This presentation intends to help users to introduce to AWS WAF service, various WAF components. This presentation also helps users to understand the need of AWS Firewall Manager for multi-account landing zone.
This document discusses using Amazon CloudFront, AWS WAF, and AWS Lambda to protect web applications. AWS WAF provides firewall protection at CloudFront edge locations and can block exploits, abuse, and application DDoS attacks. CloudFront works with AWS WAF to filter legitimate traffic from attacks like SQL injection, cross-site scripting, and others. AWS Lambda can be used to automate security by integrating IP reputation lists and detecting HTTP floods and scans/probes. Resources are provided for webinars and tutorials on configuring AWS WAF and AWS Lambda for automatic protection of web applications.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
This document discusses securing web applications with AWS WAF. It begins by explaining why a web application firewall (WAF) is needed to protect against bad users and application vulnerabilities while allowing good users. It then defines what AWS WAF is, noting that it allows users to block or allow web requests and monitor security events. AWS WAF provides APIs and a console for easy configuration of rules to protect websites and content while integrating with development workflows. The document outlines the steps to set up AWS WAF, including creating a web ACL, adding rules and match conditions, and assigning it to CloudFront. It notes the pay-as-you-go pricing model for AWS WAF.
AWS WAF introduction and live demo - Pop-up Loft Tel AvivAmazon Web Services
Distributed application security at scale with AWS WAF. Learn about how the AWS WAF can help protect your web and application services and run through a demo showing how the WAF blocks IP addresses, prevents SQL Injection, and how you can use string matching to defend against Bots, Crawlers, and XSS .
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a threat detection service that monitors AWS accounts and the applications within them for malicious or unauthorized behavior. It uses machine learning, threat intelligence feeds, and other techniques to detect both known and unknown threats. GuardDuty analyzes AWS CloudTrail logs, VPC flow logs, and DNS logs to generate detailed findings on issues like reconnaissance, unauthorized access, and crypto-currency mining. It also integrates with other AWS services like Lambda and CloudWatch Events.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
This document discusses using Amazon CloudFront, AWS WAF, and AWS Lambda to protect web applications. AWS WAF provides firewall protection at CloudFront edge locations and can block exploits, abuse, and application DDoS attacks. CloudFront works with AWS WAF to filter legitimate traffic from attacks like SQL injection, cross-site scripting, and others. AWS Lambda can be used to automate security by integrating IP reputation lists and detecting HTTP floods and scans/probes. Resources are provided for webinars and tutorials on configuring AWS WAF and AWS Lambda for automatic protection of web applications.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
This document discusses securing web applications with AWS WAF. It begins by explaining why a web application firewall (WAF) is needed to protect against bad users and application vulnerabilities while allowing good users. It then defines what AWS WAF is, noting that it allows users to block or allow web requests and monitor security events. AWS WAF provides APIs and a console for easy configuration of rules to protect websites and content while integrating with development workflows. The document outlines the steps to set up AWS WAF, including creating a web ACL, adding rules and match conditions, and assigning it to CloudFront. It notes the pay-as-you-go pricing model for AWS WAF.
AWS WAF introduction and live demo - Pop-up Loft Tel AvivAmazon Web Services
Distributed application security at scale with AWS WAF. Learn about how the AWS WAF can help protect your web and application services and run through a demo showing how the WAF blocks IP addresses, prevents SQL Injection, and how you can use string matching to defend against Bots, Crawlers, and XSS .
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a threat detection service that monitors AWS accounts and the applications within them for malicious or unauthorized behavior. It uses machine learning, threat intelligence feeds, and other techniques to detect both known and unknown threats. GuardDuty analyzes AWS CloudTrail logs, VPC flow logs, and DNS logs to generate detailed findings on issues like reconnaissance, unauthorized access, and crypto-currency mining. It also integrates with other AWS services like Lambda and CloudWatch Events.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry.
