SlideShare a Scribd company logo

Best Practices to Mitigate from the Emerging Vectors of Network Attack

Amazon Web Services
Amazon Web Services
1 of 40
Download to read offline
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Cybil Chiu Business Development Manager Best Practices to Mitigate from the Emerging Vectors of Network Attack Kwunhok Chan Solutions Architect
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Webinar Series https://aws.amazon.com/webinars/hk-webinar-series/
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Attack Threats and Trends
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Availability An attack that brings down your server will end up as Lost Revenue. You could massively scale but that just translates to Increased Infrastructure Expense Even without an actual attack DDoS threats are being use for Extortion Any combination of these results in a hit to your brand reputation Financial Impact Security Why does it matter? Attacks can last for hours and even days Some attacks are more just concerned with stealing or infecting data
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Why are you attacked? This message is only for your company. Send this information to your boss. We have completed network reconnaissance of your infrastructure. We studied the algorithms of your protection against DDoS. We are ready to crash your servers and disturb normal work of your trading platform. This is a small part of our power: L7; Botnet #1 - https://prnt.sc/kuyt6x - 3 500 000 requests per second. Botnet #2 - https://prnt.sc/kuyu60 - 450 000 requests per second. Botnet #3 - https://prnt.sc/kuywzf - 2 000 000 requests per second. L4; #1 - https://prnt.sc/kuyxjj #2 - https://prnt.sc/kuyxx8 #3 - https://prnt.sc/kuyy3r #4 - https://prnt.sc/kuyyah Total L4 power now - more than 1.3 TB/S UDP and 240 000 000 packets per second TCP. We know that you will be able to reflect the attack, but it will take at least 12-24 hours. Undoubtedly you will incur monetary losses. What we want? 5 BTC (it's just dust for you) to 1Kd4f6NCuk5tBdvcj5und8xxBoSZnxaPsM Your losses from the attack can be much greater. We are waiting until October 2. If you do what we want - we will help you fix some network bugs. If no - we will be forced to act. We do not say goodbye. TGF6YXJ1cyBIYWNrZXJzISBOb3J0aCBLb3JlYSBQb3dlciE=
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Attack Landscape
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Growth of Volumetric Attacks 0 200 400 600 800 1000 1200 1400 1600 1800 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Largest DDoS Attacks (Gbps) Memcached Attacks Mirai Attacks
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Recent Trends 310,954 Attacks observed in Q1 2020, a 23% increase from Q1 2019 2.3 Tbps Largest attack observed (bits) in Q1 2020, a 188% increase from Q1 2019 293.1 Mpps Largest attack observed (packets) in Q1 2020, a 13% increase from Q1 2019 694,210 rps Largest attack observed (requests) in Q1 2020, a 31% decrease from Q1 2019
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Common External Threats SQL Injection Cross-site Scripting (XSS) OWASP Top 10 Common Vulnerabilities and Exposures (CVE) SYN Floods Reflection Attacks Web Request Floods Crawlers Content Scrapers Scanners & Probes Denial of Service App Vulnerabilities Bad Bots
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Common External Threats SQL Injection Cross-site Scripting (XSS) OWASP Top 10 Common Vulnerabilities and Exposures (CVE) SYN Floods Reflection Attacks Web Request Floods Crawlers Content Scrapers Scanners & Probes Denial of Service App Vulnerabilities Bad Bots
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. 1 • Complex to Set up • Need to Provision Bandwidth Capacity • Re-architect applications Difficult to Enable 2 • Manual Intervention required • Re-routing traffic to scrubbing locations Sub-Optimal Incident Response 3 Scrubbing centers may be far from your servers leading to added latency Degrade performance 4 Manual intervention and re-routing takes away precious moments from incident response Increased Time to Mitigate 5 Due to the size, duration and complex nature of mitigation systems it becomes prohibitively expensive in some cases Expensive to Use Traditional Challenges of DDoS Mitigation
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Approach to DDoS Protection
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Protecting the Application Perimeter AWS Shield Standard Protects AWS services against common DDoS attacks AWS WAF Protects web applications by allowing you to write custom rules or choose managed rules from AWS or the AWS Marketplace. AWS Shield Advanced Managed threat protection that blocks DDoS attacks, vulnerability exploitation, and bad bots AWS Firewall Manager Centrally configure and manage security rules across accounts and applications AWS Shield Advanced includes WAF & FMS at no additional cost
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Shield Advanced: Managed Threat Protection Easy to configure without changing your application architecture Comprehensive protection against DDoS attack vectors Near-real time event visibility Protection from economic attack vectors AWS Shield Advanced
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Benefits of AWS Shield Standard and Shield Advanced Pre-Configured Protection Point and Protect Wizard Comprehensive protection against DDoS attack vectors Near-real time event visibility Protection from economic attack vectors AWS Shield
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Benefits of AWS Shield Standard and Shield Advanced Detection and Mitigation Faster Mitigation, Customized to Your Application 24x7 Access to DDoS Response Team (DRT) Pre-Configured Protection Point and Protect Wizard Near-real time event visibility Protection from economic attack vectors AWS Shield
