Before delving into the configuration of AWS network protection services, it’s helpful to have a comprehensive understanding of what these services are and their purpose.
AWS WAF (Web Application Firewall) helps to protect your applications from common vulnerabilities like SQL injection and Cross-Site Scripting (XSS) attacks. It does this by allowing you to configure rules that allow, block, or monitor web requests based on conditions you define. For example, you can create a rule to block all requests from a specific IP address.
On the other hand, AWS Shield provides two levels of protection: Shield Standard and Shield Advanced. Shield Standard protects against most common DDoS attacks and is automatically included with Route 53 and CloudFront at no extra cost. Shield Advanced provides additional DDoS mitigation capabilities, cost protection, and 24/7 DDoS response team (DRT) access, perfect for more severe threats.
Part 2: Configuring AWS WAF
Configuration of AWS WAF primarily involves the creation of web ACLs (Access Control Lists) and the setting of conditions and rules. Below, we’ll go through a step-by-step example of how to set up a web ACL to block requests from a specific IP address.
- Step 1: Head over to the AWS Management Console and navigate to the AWS WAF section. Click on “Create web ACL”.
- Step 2: Define your ACL properties including the name, resource type, and AWS resource.
- Step 3: Now we create a rule. Click on “Add my own rules and rule groups”.
- Step 4: Set the rule details. Give the rule a name, set the rule type as “Regular rule”, and the if-statement as “If a request originates from a country”.
- Step 5: Set the country from which you want to block requests. Click on “Add countries” and select the desired countries. Set the “Then” condition to “Block”.
- Step 6: Review and create the web ACL. All incoming requests from the set countries will now be blocked.
Part 3: Configuring AWS Shield
The implementation of AWS Shield is relatively straightforward, especially for the Standard level that requires no specific configuration. For Shield Advanced, you’ll need to apply in the AWS Management Console.
- Step 1: Navigate to the AWS Shield section in the AWS Management Console and click on “Get Started with AWS Shield Advanced”.
- Step 2: Select the resources you want to protect with AWS Shield Advanced. You can add more resources later as necessary.
- Step 3: Review and activate AWS Shield Advanced.
- Step 4: If you want to use AWS WAF along with Shield Advanced, you can navigate back to AWS WAF and create web ACLs for your Shield-protected resources, just as we did in the previous example.
In conclusion, AWS provides robust tools for network protection with AWS WAF and AWS Shield, both of which are invaluable for a sysOps administrator. Understanding, configuring, and managing these services is not only key to passing the AWS Certified SysOps Administrator – Associate (SOA-C02) exam but also to maintaining the security and integrity of web applications.
Practice Test
True or False: AWS WAF is a web application firewall that helps protect your web applications from common web-based exploits.
- Answer: True
Explanation: AWS WAF protects your web applications by monitoring HTTP and HTTPS requests coming to your web app. It helps to stop common web attacks by using rules that filter out malicious traffic.
AWS Shield is a managed service that provides protection for what?
- A. Applications hosted on-premises
- B. Applications running on AWS
- C. Both A and B
Answer: C. Both A and B
Explanation: AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS and on-premises.
True or False: Data at rest in an AWS region is not protected by AWS Shield.
- Answer: True
Explanation: AWS Shield protects applications against DDoS attacks, and those are typically directed at running applications, not data at rest.
With AWS WAF you can filter requests based on what?
- A. IP addresses
- B. HTTP headers
- C. URI strings
- D. All of the above
Answer: D. All of the above
Explanation: AWS WAF allows you to filter requests based on IP addresses, HTTP headers, and URI strings so that you can block, allow, or monitor (count) calls.
True or False: AWS Shield Advanced provides cost protection, which can help to cover extra data transfer or Amazon CloudWatch charges due to a DDoS attack.
- Answer: True
Explanation: One of the additional features of AWS Shield Advanced is cost protection, which provides financial protection by covering extra costs incurred during a DDoS attack.