Speaker: Brian Wagner, Security Consultant, Professional Services, AWS
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
This document discusses using Amazon Virtual Private Cloud (VPC) for hybrid IT architectures. It defines hybrid IT and outlines some common AWS services that can be used to build hybrid solutions, including VPC, VPN/Direct Connect networking, IAM policies and virtual images. Specific examples are given for disaster recovery and development/test environments extending on-premises networks to AWS. The presentation concludes with a demonstration of creating a VPC with IPSEC VPN tunnels to an on-premises office and deploying a CMS within the VPC.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Amazon Web Services
Learning Objectives:
- Learn how to secure your web applications
- Learn how to configure AWS Shield and AWS WAF
- Learn how to defend the most common Layer 7 attacks
Distributed denial of service (DDoS) and other web attacks can affect your application’s availability, compromise its security, and consume excessive resources. AWS Shield and AWS Web Application Firewall (WAF) help secure your applications from these types of attacks. AWS Shield is a managed DDoS protection service that offers always-on detection and automatic inline mitigation to minimize application downtime and latency. AWS WAF is a web application firewall that helps protect your applications from common web exploits such as SQLi, XSS, and botnets. This introductory tech talk will provide you an overview and demonstration of these services.
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
This document discusses implementing an AWS landing zone using a multi-account strategy. It describes setting up initial core accounts for AWS Organizations, log archive, security, and shared services. It provides details on account structures and roles. The next steps outlined are to define tagging and automation strategies before creating the core accounts and implementing security best practices and cross-account access controls.
Learning Objectives:
- Learn about requirements for AWS Firewall Manager, like AWS Organizations
- Learn how to keep new Web applications in compliance across the org from day one
- Learn how Firewall Manager supports your custom WAF rules as well as Managed Rules for AWS WAF
The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.
Real time monitoring of AWS components and the applications you run on AWS in real-time
You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications
CloudWatch alarms send notifications or automatically make changes to the resources you are monitoring based on rules that you define
AWS Security Hub provides a single place to manage security alerts and compliance checks across AWS accounts and services. It integrates findings from AWS services like GuardDuty, Inspector, and Macie as well as many third-party security products. These findings are normalized into a standard format and prioritized. Security Hub also allows users to check compliance with the CIS Benchmark security standard through automated configuration and compliance checks.
This document outlines an agenda for an AWS Cost Management workshop. The agenda includes introductions and sessions on AWS Cost Explorer, AWS Budgets, AWS Reservations, and AWS Cost & Usage Reports. It provides overviews of AWS cost management products and highlights recent features including budget redesigns, forecasting enhancements, and reserved instance management updates.
온디맨드 다시보기: https://www.youtube.com/watch?v=LMBSWl9Uo-4
2021년 1분기에 서울 리전에 출시 예정인 AWS Control Tower는 모범 사례를 기반으로 고객의 다중 AWS 계정 환경을 자동으로 구성해 줍니다. 본 세션에서는 AWS Control Tower를 활용하여 고객의 조직에서 필요로 하는 다중 AWS 계정 구조을 설계 및 구현하고, 각 계정에 포함해야 하는 기본 가드레일을 정의 및 생성하고, 거버넌스 체계를 구현하는 방법에 대해서 다룹니다.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) enables you to have complete control over your AWS virtual networking environment. In this session, we will work through the process and features involved to build an advanced hybrid and connected architecture exploring the new capabilities including VPC Shared Subnets, AWS Transit Gateway, Route 53 Resolver and AWS Global Accelerator. We dive into how they work and how you might use them.
This document discusses how AWS Control Tower can be used to govern multi-account AWS environments at scale. It provides an overview of AWS Control Tower's key capabilities including automated setup of a landing zone with best practice blueprints and guardrails, account factory for provisioning accounts, centralized identity and access management, and built-in monitoring and notifications. Examples are also given of how AWS Control Tower can be used to implement common multi-account architectures and operational models.
The document discusses serverless architectures using AWS Lambda and Amazon API Gateway. It provides background on moving from monolithic to microservices architectures. It then covers AWS Lambda functions, event sources, and networking environments. Amazon API Gateway is presented as a way to build multi-tier serverless applications. Common serverless architecture patterns and best practices for AWS Lambda, API Gateway, and general serverless development are outlined. The document concludes with a demonstration of a simple CRUD backend using Lambda and DynamoDB with API Gateway.
AWS Direct Connect allows organizations to establish a dedicated network connection from their premises to AWS. It provides higher bandwidth, more consistent network performance than internet-based connections, and avoids public internet charges for data transfer. Customers can establish Direct Connect connections from their data centers to AWS using partner network providers.
