datacenter Page 3
    • Web Security Manager Architecture 4
    • Web Security Manager AWS System Overview Deployment for Auto Scaling and High Availability in AWS VPC Amazon VPC Internet Gateway Availability Zone 1 Availability Zone 2 Elastic Load Balancer Web Server Web Server Page 5
    • Web Security Manager AWS System Overview Deployment for Auto Scaling and High Availability in AWS VPC Amazon Overview • 1 Master AS group with 1 master at all times • 1 Worker AS group with 2-n workers at all times VPC Internet Gateway S3 Availability Zone 1 Availability Zone 2 Public Subnet Public Subnet NAT Instance NAT Instance ELB Master Master Subnet WSM Master ELB Master • External interface for WSM Master • Management and monitoring (https and ssh) WSM Worker S3 Bucket • Persists configuration data NAT Instances • Required for S3 access from private subnets Elastic Load Balancer Worker Subnet ELB Worker • SSL Termination • Load balances web traffic to worker AS group Worker Subnet WSM Worker WSM Master • Acts as management node for configuration • Queues and transports logs, stats from workers EBS Log Volume • Persists Deny Log and Stats data for master • Attached at instance start up Elastic Load Balancer Internal Elastic Load Balancer EBS Log Volume Web Server Web Server Page 6 WSM Worker • Retrieves configuration on instance launch • Protects web traffic in front of internal ELB • Transports logs, stats to master queue
    • Website Traffic Data Flow Amazon VPC Internet Gateway Client Availability Zone 1 S3 Availability Zone 2 Public Subnet Public Subnet NAT Instance NAT Instance ELB Master Master Subnet WSM Master ELB Worker Worker Subnet WSM Worker Worker Subnet Worker Subnet WSM Worker WSM Worker Internal ELB for your application EBS Log Volume Web Server Web Server Page 7 Website Traffic • Browser clients connect to worker ELB • Traffic is load balanced to Web Security Manager appliances • Web Security Manager appliances connect to backend ELB
    • Web Security Manager Performance Web Security Manager Master Instance Processing Capacity • The estimated processing capacity per Master instance is: – m1.medium: 10 workers, 250 Mbps (inbound + outbound) total across workers – m1.large: 25 workers, 1 Gbps (inbound + outbound) total across workers Worker Processing Capacity in Mbps • Worker instance processing capacity: – m1.small: 13 Mbps total (inbound + outbound) – c1.medium: 50 Mbps total (inbound + outbound) – c1.xlarge: 200 Mbps total (inbound + outbound) Page 8
    • Auto Scaling Parameters • The Cloud Formation template that creates the Web Security Manager stack allows for defining Auto Scaling Parameters. Setting Scale up CPU utilization threshold 80% Scale up when CPU is above threshold for more than 120 seconds Scale down CPU utilization threshold 50% Scale down when CPU is below threshold for more than • Default 600 seconds The difference in thresholds for scaling up and down is to mitigate the risk of removing capacity too quickly, or incorrectly reducing capacity. Page 9
    • Auto Scaling Web Security Manager at re:Invent 10
    • https://www.youtube.com/user/AmazonWebServices
    • Try Web Security Manager • Contact Alert Logic: – www.alertlogic.com – info@alertlogic.com • Installation steps: – – – – Set up an Alert Logic account Gather information from your web application stack Create internal ELB for backend web servers Run Cloud Formation template that creates the Web Security Manager stack – Move inbound traffic to Web Security Manager external ELB – Configure additional web sites (if required) Page 12
    • Thank You! Q&A jvaught@alertlogic.com dgarey@alertlogic.com
    • AWS Services Used to Deploy Web Security Manager • Amazon Machine Image (AMI) - An encrypted machine image stored in Amazon Elastic Block Store or Amazon Simple Storage Service. AMIs are like a template of a computer's root drive. They contain the operating system and can also include software and layers of your application, such as database servers, middleware, web servers, and so on. • Amazon Virtual Private Cloud (VPC) - A web service that enables you to create a virtual network for your AWS resources. • Auto Scaling - A web service designed to launch or terminate instances automatically based on user-defined policies, schedules, and health checks. • Auto Scaling group - A representation of multiple Amazon Elastic Compute Cloud instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management. • Availability Zone (AZ) - A distinct location within a region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region. • AWS CloudFormation - A service for writing or changing templates that create and delete related AWS resources together as a unit. • Elastic Load Balancing - Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances. Customers can enable Elastic Load Balancing within a single Availability Zone or across multiple zones for even more consistent application performance. Elastic Load Balancing can also be used in an Amazon Virtual Private Cloud (“VPC”) to distribute traffic between application tiers. 14