SlideShare uma empresa Scribd logo

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

Amazon Web Services
Amazon Web Services

Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. This session will show you how to use Lambda functions to automate event response and integrate with your security operations tools. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as Amazon Virtual Private Cloud, Amazon Web Application Firewall, Amazon Shield, and more. You will also learn how to monitor and gain deep visibility into your AWS environment by using highly-scaled solutions such as AWS CloudTrail and AWS CloudWatch.

Tecnologia
1 de 41
Baixar para ler offline
© 2017 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cameron Worrell & Brittany Doncaster August 14, 2017 Advanced Techniques for DDoS Mitigation and Web Application Defense
What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
Types of Threats Bad BotsDDoS Application Attacks Reflection Layer 4 floods Slowloris SSL abuse HTTP floods Amplification Content scrapers Scanners & probes CrawlersApplication Layer Network / Transport Layer SQL injection Application exploits
DDoS Threats Network / Transport Layer DDoS
DDoS Threats Application DDoS Good users Bad guys Web server Database
Application Threats Good users Bad guys Web server Database Exploit code SQL injectionXSS
Bad Bot Threats Good users Bad guys Web server Database Steal premium content
What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
Types of Threats Bad BotsDDoS Application Attacks Reflection Layer 4 floods Slowloris SSL abuse HTTP floods Amplification Content scrapers Scanners & probes Crawlers SQL injection Application exploits Social engineering Sensitive data exposureApplication Layer Network / Transport Layer AWS Shield
Benefits of AWS Shield AWS Integration DDoS protection without infrastructure changes Affordable Don’t force unnecessary trade-offs between cost and availability Flexible Customize protections for your applications Always-On Detection and Mitigation Minimize impact on application latency
AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional protections, features and benefits.
AWS Shield Standard Layer 3/4 protection  Automatic detection & mitigation  Protection from most common attacks (SYN/UDP Floods, Reflection Attacks, etc.)  Built into AWS services Layer 7 protection  AWS WAF for Layer 7 DDoS attack mitigation  Self-service & pay-as-you-go Automatic Protection against 96% of Layer 3/4 attacks Available globally on all Internet-facing AWS services
AWS Shield Advanced Additional Detection & Monitoring Protection Against Large DDoS Attacks Visibility Into Attack Detection & Mitigation AWS WAF at No Additional Cost 24X7 DDoS Response Team Cost Protection (Absorb DDoS Scaling Cost)
AWS Shield Advanced Multi-Layered Mitigation Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet-Layer Mitigations DDoS DDoS Response Team Effective Against: • Large-Scale Attack Effective Against: • SYN Floods • Reflection Attacks • Suspicious Sources Effective Against: • SSL Attacks • Slowloris • Malformed HTTP Effective Against: • HTTP Floods • Bad Bots • Suspicious IPs Effective Against: • Sophisticated Layer 7 attacks
AWS Shield Advanced Application Load Balancer Classic Load Balancer Amazon CloudFront Amazon Route 53 Available on ...  Northern Virginia (us-east-1)  N. California (us-west-1)  Oregon (us-west-2)  Ireland (eu-west-1)  Tokyo (ap-northeast-1) In the following regions ...
Shield Demo
What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
 Private IP space in AWS  Familiar networking model  Customer-defined networking logic  Strong security controls What customers asked for…
Key Features of VPC Choosing an address range Setting up subnets in Availability Zones Creating a route to the Internet Authorizing traffic to/from the VPC
Private Subnet (Web Tier) Private Subnet (App Tier) Traditional Approach Public Subnet SG-Web SG-App SG-Web SG-Web SG-App SG-App 10.0.2.0/24 10.0.1.0/24 10.0.3.0/24 SG-ALB Allow all traffic Allow 10.0.2.0/24 Allow 10.0.1.0/24
Private Subnet (Web Tier) Private Subnet (App Tier) Cloud Approach Public Subnet SG-Web SG-App SG-Web SG-Web SG-App SG-App 10.0.2.0/24 10.0.1.0/24 10.0.3.0/24 SG-ALB Allow CloudFront IP Ranges only Allow SG-Web only Allow SG-ALB only
Security Groups + CloudFront IP ranges Blog Post here -> http://amzn.to/2fj4Q8e IP-ranges.json SG-ALB Amazon SNS AWS Lambda
VPC Demo SG-ALB CloudFront users
What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
Challenges of Web Application Firewalls Setup is complex and slow Too many false positives Limited APIs for automation Expensive to implement and maintain
AWS WAF Fast Incident Response Preconfigured Protection APIs for Automation Flexible Rule Language A web application firewall designed to help you defend against common web application exploits
What is AWS WAF? Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning
How does AWS WAF protect you? Security Automations Preconfigured Protections Highly Flexible Rule Language
Highly Flexible Rule Language  Quick Incident Response  Mitigations in < ~1 Min  Inspect Any Part of the Request Security Automations Preconfigured Protections Highly Flexible Rule Language
Highly Flexible Rule Language  Rate-Based Rules  Built-in blacklist IPs  Monitor and Alarm  Use with Conditions Security Automations Preconfigured Protections Highly Flexible Rule Language
AWS WAF Demo-1 HTTP floods (Rated-based Rules)
Preconfigured Protections – Common Attacks HTTP floods (Rated- based Rules) Scanners and probes SQL injection Bots and scrapers IP reputation lists Cross-site scripting Security Automations Preconfigured Protections Highly Flexible Rules Engine
Preconfigured Protections – Common Attacks You can get started quickly with built-in rules based on common use-cases. CloudFormation template AWS WAF Configuration Security Automations Preconfigured Protections Highly Flexible Rules Engine http://bit.ly/2tgpoEj
Preconfigured Protections – OWASP 10 A1: Injection A2: Broken Authentication and Session Management A3: Cross-Site Scripting (XSS) A4: Broken Access Control (New) A5: Security Misconfiguration A6: Sensitive Data Exposure A7: Insufficient AttackProtection (new) A8: Cross-Site Request Forgery A9: Using Components with Known Vulnerabilities A10: Underprotected APIs (New) Security Automations Preconfigured Protections Highly Flexible Rules Engine Whitepaper + CloudFormation template http://bit.ly/2t503Su
Security Automations Security Automations Preconfigured Protections Highly Flexible Rules Engine Automated anomaly detection that you can take action on using Lambda functions.  Dynamic Rules Based on Anomaly  Using Lambda & Service Logs
Security Automations Traditional incident responseAutomated incident response Next-generation incident response Security Automations Preconfigured Protections Highly Flexible Rules Engine
Demo Architecture
AWS WAF Demo-2 Security Automations - Bots and scrapers
Takeaways • AWS Shield for DDoS protection and mitigation • VPC to limit public-facing components • AWS WAF for protection from Layer 7 attacks
Thank you!