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Benefits of AWS Shield Standard and Shield Advanced Detection and Mitigation Faster Mitigation, Customized to Your Application 24x7 Access to DDoS Response Team (DRT) Pre-Configured Protection Point and Protect Wizard Protection from economic attack vectors AWS Shield Attack Diagnostics Global Threat Environment Dashboard Quarterly Security Report CloudWatch Metrics
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Benefits of AWS Shield Standard and Shield Advanced Detection and Mitigation Faster Mitigation, Customized to Your Application 24x7 Access to DDoS Response Team (DRT) Pre-Configured Protection Point and Protect Wizard CloudWatch Metrics Attack Diagnostics Global Threat Environment Dashboard Quarterly Security Report AWS WAF at No Additional Cost For protected resources AWS Firewall Manager at No Additional Cost Cost Protection for Scaling AWS Shield
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Let’s see Shield Advanced in action
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Use Case: Pokemon GO Massive increase in user & traffic DDoS attack / Bot / Scanner Quick Deployment Low Latency Superior analytics logging Challenges :
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Common External Threats SQL Injection Cross-site Scripting (XSS) OWASP Top 10 Common Vulnerabilities and Exposures (CVE) SYN Floods Reflection Attacks Web Request Floods Crawlers Content Scrapers Scanners & Probes Denial of Service App Vulnerabilities Bad Bots
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Application threats and Bad bots Good users and bots Bad guys Web server Database SQL injection Application exploits Bad bo Content scrapers Scanners & probes Crawlers
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS WAF Fast Incident Response Managed Rulesets APIs for Automation Flexible Rule Language “A web application firewall designed to help you defend against common web application exploits.”
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Step 2 Amazon CloudFront checks if request requires WAF Step 1 HTTP/HTTPS Request made for content to Amazon CloudFront AWS WAF Request Process
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Step 3 WAF reviews request; instructs Amazon CloudFront to allow/deny Step 2 Amazon CloudFront checks if request requires WAF Step 1 HTTP/HTTPS Request made for content to Amazon CloudFront AWS WAF Request Process Error Page Delivered by Amazon CloudFront
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Step 3 WAF reviews request; instructs Amazon CloudFront to allow/deny Step 2 Amazon CloudFront checks if request requires WAF Step 1 HTTP/HTTPS Request made for content to Amazon CloudFront Content Delivered via Amazon CloudFront AWS WAF Request Process Error Page Delivered by Amazon CloudFront
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Step 4 WAF sends metric to Amazon CloudWatch. Rule can be updated via API Step 3 WAF reviews request; instructs Amazon CloudFront to allow/deny Step 2 Amazon CloudFront checks if request requires WAF Step 1 HTTP/HTTPS Request made for content to Amazon CloudFront Content Delivered via Amazon CloudFront AWS WAF Request Process Error Page Delivered by Amazon CloudFront
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS WAF – Security Automations 28 https://amzn.to/30VgbEe
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Marketplace rule groups • Pre-defined rules written by AWS Partners • Designed for different purposes, e.g. • Specific applications, such as WordPress • OWASP Top 10 vulnerabilities • Automatically updated as threats emerge • No long-term contracts
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS WAF Console Walkthrough
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Architecting for DDoS Resiliency
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. DDoS-resilient Architecture AWS Cloud VPC Public subnet Private subnet Auto Scaling group Web Application Security group Instances Load Balancer Security group Amazon CloudFront Amazon Route 53 Application Load Balancer AWS WAF Users DDoS Attack Globally distributed attack mitigation capability SYN proxy feature that verifies three-way handshake before passing to the application Slowloris mitigation that reaps long-lived collectionsMitigates complex attacks by allowing only the most reliable DNS queries Validates DNS Provides flexible rule language to block or rate-limit malicious requests
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. “Are you Well- Architected?” Werner Vogels
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Pillars of Well-Architected Framework Security Reliability Performance Efficiency Cost Optimization Operational Excellence
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Planning for DDoS response Shared responsibility • We’re in this together What can you do to be prepared? • Architect with security and availability in mind from the beginning Architect for scale • Use auto scaling resources to scale up instance sizes and scale out quantity • Automate to scale static resources • And document intervention plans Automate notification and response • Proactively collect full or sampled web logs • Pre-calculate profiles to compare against anomalies • Enable DRT access for assistance
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Resources AWS Shield https://aws.amazon.com/shield AWS WAF https://aws.amazon.com/waf AWS Shield Threat Landscape Report https://amzn.to/2C30brC AWS Security Workshop https://awssecworkshops.com/ AWS Best Practices for DDoS Resiliency https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Webinar Series https://aws.amazon.com/webinars/hk-webinar-series/ Register to the upcoming Webinars
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Remember to complete your evaluations!
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Q&A
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Thank you!

