What is AWS Web Application Firewall (WAF)
AWS Web Application Firewall (WAF)
Although, those port numbers can be changed. But as a result, even if we're using HTTPS, there are still some common vulnerabilities for HTTP-based applications.
Here we're looking at a screenshot of cve.mitre.org
A page appears with the heading HTTP Common Vulnerabilities and Exposures. It contains a screenshot of the CVE page.
It contains a toolbar with the following tabs:· Downloads
· Data Feeds
· Update a CVE Record
· Request CVE IDs
Below, it contains a list of Search Results. It further contains the following columns. CVE stands for Common Vulnerabilities and Exposures. The great thing about this site is it is constantly kept up-to-date with the latest security threats related to HTTP applications.
Whether it's for a plugin, whether it's for some kind of a tax strategy like cross-site request forgeries, otherwise, known as CSRFs, of which we have numerous listings here in our screenshot.
As an IT technician, if part of your job is to keep up-to-date with security as it relates to HTTP attacks, this would be something you would be very interested in keeping track of all of the time. And that's where a Web Application Firewall or a WAF comes in. Web Application Firewalls are nothing new, they've been around for a while. You might be already running some on-premises in the form of hardware or software appliances, or running them in the cloud already. But we have a Web Application Firewall solution available in Amazon Web Services. It's designed as every web application firewall is, to intercept requests to HTTP-based applications and API calls, looking for common types of security threats like SQL injection attacks, cross-site scripting attacks, directory traversal, and many many more. Web Application Firewalls will normally use the OWASP Top 10 with a pre-configured rule set.
OWASP is the Open Web Application Security Project. This is a worldwide non-profit collection of security experts that compile a list every few years of the 10 most serious web application threats. And so, many Web Application Firewalls use that as a framework upon which to build rule sets to look for these types of threats coming into web applications they are protecting. In Amazon Web Services, using the AWS WAF means that you can associate it with EC2 instances. You can associate it with the Amazon API Gateway if you're building a lot of web services that will be called programmatically. You can even associate a Web Application Firewall with the CloudFront distribution if you're using that to push content near users globally where they are.
AWS WAF Features
You can even use Web Application Firewalls with Application Load Balancers, which, of course, would serve as the client connection point to a web application. And you don't have to do this from the Web Application Firewall side, you could actually go into the Cloud Front console and configure your distribution to be associated with a Web Application Firewall. Some of the features of a Web Application Firewall would be, of course, web traffic filtering. Not based on things like IP addresses, but a lot more than that, HTTP headers, and the body of the transmission. You might recall we talked about the OSI model earlier, the 7-layer conceptual model. A standard packet filter works up to and including layer 4, the transport layer. So, we can look at layer 3, IP addresses. It can look at layer 4, port number addresses.
But a Web Application Firewall is considered a layer 7 type of solution because it can go right into the detail of an HTTP request to examine it, to determine if it's a potential security threat or not. The AWS WAF also allows for rate limiting to limit the amount of traffic being flooded to a web app, which could be indicative of some kind of a form of a denial-of-service attack. It can also block known bot traffic. Bot is short for robot. A botnet is a collection of computers that are infected and under malicious user control, where the malicious user could direct that collection of machines, that botnet to attack a network or flood it with useless traffic, for example. Thus, preventing legitimate access to an app. The Web Application Firewall also has a lot of other things built in, including fraud control, preventing login page attacks. And also monitoring with specific metrics looking for HTTP security incidents that end up showing up in Cloud Watch.
Pictured shown below on the screen, we have a screenshot of a Web Application Firewall rule group, which as you might guess is a collection of rules. Some of the rule groups shown here include things like Account takeover prevention, Bot control, Admin protection, using the Amazon IP reputation list, and we've got a slider Action button
A ScreenShot above appears with the heading WAF Rules. An AWS screenshot appears.
The left pane displays the following steps:
Step 1: Add rules and rule groups: Add managed rule groups,Step 2: Set rule priority,
Step 3: Configure metrics
Step 4: Review and create web ACL.
The main pane appears with the heading: AWS managed rule groups.
It consists of Two sections:
Paid rule groupsFree rule groups.
The first section contains the following options: Account takeover prevention and Bot Control. The second section contains the following options: Admin protection and Amazon IP reputation list.
AWS Firewall Manager
where we could choose to Add it to a web ACL. Now, you can also create a centralized set of rules that you can actually then have applied to multiple web applications so that you wouldn't have to keep reconfiguring the same thing over and over if you need to protect multiple web apps. The AWS Firewall Manager is designed so that you can deploy the AWS Firewall to ensure that you're compliant with standard security rules. And the way that, that works is that it's possible because you have a centralized way with the Firewall Manager to manage multiple Web Application Firewall deployments, either in the same AWS account or if your organization uses multiple AWS accounts, you can even use the Firewall Manager to manage your Web application Firewall settings across AWS accounts.
No comments