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...Amazon Web Services
In this workshop, we help you understand how you can help protect your web applications from threats cost effectively by using AWS WAF and Amazon CloudFront. As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated and automated, having an effective web request filtering solution becomes key to keeping your users' data safe. We will cover common attack vectors and what you can do to mitigate them. You will learn how to leverage AWS WAF in conjunction with Amazon CloudFront to detect unwanted traffic and block it using simple configurations and automations.
Prerequisites:
Participants should have an AWS account established and available for use during the workshop.
Please bring your own laptop.
A look at AWS web application firewall service from the September meeting of the Atlanta AWS Meetup group
Looking at how the service works with cloudfront along with it's pricing model compared with other WAF offerings.
AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry.
Speaker: Brian Wagner, Security Consultant, Professional Services, AWS
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
This document discusses using Amazon Virtual Private Cloud (VPC) for hybrid IT architectures. It defines hybrid IT and outlines some common AWS services that can be used to build hybrid solutions, including VPC, VPN/Direct Connect networking, IAM policies and virtual images. Specific examples are given for disaster recovery and development/test environments extending on-premises networks to AWS. The presentation concludes with a demonstration of creating a VPC with IPSEC VPN tunnels to an on-premises office and deploying a CMS within the VPC.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Amazon Web Services
Learning Objectives:
- Learn how to secure your web applications
- Learn how to configure AWS Shield and AWS WAF
- Learn how to defend the most common Layer 7 attacks
Distributed denial of service (DDoS) and other web attacks can affect your application’s availability, compromise its security, and consume excessive resources. AWS Shield and AWS Web Application Firewall (WAF) help secure your applications from these types of attacks. AWS Shield is a managed DDoS protection service that offers always-on detection and automatic inline mitigation to minimize application downtime and latency. AWS WAF is a web application firewall that helps protect your applications from common web exploits such as SQLi, XSS, and botnets. This introductory tech talk will provide you an overview and demonstration of these services.
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
This document discusses implementing an AWS landing zone using a multi-account strategy. It describes setting up initial core accounts for AWS Organizations, log archive, security, and shared services. It provides details on account structures and roles. The next steps outlined are to define tagging and automation strategies before creating the core accounts and implementing security best practices and cross-account access controls.
Learning Objectives:
- Learn about requirements for AWS Firewall Manager, like AWS Organizations
- Learn how to keep new Web applications in compliance across the org from day one
- Learn how Firewall Manager supports your custom WAF rules as well as Managed Rules for AWS WAF
The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.
Real time monitoring of AWS components and the applications you run on AWS in real-time
You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications
CloudWatch alarms send notifications or automatically make changes to the resources you are monitoring based on rules that you define
AWS Security Hub provides a single place to manage security alerts and compliance checks across AWS accounts and services. It integrates findings from AWS services like GuardDuty, Inspector, and Macie as well as many third-party security products. These findings are normalized into a standard format and prioritized. Security Hub also allows users to check compliance with the CIS Benchmark security standard through automated configuration and compliance checks.
This document outlines an agenda for an AWS Cost Management workshop. The agenda includes introductions and sessions on AWS Cost Explorer, AWS Budgets, AWS Reservations, and AWS Cost & Usage Reports. It provides overviews of AWS cost management products and highlights recent features including budget redesigns, forecasting enhancements, and reserved instance management updates.
온디맨드 다시보기: https://www.youtube.com/watch?v=LMBSWl9Uo-4
2021년 1분기에 서울 리전에 출시 예정인 AWS Control Tower는 모범 사례를 기반으로 고객의 다중 AWS 계정 환경을 자동으로 구성해 줍니다. 본 세션에서는 AWS Control Tower를 활용하여 고객의 조직에서 필요로 하는 다중 AWS 계정 구조을 설계 및 구현하고, 각 계정에 포함해야 하는 기본 가드레일을 정의 및 생성하고, 거버넌스 체계를 구현하는 방법에 대해서 다룹니다.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) enables you to have complete control over your AWS virtual networking environment. In this session, we will work through the process and features involved to build an advanced hybrid and connected architecture exploring the new capabilities including VPC Shared Subnets, AWS Transit Gateway, Route 53 Resolver and AWS Global Accelerator. We dive into how they work and how you might use them.
