DEV Community

AWS Security Best Practice: Amazon Web Application Firewall

Imagine hosting your application without securing it in any aspect; how long do you think it would survive?

AWS security is essential while using the AWS Cloud for hosting your application. Especially with industries like finance and healthcare working with cloud applications, as they manage sensitive data that must be secured.

That’s why organizations should follow Cloud Security practices to secure the app environment and successfully lift, shift, and operate their business on the cloud.

Security Cloud is a shared responsibility

AWS takes a lot more security accountability. However, users have to take responsibility for access control, audit logging, monitoring, etc. This can ensure that the company can pinpoint the exact problem by analyzing the logs if something goes wrong within the AWS environment.

Even if AWS provides a certain level of protection, it simply cannot cover every aspect of security compliance. It is essential to research yourself to make sure you don’t leave yourself exposed to attackers.

If you have plaintext credentials in environmental variables, AWS can do nothing for you. You have to make sure that you are not using credentials in your applications in plaintext format.

The following are some of the challenges that industries like Financial Services face while using Cloud for application deployment.

🔐 DDOS and DOS Attacks

Distributed Denial of Service(DDOS) or Denial of Service(DOS) attacks affect the functioning of applications by overwhelming the website servers so that they can not respond to legitimate or valid user requests. This can result in loss of reputation, brand, and revenue too.

🔐 Data Breaches

While storing critical or business data on Cloud, there is a risk of data theft. A data breach can be intentional or unintentional and is attributed to hacking or malware attacks.

🔐 Data Privacy or Data Confidentiality

It is one of the major concerns for Financial Service Industries while using Cloud to store their data. On the one hand, it has its advantages. On the other hand, there are concerns related to data breaches, data privacy violations, penalties by data protection regulations for data security failures.

🔐 Sharing of Resources

Cloud is designed so that hardware resources like Memory, Storage, CPU can be shared. While this looks pretty easy, it also has its security issues. This makes it difficult for organizations to ensure that the data is accessed by authorized people only and is not available to others.

One of the AWS Security practices you can implement is the AWS WAF.

A Web Application Firewall that helps protect applications hosted on AWS Cloud against the common web threats that can affect the applications’ availability and security, consume infrastructure resources and lead to slowness and increased resource usage.

WAF can automate security using Lambda to analyze weblogs, identify malicious requests, and automatically update security rules. It can protect against attacks like Cross-site scripting attacks, SQL injection attacks, and Attacks from known wrong IP addresses.

For example, in this diagram, you can see that the valid requests are forwarded to your application deployed in the VPC, whereas requests from the Hacker that match the WAF rules are blocked.

These rules can be a pre-configured template to quickly start with AWS WAF, a set of IPs that exceed request limits and can cause HTTP floods and IPs that can generate bad requests.

AWS Security WAF ClickIT

Read the full blog by ClickIT on AWS Security Best Practices here:

Top comments (0)