AWS Firewall

Introduction

Amazon Web Services (AWS) offers a variety of security services to protect your applications and data in the cloud. Among these services, AWS provides two types of firewalls: AWS Web Application Firewall (WAF) and AWS Network Firewall. This blog post will provide an in-depth look at these two services, their features, and how they can be used to secure your AWS environment.

AWS Web Application Firewall (WAF)

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. It gives you control over which traffic to allow or block to your web applications by defining customisable web security rules.

Key Features of AWS WAF

• Filter Web Traffic: You can create rules to filter web requests based on conditions such as IP addresses, HTTP headers, and body, or custom URIs.
• Prevent Account Takeover Fraud: AWS WAF can monitor your application’s login page for unauthorised access to user accounts using compromised credentials.
• Administer AWS WAF with APIs: You can create and maintain rules automatically and incorporate them into the development and design process.

AWS Network Firewall

AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you created in Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC.

Key Features of AWS Network Firewall

• Fine-Grained Control Over Network Traffic: With AWS Network Firewall, you can create firewall rules that provide fine-grained control over network traffic.
• Automatically Scale: Your network firewall can automatically scale to protect your managed infrastructure.
• Centrally Manage Security Policies: You can centrally manage security policies across existing accounts and VPC’s and automatically enforce mandatory policies on new accounts.
• Deep Packet Inspection: AWS Network Firewall provides deep packet inspection, which allows it to examine the data part of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs further inspection.
• Intrusion Prevention System: AWS Network Firewall’s intrusion prevention system (IPS) provides active traffic flow inspection so you can identify and block vulnerability exploits using signature-based detection.
• Domain Name Filtering: AWS Network Firewall offers domain name filtering that can stop traffic to known-bad URLs and monitor fully qualified domain names.
• AWS Firewall Manager: AWS Firewall Manager is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organisations.

AWS Shield

In addition to AWS WAF and AWS Network Firewall, AWS Shield is an essential part of Amazon's security offerings. It's a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS.

Key Features of AWS Shield

• DDoS Protection: AWS Shield helps protect your applications against the most common and frequently occurring DDoS attacks by continuously monitoring incoming traffic and automatically mitigating DDoS attacks when detected.
• Layer 3 and Layer 4 Protection: It provides protection against volumetric and state-exhaustion DDoS attacks at the network and transport layers.
• Managed Service: AWS Shield is a fully managed service, which means that AWS automatically handles the detection and mitigation of DDoS attacks, allowing you to focus on your applications without worrying about infrastructure-level attacks.
• Integrated with AWS: AWS Shield is tightly integrated with other AWS services, including AWS CloudFront, AWS Global Accelerator, and Amazon Route 53, providing comprehensive protection for your applications deployed on these services.
• Advanced Protection (AWS Shield Advanced): For additional protection, AWS Shield Advanced offers enhanced DDoS protection, including access to 24/7 DDoS response team (DRT) support and protection against more sophisticated and larger DDoS attacks. By incorporating AWS Shield into your security strategy alongside AWS WAF and AWS Network Firewall, you can establish a comprehensive defense against various types of threats and attacks, ensuring the resilience and availability of your applications and data in the AWS cloud.

Conclusion

Both AWS WAF and AWS Network Firewall offer robust security features to protect your applications and data in the AWS cloud. By understanding these services and how to use them effectively, you can enhance the security posture of your AWS environment.

Remember, security is a shared responsibility. While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Therefore, leveraging tools like AWS WAF and AWS Network Firewall is crucial for protecting your applications and data.