This document discusses how AWS Control Tower can be used to govern multi-account AWS environments at scale. It provides an overview of AWS Control Tower's key capabilities including automated setup of a landing zone with best practice blueprints and guardrails, account factory for provisioning accounts, centralized identity and access management, and built-in monitoring and notifications. Examples are also given of how AWS Control Tower can be used to implement common multi-account architectures and operational models.
The document discusses serverless architectures using AWS Lambda and Amazon API Gateway. It provides background on moving from monolithic to microservices architectures. It then covers AWS Lambda functions, event sources, and networking environments. Amazon API Gateway is presented as a way to build multi-tier serverless applications. Common serverless architecture patterns and best practices for AWS Lambda, API Gateway, and general serverless development are outlined. The document concludes with a demonstration of a simple CRUD backend using Lambda and DynamoDB with API Gateway.
AWS Direct Connect allows organizations to establish a dedicated network connection from their premises to AWS. It provides higher bandwidth, more consistent network performance than internet-based connections, and avoids public internet charges for data transfer. Customers can establish Direct Connect connections from their data centers to AWS using partner network providers.
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...Amazon Web Services
In this workshop, we help you understand how you can help protect your web applications from threats cost effectively by using AWS WAF and Amazon CloudFront. As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated and automated, having an effective web request filtering solution becomes key to keeping your users' data safe. We will cover common attack vectors and what you can do to mitigate them. You will learn how to leverage AWS WAF in conjunction with Amazon CloudFront to detect unwanted traffic and block it using simple configurations and automations.
Prerequisites:
Participants should have an AWS account established and available for use during the workshop.
Please bring your own laptop.
A look at AWS web application firewall service from the September meeting of the Atlanta AWS Meetup group
Looking at how the service works with cloudfront along with it's pricing model compared with other WAF offerings.
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
This session will review how AWS allows FinTech’s across APAC to innovate at pace while maintaining the high level of security expected by the financial services community. We will review security domains including Infrastructure Security, Data Protection, Logging & Monitoring, Identity & Access Management and Intrusion Detection.
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
This document discusses security on AWS. It begins by outlining AWS's security practices and culture, including how access is limited and monitored. It then explains the shared responsibility model where AWS is responsible for security of the cloud, while customers are responsible for security in the cloud. The document provides examples of how AWS tools can help with security best practices like the Essential 8, encryption, DDoS protection, and more. It also discusses how customers have control over aspects like data location, access management, and infrastructure configuration. The document concludes that security is the top priority at AWS and customers are generally better off from a security perspective using AWS than maintaining their own environments.
This talk showcases the "best of the best" practices for operating securely at scale on AWS, taken from real customer examples. It introduces the AWS Security Best Practices whitepaper and covers a range of security recommendations for Identity and Access Management, Logging and Monitoring, Infrastructure Security, and Data Protection. It incorporates practical examples found in the Center for Internet Security’s CIS AWS Foundation and CIS AWS Three-Tier Web Architecture benchmarks. Come learn how to "Just Turn It On!"
Speakers:
Phil Rodrigues, Security Solutions Architect, Amazon Web Services
Michael Fuller, Principal Systems Engineer, Atlassian
AWS Landing Zone - Architecting Security and GovernanceAkesh Patil
This slide deck provides an overview of the AWS Landing Zone, which is a well-architected, multi-account AWS environment designed to be scalable and secure. It serves as a starting point for organizations to quickly launch and deploy workloads and applications on AWS.
The deck explains the key components and capabilities of the AWS Landing Zone, including:
The use of AWS Control Tower, a service that simplifies the setup and governance of a multi-account Landing Zone environment following AWS best practices.
1. The Landing Zone's objectives, such as establishing an account structure, developing a governance framework, implementing centralized identity and access management, and optimizing costs.
2. The technical foundations of the Landing Zone, including Organization Units (OUs), preventive and detective guardrails, and the integration of AWS security services like CloudTrail, Config, GuardDuty, Inspector, and Security Hub.
1) The document discusses Amazon Web Services' (AWS) prescriptive approach to security, which involves understanding AWS's security practices, building strong compliance foundations, integrating identity and access management, enabling detective controls, establishing network security, implementing data protection, optimizing change management, and automating security functions.