Recommended

Lambda Function Security
Lambda Function SecurityLambda Function Security
Lambda Function SecurityAmazon Web Services
 
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACModule 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACAmazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Transforming Enterprise IT - Virtual Transformation Day Feb 2019
Transforming Enterprise IT - Virtual Transformation Day Feb 2019Transforming Enterprise IT - Virtual Transformation Day Feb 2019
Transforming Enterprise IT - Virtual Transformation Day Feb 2019Amazon Web Services
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAmazon Web Services
 
Cloud ibrido nella PA
Cloud ibrido nella PACloud ibrido nella PA
Cloud ibrido nella PAAmazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 

Recommended

Lambda Function Security
Lambda Function SecurityLambda Function Security
Lambda Function SecurityAmazon Web Services
 
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACModule 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACAmazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Transforming Enterprise IT - Virtual Transformation Day Feb 2019
Transforming Enterprise IT - Virtual Transformation Day Feb 2019Transforming Enterprise IT - Virtual Transformation Day Feb 2019
Transforming Enterprise IT - Virtual Transformation Day Feb 2019Amazon Web Services
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAmazon Web Services
 
Cloud ibrido nella PA
Cloud ibrido nella PACloud ibrido nella PA
Cloud ibrido nella PAAmazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
re:Invent for Introverts 2021
re:Invent for Introverts 2021re:Invent for Introverts 2021
re:Invent for Introverts 2021AWS Chicago
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
State of the Union: Networking
State of the Union: NetworkingState of the Union: Networking
State of the Union: NetworkingAmazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?Amazon Web Services
 
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...Amazon Web Services
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionAmazon Web Services
 
AI & Deep Learning At Amazon
AI & Deep Learning At AmazonAI & Deep Learning At Amazon
AI & Deep Learning At AmazonAmazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarAmazon Web Services
 
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS Cloud
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS CloudAWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS Cloud
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS CloudAmazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightAmazon Web Services
 
AWSome Day Madrid - March 2018
AWSome Day Madrid - March 2018AWSome Day Madrid - March 2018
AWSome Day Madrid - March 2018Amazon Web Services
 
Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Amazon Web Services
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksAmazon Web Services
 

More Related Content

What's hot

re:Invent for Introverts 2021
re:Invent for Introverts 2021re:Invent for Introverts 2021
re:Invent for Introverts 2021AWS Chicago
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?Amazon Web Services
 
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...Amazon Web Services
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionAmazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarAmazon Web Services
 
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS Cloud
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS CloudAWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS Cloud
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS CloudAmazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightAmazon Web Services
 
Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Amazon Web Services
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 

What's hot (20)

AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
re:Invent for Introverts 2021
re:Invent for Introverts 2021re:Invent for Introverts 2021
re:Invent for Introverts 2021
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
State of the Union: Networking
State of the Union: NetworkingState of the Union: Networking
State of the Union: Networking
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
 
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
 
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud Adoption
 
AI & Deep Learning At Amazon
AI & Deep Learning At AmazonAI & Deep Learning At Amazon
AI & Deep Learning At Amazon
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL Webinar
 
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS Cloud
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS CloudAWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS Cloud
AWSome Day Online 2020_โมดูล 2: เริ่มต้นใช้งานบน AWS Cloud
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSight
 
AWSome Day Madrid - March 2018
AWSome Day Madrid - March 2018AWSome Day Madrid - March 2018
AWSome Day Madrid - March 2018
 
Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 

Similar to Best Practices to Mitigate from the Emerging Vectors of Network Attack

Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksAmazon Web Services
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...RoiElbaz1
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...Amazon Web Services
 
Strengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfStrengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfAmazon Web Services
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyVladimir Simek
 
Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF ResponseAmazon Web Services
 
AWS Startup Garage - Building your MVP on AWS
AWS Startup Garage - Building your MVP on AWSAWS Startup Garage - Building your MVP on AWS
AWS Startup Garage - Building your MVP on AWSCobus Bernard
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)Amazon Web Services
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityCobus Bernard
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
 
20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCUMarcia Villalba
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Amazon Web Services
 
Cloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack MitigationCloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack MitigationAmazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Amazon Web Services
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...Flink Forward
 
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018Amazon Web Services Korea
 

Similar to Best Practices to Mitigate from the Emerging Vectors of Network Attack (20)

Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
 
Strengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfStrengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdf
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
 
Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF Response
 
AWS Startup Garage - Building your MVP on AWS
AWS Startup Garage - Building your MVP on AWSAWS Startup Garage - Building your MVP on AWS
AWS Startup Garage - Building your MVP on AWS
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
 
DDoS Resiliency
DDoS ResiliencyDDoS Resiliency
DDoS Resiliency
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: Security
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
 
20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCU
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
 
Cloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack MitigationCloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack Mitigation
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWS
 
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
 
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
Costruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker AutopilotCostruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker AutopilotAmazon Web Services
 
Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei server
 
Costruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker AutopilotCostruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker Autopilot
 
Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows
 

Best Practices to Mitigate from the Emerging Vectors of Network Attack

  • 1. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Cybil Chiu Business Development Manager Best Practices to Mitigate from the Emerging Vectors of Network Attack Kwunhok Chan Solutions Architect
  • 2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Webinar Series https://aws.amazon.com/webinars/hk-webinar-series/
  • 3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Attack Threats and Trends
  • 4. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Availability An attack that brings down your server will end up as Lost Revenue. You could massively scale but that just translates to Increased Infrastructure Expense Even without an actual attack DDoS threats are being use for Extortion Any combination of these results in a hit to your brand reputation Financial Impact Security Why does it matter? Attacks can last for hours and even days Some attacks are more just concerned with stealing or infecting data
  • 5. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Why are you attacked? This message is only for your company. Send this information to your boss. We have completed network reconnaissance of your infrastructure. We studied the algorithms of your protection against DDoS. We are ready to crash your servers and disturb normal work of your trading platform. This is a small part of our power: L7; Botnet #1 - https://prnt.sc/kuyt6x - 3 500 000 requests per second. Botnet #2 - https://prnt.sc/kuyu60 - 450 000 requests per second. Botnet #3 - https://prnt.sc/kuywzf - 2 000 000 requests per second. L4; #1 - https://prnt.sc/kuyxjj #2 - https://prnt.sc/kuyxx8 #3 - https://prnt.sc/kuyy3r #4 - https://prnt.sc/kuyyah Total L4 power now - more than 1.3 TB/S UDP and 240 000 000 packets per second TCP. We know that you will be able to reflect the attack, but it will take at least 12-24 hours. Undoubtedly you will incur monetary losses. What we want? 5 BTC (it's just dust for you) to 1Kd4f6NCuk5tBdvcj5und8xxBoSZnxaPsM Your losses from the attack can be much greater. We are waiting until October 2. If you do what we want - we will help you fix some network bugs. If no - we will be forced to act. We do not say goodbye. TGF6YXJ1cyBIYWNrZXJzISBOb3J0aCBLb3JlYSBQb3dlciE=
  • 6. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Attack Landscape
  • 7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Growth of Volumetric Attacks 0 200 400 600 800 1000 1200 1400 1600 1800 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Largest DDoS Attacks (Gbps) Memcached Attacks Mirai Attacks
  • 8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Recent Trends 310,954 Attacks observed in Q1 2020, a 23% increase from Q1 2019 2.3 Tbps Largest attack observed (bits) in Q1 2020, a 188% increase from Q1 2019 293.1 Mpps Largest attack observed (packets) in Q1 2020, a 13% increase from Q1 2019 694,210 rps Largest attack observed (requests) in Q1 2020, a 31% decrease from Q1 2019
  • 9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Common External Threats SQL Injection Cross-site Scripting (XSS) OWASP Top 10 Common Vulnerabilities and Exposures (CVE) SYN Floods Reflection Attacks Web Request Floods Crawlers Content Scrapers Scanners & Probes Denial of Service App Vulnerabilities Bad Bots
  • 10. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Common External Threats SQL Injection Cross-site Scripting (XSS) OWASP Top 10 Common Vulnerabilities and Exposures (CVE) SYN Floods Reflection Attacks Web Request Floods Crawlers Content Scrapers Scanners & Probes Denial of Service App Vulnerabilities Bad Bots
  • 11. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. 1 • Complex to Set up • Need to Provision Bandwidth Capacity • Re-architect applications Difficult to Enable 2 • Manual Intervention required • Re-routing traffic to scrubbing locations Sub-Optimal Incident Response 3 Scrubbing centers may be far from your servers leading to added latency Degrade performance 4 Manual intervention and re-routing takes away precious moments from incident response Increased Time to Mitigate 5 Due to the size, duration and complex nature of mitigation systems it becomes prohibitively expensive in some cases Expensive to Use Traditional Challenges of DDoS Mitigation
  • 12. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Approach to DDoS Protection
  • 13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Protecting the Application Perimeter AWS Shield Standard Protects AWS services against common DDoS attacks AWS WAF Protects web applications by allowing you to write custom rules or choose managed rules from AWS or the AWS Marketplace. AWS Shield Advanced Managed threat protection that blocks DDoS attacks, vulnerability exploitation, and bad bots AWS Firewall Manager Centrally configure and manage security rules across accounts and applications AWS Shield Advanced includes WAF & FMS at no additional cost
  • 14. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Shield Advanced: Managed Threat Protection Easy to configure without changing your application architecture Comprehensive protection against DDoS attack vectors Near-real time event visibility Protection from economic attack vectors AWS Shield Advanced
  • 15. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Benefits of AWS Shield Standard and Shield Advanced Pre-Configured Protection Point and Protect Wizard Comprehensive protection against DDoS attack vectors Near-real time event visibility Protection from economic attack vectors AWS Shield
  • 16. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Benefits of AWS Shield Standard and Shield Advanced Detection and Mitigation Faster Mitigation, Customized to Your Application 24x7 Access to DDoS Response Team (DRT) Pre-Configured Protection Point and Protect Wizard Near-real time event visibility Protection from economic attack vectors AWS Shield