True or False: AWS WAF cannot protect against SQL injection attacks.
- Answer: False
Explanation: AWS WAF helps to protect against common web exploits that could affect application availability, compromise security, or consume excessive resources, including SQL injection attacks.
AWS WAF is designed to protect which of the following?
- A. Amazon CloudFront distributions
- B. Amazon API Gateway APIs
- C. AWS App Runner services
- D. All of the above
Answer: D. All of the above
Explanation: AWS WAF can be utilized to protect Amazon CloudFront distributions, Amazon API Gateway APIs, as well as AWS App Runner services.
True or False: AWS Shield should be used for managing access to your AWS resources.
- Answer: False
Explanation: AWS Shield is specifically designed for DDoS protection. For managing access to AWS resources, you would use services like AWS Identity and Access Management (IAM).
Invoking an AWS WAF protection requires manual coding.
- Answer: False
Explanation: AWS WAF is designed with a simple web ACL (Access Control List) wizard that creates web ACLs with a few clicks, no manual coding is required.
AWS Shield only protects AWS services. Non-AWS services cannot be protected using AWS Shield.
- Answer: False
Explanation: While AWS Shield is designed to protect applications running on AWS, it also extends DDoS protection to applications running on-premises or in other non-AWS environments when they use AWS Global Accelerator or Amazon CloudFront.
Interview Questions
What is AWS WAF?
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excess resources.
How can AWS WAF help in securing an application?
AWS WAF gives control over which traffic to allow or block to your applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency.
What benefits can you expect from AWS Shield?
With AWS Shield, you can expect cost-effective protection against larger and more sophisticated attacks, global threat intelligence, and easy to use incident management and reporting.
How is AWS WAF integrated with other AWS services?
AWS WAF is integrated with Amazon CloudFront and the Application Load Balancer, services that AWS customers commonly use to deliver content for their websites and applications.
Can AWS shield be used without AWS WAF?
Yes, AWS Shield can be used independently from AWS WAF. However, combining both services will provide improved security by adding an additional layer of protections against more sophisticated attacks at the application layer.
What are the pricing models of AWS WAF and AWS shield?
Both AWS WAF and AWS Shield are a pay-as-you-go service, meaning you only pay for what you use.
What are the two levels of AWS shield service?
AWS Shield comes in two levels of service: AWS Shield Standard and AWS Shield Advanced. Shield Standard is automatically included to all AWS customers at no additional cost. Shield Advanced provides additional DDoS mitigation capabilities, cost protection, and 24/7 DDoS response team (DRT) access.
How can AWS Shield protect against larger and more complex attacks?
AWS Shield Advanced provides advanced threat intelligence and 24/7 access to DDoS response team (DRT), allowing sophisticated analysis of larger and more complex attacks and deployment of appropriate mitigation measures.
What is a web ACL in AWS WAF?
A web access control list (ACL) is a list of rules that you can configure and use to block or allow requests. It can be associated with one or more AWS resources, and each rule includes conditions, actions, and a priority.
How can rate-based rules be used in AWS WAF?
You can use rate-based rules to protect against brute-force login attempts by defining a maximum number of allow or block requests from a single IP address within a 5-minute period.
Can AWS WAF detect and block SQL injection and cross-site scripting attacks?
Yes, AWS WAF can identify patterns of SQL injection and cross-site scripting (XSS) attacks, and can block such requests based on rules defined in a web ACL.
How frequently can WAF rules be updated?
WAF rules can be updated as often as needed, and changes are propagated globally in minutes, providing the flexibility to evolve defence measures and respond quickly to new or changing threats.
What is AWS Firewall Manager?
AWS Firewall Manager is a security management service which allows you to centrally configure and manage AWS WAF rules across your accounts and applications.
What benefits does AWS Firewall Manager provide?
AWS Firewall Manager simplifies your AWS WAF administration by enabling you to deploy rules and protections across multiple accounts and resources with a single interface. It also ensures that new and existing applications and content follow a set of predefined security rules.