Recomendados

Advanced Techniques for DDOS Mitigation and Web Application Defense
Advanced Techniques for DDOS Mitigation and Web Application DefenseAdvanced Techniques for DDOS Mitigation and Web Application Defense
Advanced Techniques for DDOS Mitigation and Web Application DefenseAmazon Web Services
 
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...Amazon Web Services
 
SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentAmazon Web Services
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
NEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeNEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeAmazon Web Services
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
 
SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentAmazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 

Recomendados

Advanced Techniques for DDOS Mitigation and Web Application Defense
Advanced Techniques for DDOS Mitigation and Web Application DefenseAdvanced Techniques for DDOS Mitigation and Web Application Defense
Advanced Techniques for DDOS Mitigation and Web Application DefenseAmazon Web Services
 
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...Amazon Web Services
 
SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentAmazon Web Services
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
NEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeNEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeAmazon Web Services
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
 
SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentAmazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Amazon Web Services
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Amazon Web Services
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation OptionsAmazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseSEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017Amazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyAmazon Web Services
 
IAM Best Practices to Live By - Pop-up Loft Tel Aviv
IAM Best Practices to Live By - Pop-up Loft Tel AvivIAM Best Practices to Live By - Pop-up Loft Tel Aviv
IAM Best Practices to Live By - Pop-up Loft Tel AvivAmazon Web Services
 
網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Get Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSGet Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSAmazon Web Services
 
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseSEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Amazon Web Services
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Amazon Web Services
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation OptionsAmazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseSEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017Amazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyAmazon Web Services
 
IAM Best Practices to Live By - Pop-up Loft Tel Aviv
IAM Best Practices to Live By - Pop-up Loft Tel AvivIAM Best Practices to Live By - Pop-up Loft Tel Aviv
IAM Best Practices to Live By - Pop-up Loft Tel AvivAmazon Web Services
 
網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Get Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSGet Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSAmazon Web Services
 
