Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. This session will show you how to use Lambda functions to automate event response and integrate with your security operations tools. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as Amazon Virtual Private Cloud, Amazon Web Application Firewall, Amazon Shield, and more. You will also learn how to monitor and gain deep visibility into your AWS environment by using highly-scaled solutions such as AWS CloudTrail and AWS CloudWatch.
9. What to expect from this session
Types of Threats AWS Shield AWS VPC AWS WAF
10. Types of Threats
Bad BotsDDoS Application Attacks
Reflection
Layer 4 floods
Slowloris
SSL abuse
HTTP floods
Amplification
Content scrapers
Scanners & probes
Crawlers
SQL injection
Application exploits
Social
engineering
Sensitive data
exposureApplication
Layer
Network /
Transport
Layer
AWS Shield
11. Benefits of AWS Shield
AWS Integration
DDoS protection without
infrastructure changes
Affordable
Don’t force unnecessary
trade-offs between cost and
availability
Flexible
Customize protections
for your applications
Always-On Detection
and Mitigation
Minimize impact on application
latency
12. AWS Shield
Standard Protection Advanced Protection
Available to ALL AWS customers at
No Additional Cost
Paid service that provides additional
protections, features and benefits.
13. AWS Shield Standard
Layer 3/4 protection
Automatic detection & mitigation
Protection from most common
attacks (SYN/UDP Floods, Reflection
Attacks, etc.)
Built into AWS services
Layer 7 protection
AWS WAF for Layer 7 DDoS attack
mitigation
Self-service & pay-as-you-go
Automatic Protection against
96% of Layer 3/4 attacks
Available globally on all Internet-facing AWS services
14. AWS Shield Advanced
Additional Detection & Monitoring
Protection Against Large DDoS Attacks
Visibility Into Attack Detection & Mitigation
AWS WAF at No Additional Cost
24X7 DDoS Response Team
Cost Protection (Absorb DDoS Scaling Cost)
16. AWS Shield Advanced
Application Load Balancer Classic Load Balancer Amazon CloudFront Amazon Route 53
Available on ...
Northern Virginia (us-east-1)
N. California (us-west-1)
Oregon (us-west-2)
Ireland (eu-west-1)
Tokyo (ap-northeast-1)
In the following regions ...
18. What to expect from this session
Types of Threats AWS Shield AWS VPC AWS WAF
19. Private IP space in AWS
Familiar networking model
Customer-defined networking logic
Strong security controls
What customers asked for…
20. Key Features of VPC
Choosing an
address range
Setting up subnets
in Availability Zones
Creating a route to
the Internet
Authorizing traffic
to/from the VPC
21. Private Subnet (Web Tier)
Private Subnet (App Tier)
Traditional Approach
Public Subnet
SG-Web
SG-App
SG-Web SG-Web
SG-App SG-App
10.0.2.0/24
10.0.1.0/24
10.0.3.0/24
SG-ALB
Allow all traffic
Allow 10.0.2.0/24
Allow 10.0.1.0/24
22. Private Subnet (Web Tier)
Private Subnet (App Tier)
Cloud Approach
Public Subnet
SG-Web
SG-App
SG-Web SG-Web
SG-App SG-App
10.0.2.0/24
10.0.1.0/24
10.0.3.0/24
SG-ALB
Allow CloudFront
IP Ranges only
Allow SG-Web
only
Allow SG-ALB
only
23. Security Groups + CloudFront IP ranges
Blog Post here -> http://amzn.to/2fj4Q8e
IP-ranges.json
SG-ALB
Amazon SNS
AWS Lambda
25. What to expect from this session
Types of Threats AWS Shield AWS VPC AWS WAF
26. Challenges of Web Application Firewalls
Setup is complex
and slow
Too many false
positives
Limited APIs for
automation
Expensive to
implement and
maintain
28. What is AWS WAF?
Web traffic filtering
with custom rules
Malicious request
blocking
Active monitoring
and tuning
29. How does AWS WAF protect you?
Security
Automations
Preconfigured Protections
Highly Flexible Rule Language
30. Highly Flexible Rule Language
Quick Incident Response
Mitigations in < ~1 Min
Inspect Any Part of the Request
Security
Automations
Preconfigured
Protections
Highly Flexible Rule Language
31. Highly Flexible Rule Language
Rate-Based Rules
Built-in blacklist IPs
Monitor and Alarm
Use with Conditions
Security
Automations
Preconfigured
Protections
Highly Flexible Rule Language
33. Preconfigured Protections – Common Attacks
HTTP floods (Rated-
based Rules) Scanners and probes
SQL injection
Bots and scrapers
IP reputation lists
Cross-site scripting
Security
Automations
Preconfigured
Protections
Highly Flexible Rules Engine
34. Preconfigured Protections – Common Attacks
You can get started quickly with built-in rules based on
common use-cases.
CloudFormation
template
AWS WAF Configuration
Security
Automations
Preconfigured
Protections
Highly Flexible Rules Engine
http://bit.ly/2tgpoEj