  • 17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Benefits of AWS Shield Standard and Shield Advanced Detection and Mitigation Faster Mitigation, Customized to Your Application 24x7 Access to DDoS Response Team (DRT) Pre-Configured Protection Point and Protect Wizard Protection from economic attack vectors AWS Shield Attack Diagnostics Global Threat Environment Dashboard Quarterly Security Report CloudWatch Metrics
  • 18. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Benefits of AWS Shield Standard and Shield Advanced Detection and Mitigation Faster Mitigation, Customized to Your Application 24x7 Access to DDoS Response Team (DRT) Pre-Configured Protection Point and Protect Wizard CloudWatch Metrics Attack Diagnostics Global Threat Environment Dashboard Quarterly Security Report AWS WAF at No Additional Cost For protected resources AWS Firewall Manager at No Additional Cost Cost Protection for Scaling AWS Shield
  • 19. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Let’s see Shield Advanced in action
  • 20. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Use Case: Pokemon GO Massive increase in user & traffic DDoS attack / Bot / Scanner Quick Deployment Low Latency Superior analytics logging Challenges :
  • 21. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Common External Threats SQL Injection Cross-site Scripting (XSS) OWASP Top 10 Common Vulnerabilities and Exposures (CVE) SYN Floods Reflection Attacks Web Request Floods Crawlers Content Scrapers Scanners & Probes Denial of Service App Vulnerabilities Bad Bots
  • 22. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Application threats and Bad bots Good users and bots Bad guys Web server Database SQL injection Application exploits Bad bo Content scrapers Scanners & probes Crawlers
  • 23. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS WAF Fast Incident Response Managed Rulesets APIs for Automation Flexible Rule Language “A web application firewall designed to help you defend against common web application exploits.”
  • 24. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Step 2 Amazon CloudFront checks if request requires WAF Step 1 HTTP/HTTPS Request made for content to Amazon CloudFront AWS WAF Request Process
  • 25. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Step 3 WAF reviews request; instructs Amazon CloudFront to allow/deny Step 2 Amazon CloudFront checks if request requires WAF Step 1 HTTP/HTTPS Request made for content to Amazon CloudFront AWS WAF Request Process Error Page Delivered by Amazon CloudFront
  • 26. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Step 3 WAF reviews request; instructs Amazon CloudFront to allow/deny Step 2 Amazon CloudFront checks if request requires WAF Step 1 HTTP/HTTPS Request made for content to Amazon CloudFront Content Delivered via Amazon CloudFront AWS WAF Request Process Error Page Delivered by Amazon CloudFront
  • 27. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Step 4 WAF sends metric to Amazon CloudWatch. Rule can be updated via API Step 3 WAF reviews request; instructs Amazon CloudFront to allow/deny Step 2 Amazon CloudFront checks if request requires WAF Step 1 HTTP/HTTPS Request made for content to Amazon CloudFront Content Delivered via Amazon CloudFront AWS WAF Request Process Error Page Delivered by Amazon CloudFront
  • 28. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS WAF – Security Automations 28 https://amzn.to/30VgbEe
  • 29. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Marketplace rule groups • Pre-defined rules written by AWS Partners • Designed for different purposes, e.g. • Specific applications, such as WordPress • OWASP Top 10 vulnerabilities • Automatically updated as threats emerge • No long-term contracts
  • 30. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. AWS WAF Console Walkthrough
  • 31. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Architecting for DDoS Resiliency
  • 32. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. DDoS-resilient Architecture AWS Cloud VPC Public subnet Private subnet Auto Scaling group Web Application Security group Instances Load Balancer Security group Amazon CloudFront Amazon Route 53 Application Load Balancer AWS WAF Users DDoS Attack Globally distributed attack mitigation capability SYN proxy feature that verifies three-way handshake before passing to the application Slowloris mitigation that reaps long-lived collectionsMitigates complex attacks by allowing only the most reliable DNS queries Validates DNS Provides flexible rule language to block or rate-limit malicious requests
  • 33. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. “Are you Well- Architected?” Werner Vogels
  • 34. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Pillars of Well-Architected Framework Security Reliability Performance Efficiency Cost Optimization Operational Excellence
  • 35. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Planning for DDoS response Shared responsibility • We’re in this together What can you do to be prepared? • Architect with security and availability in mind from the beginning Architect for scale • Use auto scaling resources to scale up instance sizes and scale out quantity • Automate to scale static resources • And document intervention plans Automate notification and response • Proactively collect full or sampled web logs • Pre-calculate profiles to compare against anomalies • Enable DRT access for assistance
  • 36. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Resources AWS Shield https://aws.amazon.com/shield AWS WAF https://aws.amazon.com/waf AWS Shield Threat Landscape Report https://amzn.to/2C30brC AWS Security Workshop https://awssecworkshops.com/ AWS Best Practices for DDoS Resiliency https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf
  • 37. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Webinar Series https://aws.amazon.com/webinars/hk-webinar-series/ Register to the upcoming Webinars
  • 38. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Remember to complete your evaluations!
  • 39. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Q&A
  • 40. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark. Thank you!