aws meetup aws_waf
TRANSCRIPT
AWS Web Application Firewall
Benefits and Comparison of AWS WAF
Sponsors
Find me on LinkedIn
AWS Certifications
Presented by Adam Book
What is a WAF?
According to OWASP:
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
Why use AWS (or any) WAF?1) Prevent / govern Abuse
Legitimate Users
Nefarious Users
Cloud Server Database
Web spider
Why use AWS (or any) WAF?2) Application DDos
Legitimate Users
Nefarious Users
Cloud Server Database
How do WAFs Work?1) Prevent / govern Abuse
Legitimate Users
Nefarious Users
Cloud Server Database
Setting up the AWS WAF
Elastic Load Balancing
Auto Scaling
Amazon EC2
Amazon CloudFront
AWS WAF
Users
Setting up the AWS WAF
1. Create a web ACL
2. Add a RULE
3. Add Match Conditions
4. Assign to CloudFront
Setting up the AWS WAF
At the simplest level, AWS WAF lets you choose one of the following behaviors
Allow all requests except the ones that you specifyUseful when you want to serve all your content from a public website, but to block attackers.
Block all requests except the ones you specify Useful when you want CloudFront to server content for a restricted website whose users are readily identifiable in a web request (ip address / cookie value)
Count the requests that match the properties that you specifyYou can configure the WAF to count the requests which match certain properties before you start using rules that block / allow the requests.
Setting up the AWS WAF
The first step will be to Name the ACL
Using the Wizard
Setting up the AWS WAF
• IP• String• SQLi
Matching Conditions
Customizing Rules
• AND / OR• Block, allow, or• Ordered conditions
Setting up the AWS WAF
Then we create the match condition
Using the Wizard
Setting up the AWS WAF
We will then add our condition to our
rule
Using the Wizard
Setting up the AWS WAF
Then choose which CloudFront assets to attach the WAF
Using the Wizard
AWS WAF Pricing
Pricing Outline
• $5 Per web ACL, $1 per rule per month
• You can Reuse rules across multiple CloudFront distributions with no additional costs
• $0.60 per million requests• Low monthly minimum
AWS WAF Pricing
Typical Monthly Bill
• Test Environment (1 rule) - $ 6 per month / $72 per year
• Small Site – (6 rules 58M views) - $46 per month / $552 per year
• Medium Site (6 rules 260M views) - $67 per month / $804 per year
No EC2 charges are incurred
Comparative PricingAWS WAF vs other WAF
Typical Monthly Bill
Rules EC2 charge Monthly Yearly
AWS WAF 6 N/A 67 804
Sophos NA 32.21 161.05 1,578.00
Imperva NA 97.36 1010.16 8,927.00
Monthly charge is based off of hourly charge with 24x7x30 Minimum EC2 instance used in calculations
Extra Benefits seen from AWS WAF
Elastic Load Balancing
Auto Scaling
Amazon EC2
Amazon CloudFront
AWS WAF
Users
Unathorized
Benefits of AWS WAF
Additional protection against web attacks which you specify. Condition defined can be of characteristics such as the following:– The IP address that request originates from– The values in the request headers– Strings that appear in the requests– The length of requests– The Presence of SQL code that is likely to be malicious– The presence of a script that is likely to be malicious
Benefits of AWS WAF
• Rules that you can reuse for multiple web applications
• Real time metrics and sampled web requests
• Automated administration using the Web API
Reporting & Logging
• Blocked Web Requests
• Allowed Web Requests
• Counted Web Requests
Adjustments to rules in response to real time analytics
Time period can be adjusted by sliding graph endpoints or with filters
Real Time Metrics (CloudWatch)
Integrating with others
The AWS WAF integrates with the following APIs, SDKs and CLI’s
AWS CLI AWS Tools for
Windows PowerShell
AWS Toolkit for Visual
Studio
AWS Tools for
Windows PowerShell
iOS
AndroidPython (boto)
Ruby
Java
JavaScript
JavaScript
Node.js
Extra Benefits seen from AWS WAF
Elastic Load Balancing
Amazon EC2
Amazon CloudFront
AWS WAF
Usersauthorized
by IP
Unathorized
AmazonRDS
CloudFormationtemplate
goo.gl/WjNTE2
Questions?
Image by http://www.gratisography.com/
Interested in SponsoringAWS Atlanta?
Image by http://www.gratisography.com/