2) It provides details on various AWS security services like AWS Identity and Access Management (IAM), AWS CloudTrail, AWS Config, AWS WAF, encryption services, and security training.
3) The document emphasizes that security is a shared responsibility between AWS and customers, with AWS being responsible for security "of the cloud" and customers being responsible for security "in the cloud."
Ryan Holland (Cloud Platform Solution Director, Alert Logic) and Pat McDowell (Partner Solution Architect, Amazon Web Services)'s presentation on AWS security services like AWS Inspector, AWS WAF, and AWS Config Rules at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech TalksAmazon Web Services
The Open Web Application Security Project (OWASP) Top 10 identifies the most critical risks that web developers must address in their applications. AWS WAF, a web application firewall, helps you address the vulnerabilities identified by the OWASP Top 10. In this webinar, you will learn how to use AWS WAF to write rules to match common patterns of exploitation and block malicious requests from reaching your web servers.
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
We constantly hear about huge hacks in the media, with companies losing millions of dollars in an instant. While this problem is large for the enterprise side of the world, it is even more detrimental when it comes to the fedspace. CloudCheckr Co-Founder & CEO Aaron Newman will highlight effective strategies and tools that AWS users can employ to improve their security posture. Often times the biggest threat to security is the human, Aaron will go through ways to work around this and how you can shore up security to avoid these errors. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Learn More: https://aws.amazon.com/government-education/
Because the entire AWS cloud platform is programmable, it turns out that you can program security and compliance in advance of actually instantiating any actual workloads. In this session, we show how you can design a secure and compliant workload and even have it audited by a third-party auditor before creating it for the first time! Once it's created, other facilities provide mechanisms for detecting and alerting a drift from your baseline, and even automatically remediating the drift. Learn how the comprehensive automation available in AWS provides security and compliance professionals an entire new, more efficient, and more effective way to work.
Speaker: John Hildebrand, Solutions Architect, Amazon Web Services
Security Best Practices_John HildebrandtHelen Rogers
This document discusses security best practices for AWS. It provides an overview of sources of best practices like the AWS Cloud Adoption Framework and CIS Benchmarks. It then describes key best practices around infrastructure security, data protection, identity and access management, logging and monitoring, and implementing practices at scale through automation and tools. Specific recommendations are given for practices like encrypting data, using IAM roles, enabling logging for all services, and using AWS Config to detect insecure configurations.
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and understand how to benefit from controls from the rich compliance and accreditation programs maintained by AWS. Speaker: Stephen Quigg, Solutions Architect, Amazon Web Services
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
The document outlines security best practices for AWS including:
- Using IAM roles instead of long-term access keys, enabling MFA authentication, and granting least privilege access.
- Encrypting data at rest using AES-256 encryption, limiting network access using security groups, and enabling logging.
- Ensuring S3 buckets, RDS instances, and Redshift clusters are not publicly accessible and their access is encrypted.
- Implementing monitoring with CloudWatch and using security tools like Inspector, Shield, and WAF.
Amazon Web Services offers a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. Amazon Web Services provides security-specific tools and features across network security, configuration management, access control and data security. In addition, Amazon Web Services provides monitoring and logging tools to provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that Amazon Web Services offers, and the latest security innovations coming from Amazon Web Services.
Andrew Watts-Curnow, Cloud Architect - Professional Services, ASEAN
This webinar will help you understand more about how AWS practices security, the compliance and certification of the AWS platform, how security is shared between AWS and it’s customers, key AWS security features that customers can build into their own solutions; and where to get training, advice and further information on AWS security.
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.
Similar to Introduction to AWS WAF and AWS Firewall Manager (20)
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3Data Hops
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
3. Akesh Patil
Sr. Cloud Architect
Digital & Cloud Consulting
AWS Community Builder | AWS APN
Ambassador
Speaker
4. AWS WAF
AWS WAF is a web application firewall that lets you monitor the
HTTP(S) requests that are forwarded to your protected web
application resources
Monitor web requests that your end users send to your applications and to control access to your
content
Protect against common web exploits and bots that can affect availability, compromise security, or
consume excessive resources.
Control bot traffic and block common attack patterns such as SQL injection or cross-site scripting
(XSS).
What AWS WAF can do?