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 

Mais procurados (20)

Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - Toronto
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and Archive
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 Threats
 
Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFront
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
 
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseSEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017
 
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
 
IAM Best Practices to Live By - Pop-up Loft Tel Aviv
IAM Best Practices to Live By - Pop-up Loft Tel AvivIAM Best Practices to Live By - Pop-up Loft Tel Aviv
IAM Best Practices to Live By - Pop-up Loft Tel Aviv
 
網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
 
Get Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSGet Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWS
 
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS
High Performance MongoDB Clusters with Amazon EBS Provisioned IOPS
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAF
 

Semelhante a SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseSEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Amazon Web Services
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceAmazon Web Services
 
Announcing AWS Shield - Protect Web Applications from DDoS Attacks
Announcing AWS Shield - Protect Web Applications from DDoS AttacksAnnouncing AWS Shield - Protect Web Applications from DDoS Attacks
Announcing AWS Shield - Protect Web Applications from DDoS AttacksAmazon Web Services
 
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Amazon Web Services
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationAmazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)Amazon Web Services
 
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksCloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksAmazon Web Services
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
 
Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF ResponseAmazon Web Services
 
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionRadware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionAndy Ellis
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Introduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationIntroduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationAmazon Web Services
 
Cloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack MitigationCloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack MitigationAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsBela Sojina MBA, PMP
 
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesAmazon Web Services
 

Semelhante a SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense (20)

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseSEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
 
Announcing AWS Shield - Protect Web Applications from DDoS Attacks
Announcing AWS Shield - Protect Web Applications from DDoS AttacksAnnouncing AWS Shield - Protect Web Applications from DDoS Attacks
Announcing AWS Shield - Protect Web Applications from DDoS Attacks
 
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS Protection
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
 
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksCloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
 
Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF Response
 
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionRadware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF Service
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Introduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationIntroduction to Threat Detection and Remediation
Introduction to Threat Detection and Remediation
 
Cloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack MitigationCloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack Mitigation
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
 