4
5. Resources protected by AWS WAF
• Amazon CloudFront distribution
• Amazon API Gateway REST API
• Application Load Balancer
• AWS AppSync GraphQL API
• Amazon Cognito user pool
• AWS App Runner service
• AWS Verified Access instance
5
7. AWS WAF Behaviours
Allow
Allow all requests
except the ones that
you specify
Block
Block all requests
except the ones that
you specify
Count
Count requests that
match your criteria
Run
Run CAPTCHA or
challenge checks
against requests
that match your
criteria
7
8. Options to protect web application exploits
•Tells AWS WAF how to inspect web request
•Every rule has a single top-level rule statement containing other statements
•Can be simple or complex rule
AWS WAF Rule Statements
•Curated and maintained by AWS Threat Research Team
•Provides protection against common application vulnerabilities
•Includes Baseline rule groups, Use-case specific rule groups, IP reputation rule groups
AWS Managed Rules
•Rules specific to your application to block undesired patterns
Custom Rules
•Rules created by security partners
•Available based on subscription
AWS Marketplace Rules
8
9. Considerations for AWS WAF Implementation
Protections
• Identity usage patterns and baseline
requirements based on previous
incidents and observations
• Start with the baseline rule groups
and the Amazon IP reputation list
from the AWS Managed Rules
Governance
• How to manage and monitor WAF
implementations across organization
• Use AWS Firewall Manager to manage
WAF configurations centrally
9
12. Application Layer Defense
Web ACLs and
Managed Rules
• Cross site
scripting
• SQL Injection
Custom Rules
• Block
requests with
header x-
tomatoattack
Rate-based
Rules
• Block request
originating IP
address
based on
count
Advanced
Custom Rules
• Json Based
Rules
12
13. DDoS protection with AWS Shield
• Available for all AWS clients
without additional charge
• Protection against common
attacks (SYN/UDP floods,
Reflection Attacks etc. Layer 3/4)
• Automatic detection and
mitigation
• Charged service that provides
additional protection against
more complex attacks
• Protection against advanced
attacks (Layer 7)
• 24x7 DDoS response team
• Cost Protection
• Better monitoring/Visualization
Standard Advanced
13
18. AWS Firewall Manager
AWS Firewall Manager is a security management service that allows
you to centrally configure and manage firewall rules across your
accounts and applications in AWS Organizations.
What AWS Firewall Manager can do?
• Simplifies administration and maintenance tasks across multiple accounts and resources
• Helps to protect resources across accounts
• Helps to protect all resources of a particular type, such as all Amazon CloudFront
distributions
• Helps to protect all resources with specific tags
• Automatically adds protection to resources that are added to your account
• Allows you to apply security group rules to all member accounts or specific subsets of
accounts in an AWS Organizations organization
• Let you use your own rules, or purchase managed rules from AWS Marketplace
18
19. AWS Firewall Manager prerequisites
AWS Organizations
Your organization must be using AWS
Organizations to manage your accounts, and All
Features must be enabled.
Firewall administrator AWS Account
Designate one of the AWS accounts in your
organization as the administrator for AWS Firewall
Manager
AWS Config
You must enable AWS Config for all the accounts in
your organization and in the required regions so
that AWS Firewall Manager can detect newly
created resources
19
21. Monitoring & Governance
• AWS FMS Integration with Security Hub will send following findings
• resources that are not properly protected by WAF rules
• resources that are not properly protected by Shield Advanced
• Shield Advanced findings that indicate a Distributed Denial of
Service attack is underway
• security groups that are being used incorrectly
22
AWS WAF is a web application firewall (WAF) that helps you protect your websites and web applications against various attack vectors at the application layer (OSI Layer 7).
Security is a shared responsibility between AWS and the customer, with responsibility boundaries that vary depending on factors such as the AWS services used. For example, when you build your web application with AWS services such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, or AWS AppSync you are responsible of protecting your web application at Layer 7 of the OSI Model. AWS WAF is a tool that helps you protect web applications by filtering and monitoring HTTP(S) traffic, including traffic from the public internet. Web application firewalls (WAFs) protect applications at the application layer from common web exploits that can affect application availability, compromise security, and consume excessive resources. For example, you can use AWS WAF to protect against attacks such as cross-site request forgery, cross-site scripting (XSS), file inclusion, and SQL injection, among other threats in the OWASP Top 10. This layer of security can be used together with a suite of tools to create a holistic defense-in-depth architecture.
AWS WAF is a managed web application firewall that can be used in conjunction with a wide variety of networking and security services such as Amazon Virtual Private Cloud (Amazon VPC), and AWS Shield Advanced.
What AWS WAF can do
Filter web traffic - Create rules to filter web requests based on conditions such as IP addresses, HTTP headers and body, or custom URIs.
Prevent account takeover fraud - Monitor your application’s login page for unauthorized access to user accounts using compromised credentials.
Using AWS WAF has several benefits:
Additional protection against web attacks using criteria that you specify. You can define criteria using characteristics of web requests such as the following:
IP addresses that requests originate from.
Country that requests originate from.
Values in request headers.
Strings that appear in requests, either specific strings or strings that match regular expression (regex) patterns.
Length of requests.
Presence of SQL code that is likely to be malicious (known as SQL injection).
Presence of a script that is likely to be malicious (known as cross-site scripting).
Rules that can allow, block, or count web requests that meet the specified criteria. Alternatively, rules can block or count web requests that not only meet the specified criteria, but also exceed a specified number of requests in any 5-minute period.
Rules that you can reuse for multiple web applications.
Managed rule groups from AWS and AWS Marketplace sellers.
Real-time metrics and sampled web requests.
Automated administration using the AWS WAF API.
AWS WAF can be natively enabled on CloudFront, Amazon API Gateway, Application Load Balancer, or AWS AppSync and is deployed alongside these services. AWS services terminate the TCP/TLS connection, process incoming HTTP requests, and then pass the request to AWS WAF for inspection and filtering. Unlike traditional appliance-based WAFs, there is no need to deploy and manage infrastructure, or plan for capacity. AWS WAF provides flexible options for implementing protections through managed rules, partner-provided rules, and custom rules that you can write yourself.
It’s important to understand that with AWS WAF, you are controlling ingress traffic to your application.
Before deciding how to deploy AWS WAF, you need to understand what type of threats your web applications may be facing and the protection options available with AWS WAF. Web applications face different kinds of threats that AWS WAF can help you mitigate.
Distributed denial of service (DDoS) attacks – Try to exhaust your application resources so that they are not available to your customers. At Layer 7, DDoS attacks are typically well-formed HTTP requests that attempt to exhaust your application servers and resources.
Web application attacks – Try to exploit a weakness in your application code or its underlying software to steal web content, gain control over web servers, or alter databases; these can involve HTTP requests with deliberately malformed arguments.
Bots – Generate a large portion of the internet’s website traffic. Some good bots associated with search engines, crawl websites for indexing. However, bad bots may scan applications, looking for vulnerabilities and to scrape content, poison backend systems, or disrupt analytics.
Allow all requests except the ones that you specify – This is useful when you want Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, or AWS Verified Access to serve content for a public website, but you also want to block requests from attackers.
Block all requests except the ones that you specify – This is useful when you want to serve content for a restricted website whose users are readily identifiable by properties in web requests, such as the IP addresses that they use to browse to the website.
Count requests that match your criteria – You can use the Count action to track your web traffic without modifying how you handle it. You can use this for general monitoring and also to test your new web request handling rules. When you want to allow or block requests based on new properties in the web requests, you can first configure AWS WAF to count the requests that match those properties. This lets you confirm your new configuration settings before you switch your rules to allow or block matching requests.
Run CAPTCHA or challenge checks against requests that match your criteria – You can implement CAPTCHA and silent challenge controls against requests to help reduce bot traffic to your protected resources.
Baseline rule groups – Cover some of the common threats and security risks described in the OWASP Top 10 publication.
Use-case specific rule groups – Provide incremental protection based on your application characteristics, such as the application OS or database.
IP reputation rule groups – An IP reputation list derived from the Amazon threat intelligence team blocks known malicious IP addresses.
After you have identified which threats are applicable for your application, define your baseline criteria for success. If your application does not use a SQL database, you can save WAF capacity units by not adding SQL injection detection rules. AWS recommends that you add WAF rules that are specific to your application’s requirements, because adding unnecessary rules can lead to an increase in false positives.