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

  • 1. © 2017 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cameron Worrell & Brittany Doncaster August 14, 2017 Advanced Techniques for DDoS Mitigation and Web Application Defense
  • 2. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  • 3. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  • 4. Types of Threats Bad BotsDDoS Application Attacks Reflection Layer 4 floods Slowloris SSL abuse HTTP floods Amplification Content scrapers Scanners & probes CrawlersApplication Layer Network / Transport Layer SQL injection Application exploits
  • 5. DDoS Threats Network / Transport Layer DDoS
  • 6. DDoS Threats Application DDoS Good users Bad guys Web server Database
  • 7. Application Threats Good users Bad guys Web server Database Exploit code SQL injectionXSS
  • 8. Bad Bot Threats Good users Bad guys Web server Database Steal premium content
  • 9. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  • 10. Types of Threats Bad BotsDDoS Application Attacks Reflection Layer 4 floods Slowloris SSL abuse HTTP floods Amplification Content scrapers Scanners & probes Crawlers SQL injection Application exploits Social engineering Sensitive data exposureApplication Layer Network / Transport Layer AWS Shield
  • 11. Benefits of AWS Shield AWS Integration DDoS protection without infrastructure changes Affordable Don’t force unnecessary trade-offs between cost and availability Flexible Customize protections for your applications Always-On Detection and Mitigation Minimize impact on application latency
  • 12. AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional protections, features and benefits.
  • 13. AWS Shield Standard Layer 3/4 protection  Automatic detection & mitigation  Protection from most common attacks (SYN/UDP Floods, Reflection Attacks, etc.)  Built into AWS services Layer 7 protection  AWS WAF for Layer 7 DDoS attack mitigation  Self-service & pay-as-you-go Automatic Protection against 96% of Layer 3/4 attacks Available globally on all Internet-facing AWS services
  • 14. AWS Shield Advanced Additional Detection & Monitoring Protection Against Large DDoS Attacks Visibility Into Attack Detection & Mitigation AWS WAF at No Additional Cost 24X7 DDoS Response Team Cost Protection (Absorb DDoS Scaling Cost)
  • 15. AWS Shield Advanced Multi-Layered Mitigation Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet-Layer Mitigations DDoS DDoS Response Team Effective Against: • Large-Scale Attack Effective Against: • SYN Floods • Reflection Attacks • Suspicious Sources Effective Against: • SSL Attacks • Slowloris • Malformed HTTP Effective Against: • HTTP Floods • Bad Bots • Suspicious IPs Effective Against: • Sophisticated Layer 7 attacks
  • 16. AWS Shield Advanced Application Load Balancer Classic Load Balancer Amazon CloudFront Amazon Route 53 Available on ...  Northern Virginia (us-east-1)  N. California (us-west-1)  Oregon (us-west-2)  Ireland (eu-west-1)  Tokyo (ap-northeast-1) In the following regions ...
  • 18. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  • 19.  Private IP space in AWS  Familiar networking model  Customer-defined networking logic  Strong security controls What customers asked for…
  • 20. Key Features of VPC Choosing an address range Setting up subnets in Availability Zones Creating a route to the Internet Authorizing traffic to/from the VPC
  • 21. Private Subnet (Web Tier) Private Subnet (App Tier) Traditional Approach Public Subnet SG-Web SG-App SG-Web SG-Web SG-App SG-App 10.0.2.0/24 10.0.1.0/24 10.0.3.0/24 SG-ALB Allow all traffic Allow 10.0.2.0/24 Allow 10.0.1.0/24
  • 22. Private Subnet (Web Tier) Private Subnet (App Tier) Cloud Approach Public Subnet SG-Web SG-App SG-Web SG-Web SG-App SG-App 10.0.2.0/24 10.0.1.0/24 10.0.3.0/24 SG-ALB Allow CloudFront IP Ranges only Allow SG-Web only Allow SG-ALB only
  • 23. Security Groups + CloudFront IP ranges Blog Post here -> http://amzn.to/2fj4Q8e IP-ranges.json SG-ALB Amazon SNS AWS Lambda
  • 25. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  • 26. Challenges of Web Application Firewalls Setup is complex and slow Too many false positives Limited APIs for automation Expensive to implement and maintain
  • 27. AWS WAF Fast Incident Response Preconfigured Protection APIs for Automation Flexible Rule Language A web application firewall designed to help you defend against common web application exploits
  • 28. What is AWS WAF? Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning
  • 29. How does AWS WAF protect you? Security Automations Preconfigured Protections Highly Flexible Rule Language
  • 30. Highly Flexible Rule Language  Quick Incident Response  Mitigations in < ~1 Min  Inspect Any Part of the Request Security Automations Preconfigured Protections Highly Flexible Rule Language
  • 31. Highly Flexible Rule Language  Rate-Based Rules  Built-in blacklist IPs  Monitor and Alarm  Use with Conditions Security Automations Preconfigured Protections Highly Flexible Rule Language
  • 32. AWS WAF Demo-1 HTTP floods (Rated-based Rules)
  • 33. Preconfigured Protections – Common Attacks HTTP floods (Rated- based Rules) Scanners and probes SQL injection Bots and scrapers IP reputation lists Cross-site scripting Security Automations Preconfigured Protections Highly Flexible Rules Engine
  • 34. Preconfigured Protections – Common Attacks You can get started quickly with built-in rules based on common use-cases. CloudFormation template AWS WAF Configuration Security Automations Preconfigured Protections Highly Flexible Rules Engine http://bit.ly/2tgpoEj
  • 35. Preconfigured Protections – OWASP 10 A1: Injection A2: Broken Authentication and Session Management A3: Cross-Site Scripting (XSS) A4: Broken Access Control (New) A5: Security Misconfiguration A6: Sensitive Data Exposure A7: Insufficient AttackProtection (new) A8: Cross-Site Request Forgery A9: Using Components with Known Vulnerabilities A10: Underprotected APIs (New) Security Automations Preconfigured Protections Highly Flexible Rules Engine Whitepaper + CloudFormation template http://bit.ly/2t503Su
  • 36. Security Automations Security Automations Preconfigured Protections Highly Flexible Rules Engine Automated anomaly detection that you can take action on using Lambda functions.  Dynamic Rules Based on Anomaly  Using Lambda & Service Logs
  • 37. Security Automations Traditional incident responseAutomated incident response Next-generation incident response Security Automations Preconfigured Protections Highly Flexible Rules Engine
  • 39. AWS WAF Demo-2 Security Automations - Bots and scrapers
  • 40. Takeaways • AWS Shield for DDoS protection and mitigation • VPC to limit public-facing components • AWS WAF for protection from Layer 7 attacks