For existing applications, you may already have visibility into application usage patterns and be looking to block malicious requests identified from previous incidents and observations. Therefore, you may be looking for protections against a specific attack. If you are already using a WAF implementation, you may have a baseline of the average number of requests blocked by the existing WAF rules. In some cases, you may have visibility into the existing rules implemented and you can implement similar rules in AWS WAF.
Comparing AWS managed rules and Custom rules
Depending on your organization’s resources and security culture, you must decide how to implement AWS WAF. You can deploy out-of-the-box AWS Managed Rules sets, create your own custom rules, or use a combination of both. For most applications, AWS recommends starting with the baseline rule groups and the Amazon IP reputation list from the AWS Managed Rules, then selecting application specific rule groups that match the application’s profile.
Governance
You might also have governance requirements to define how to manage and monitor WAF implementations across your organization. In some organizations, WAF configurations are managed centrally by a security team. In this case, the security team must audit and ensure that WAF is configured correctly across resources managed by application teams. In other organizations, WAF configuration and deployment is managed by the application teams so that the WAF rules deployed can be specific to the protected application.
To simplify centralized management of AWS WAF
To defend against application layer attacks requires you to implement an architecture that allows you to specifically detect, scale to absorb, and block malicious requests. This is an important consideration because network-based DDoS mitigation systems are generally ineffective at mitigating complex application layer attacks.
When your application runs on AWS, you can leverage both Amazon CloudFront and AWS WAF to help defend against application layer DDoS attacks.
Amazon CloudFront allows you to cache static content and serve it from AWS edge locations, which can help reduce the load on your origin. It can also help reduce server load by preventing non-web traffic from reaching your origin. Additionally, CloudFront can automatically close connections from slow reading or slow writing attackers (for example, Slowloris).
By using AWS WAF, you can configure web access control lists (Web ACLs) on your CloudFront distributions or Application Load Balancers to filter and block requests based on request signatures. Each Web ACL consists of rules that you can configure to string match or regex match one or more request attributes, such as the URI, query string, HTTP method, or header key. In addition, by using AWS WAF's rate-based rules, you can automatically block the IP addresses of bad actors when requests matching a rule exceed a threshold that you define. This is useful for mitigating HTTP flood attacks that are disguised as regular web traffic.
In addition to using AWS WAF, AWS recommends reviewing AWS Shield Advanced which detects application layer attacks such as HTTP floods or DNS query floods by baselining traffic on your application and identifying anomalies. With the assistance of the Shield Response Team (SRT), AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for network layer (Layer 3) and transport layer (Layer 4) attacks, but also for application layer (Layer 7) attacks
AWS Shield Standadrd - All AWS customers benefit from the automatic protection of Shield Standard, at no additional charge. Shield Standard defends against the most common, frequently occurring network and transport layer DDoS attacks that target your website or applications.
AWS Shield Advanced is a managed service that helps you protect your application against external threats, like DDoS attacks, volumetric bots, and vulnerability exploitation attempts. For higher levels of protection against attacks, you can subscribe to AWS Shield Advanced.
Use AWS Firewall Manager to deploy protection at scale in AWS Organizations | AWS Security Blog (amazon.com)
Use AWS Firewall Manager to deploy protection at scale in AWS Organizations | AWS Security Blog (amazon.com)
AWS Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced, Amazon VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. With Firewall Manager, you set up your protections just once and the service automatically applies them across your accounts and resources, even as you add new accounts and resources.
Firewall Manager provides these benefits:
Helps to protect resources across accounts
Helps to protect all resources of a particular type, such as all Amazon CloudFront distributions
Helps to protect all resources with specific tags
Automatically adds protection to resources that are added to your account
Allows you to subscribe all member accounts in an AWS Organizations organization to AWS Shield Advanced, and automatically subscribes new in-scope accounts that join the organization
Allows you to apply security group rules to all member accounts or specific subsets of accounts in an AWS Organizations organization, and automatically applies the rules to new in-scope accounts that join the organization
Lets you use your own rules, or purchase managed rules from AWS Marketplace
Firewall Manager is particularly useful when you want to protect your entire organization rather than a small number of specific accounts and resources, or if you frequently add new resources that you want to protect. Firewall Manager also provides centralized monitoring of DDoS attacks across your organization.
AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. As new applications are created, Firewall Manager makes it easier to bring new applications and resources into compliance by enforcing a common set of security rules.