Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

189 visualizaciones

Publicado el

Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. This session will show you how to use Lambda functions to automate event response and integrate with your security operations tools. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as Amazon Virtual Private Cloud, Amazon Web Application Firewall, Amazon Shield, and more. You will also learn how to monitor and gain deep visibility into your AWS environment by using highly-scaled solutions such as AWS CloudTrail and AWS CloudWatch.

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

  1. 1. © 2017 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cameron Worrell & Brittany Doncaster August 14, 2017 Advanced Techniques for DDoS Mitigation and Web Application Defense
  2. 2. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  3. 3. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  4. 4. Types of Threats Bad BotsDDoS Application Attacks Reflection Layer 4 floods Slowloris SSL abuse HTTP floods Amplification Content scrapers Scanners & probes CrawlersApplication Layer Network / Transport Layer SQL injection Application exploits
  5. 5. DDoS Threats Network / Transport Layer DDoS
  6. 6. DDoS Threats Application DDoS Good users Bad guys Web server Database
  7. 7. Application Threats Good users Bad guys Web server Database Exploit code SQL injectionXSS
  8. 8. Bad Bot Threats Good users Bad guys Web server Database Steal premium content
  9. 9. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  10. 10. Types of Threats Bad BotsDDoS Application Attacks Reflection Layer 4 floods Slowloris SSL abuse HTTP floods Amplification Content scrapers Scanners & probes Crawlers SQL injection Application exploits Social engineering Sensitive data exposureApplication Layer Network / Transport Layer AWS Shield
  11. 11. Benefits of AWS Shield AWS Integration DDoS protection without infrastructure changes Affordable Don’t force unnecessary trade-offs between cost and availability Flexible Customize protections for your applications Always-On Detection and Mitigation Minimize impact on application latency
  12. 12. AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional protections, features and benefits.
  13. 13. AWS Shield Standard Layer 3/4 protection  Automatic detection & mitigation  Protection from most common attacks (SYN/UDP Floods, Reflection Attacks, etc.)  Built into AWS services Layer 7 protection  AWS WAF for Layer 7 DDoS attack mitigation  Self-service & pay-as-you-go Automatic Protection against 96% of Layer 3/4 attacks Available globally on all Internet-facing AWS services
  14. 14. AWS Shield Advanced Additional Detection & Monitoring Protection Against Large DDoS Attacks Visibility Into Attack Detection & Mitigation AWS WAF at No Additional Cost 24X7 DDoS Response Team Cost Protection (Absorb DDoS Scaling Cost)
  15. 15. AWS Shield Advanced Multi-Layered Mitigation Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet-Layer Mitigations DDoS DDoS Response Team Effective Against: • Large-Scale Attack Effective Against: • SYN Floods • Reflection Attacks • Suspicious Sources Effective Against: • SSL Attacks • Slowloris • Malformed HTTP Effective Against: • HTTP Floods • Bad Bots • Suspicious IPs Effective Against: • Sophisticated Layer 7 attacks
  16. 16. AWS Shield Advanced Application Load Balancer Classic Load Balancer Amazon CloudFront Amazon Route 53 Available on ...  Northern Virginia (us-east-1)  N. California (us-west-1)  Oregon (us-west-2)  Ireland (eu-west-1)  Tokyo (ap-northeast-1) In the following regions ...
  17. 17. Shield Demo
  18. 18. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  19. 19.  Private IP space in AWS  Familiar networking model  Customer-defined networking logic  Strong security controls What customers asked for…
  20. 20. Key Features of VPC Choosing an address range Setting up subnets in Availability Zones Creating a route to the Internet Authorizing traffic to/from the VPC
  21. 21. Private Subnet (Web Tier) Private Subnet (App Tier) Traditional Approach Public Subnet SG-Web SG-App SG-Web SG-Web SG-App SG-App 10.0.2.0/24 10.0.1.0/24 10.0.3.0/24 SG-ALB Allow all traffic Allow 10.0.2.0/24 Allow 10.0.1.0/24
  22. 22. Private Subnet (Web Tier) Private Subnet (App Tier) Cloud Approach Public Subnet SG-Web SG-App SG-Web SG-Web SG-App SG-App 10.0.2.0/24 10.0.1.0/24 10.0.3.0/24 SG-ALB Allow CloudFront IP Ranges only Allow SG-Web only Allow SG-ALB only
  23. 23. Security Groups + CloudFront IP ranges Blog Post here -> http://amzn.to/2fj4Q8e IP-ranges.json SG-ALB Amazon SNS AWS Lambda
  24. 24. VPC Demo SG-ALB CloudFront users
  25. 25. What to expect from this session Types of Threats AWS Shield AWS VPC AWS WAF
  26. 26. Challenges of Web Application Firewalls Setup is complex and slow Too many false positives Limited APIs for automation Expensive to implement and maintain
  27. 27. AWS WAF Fast Incident Response Preconfigured Protection APIs for Automation Flexible Rule Language A web application firewall designed to help you defend against common web application exploits
  28. 28. What is AWS WAF? Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning
  29. 29. How does AWS WAF protect you? Security Automations Preconfigured Protections Highly Flexible Rule Language
  30. 30. Highly Flexible Rule Language  Quick Incident Response  Mitigations in < ~1 Min  Inspect Any Part of the Request Security Automations Preconfigured Protections Highly Flexible Rule Language
  31. 31. Highly Flexible Rule Language  Rate-Based Rules  Built-in blacklist IPs  Monitor and Alarm  Use with Conditions Security Automations Preconfigured Protections Highly Flexible Rule Language
  32. 32. AWS WAF Demo-1 HTTP floods (Rated-based Rules)
  33. 33. Preconfigured Protections – Common Attacks HTTP floods (Rated- based Rules) Scanners and probes SQL injection Bots and scrapers IP reputation lists Cross-site scripting Security Automations Preconfigured Protections Highly Flexible Rules Engine
  34. 34. Preconfigured Protections – Common Attacks You can get started quickly with built-in rules based on common use-cases. CloudFormation template AWS WAF Configuration Security Automations Preconfigured Protections Highly Flexible Rules Engine http://bit.ly/2tgpoEj
  35. 35. Preconfigured Protections – OWASP 10 A1: Injection A2: Broken Authentication and Session Management A3: Cross-Site Scripting (XSS) A4: Broken Access Control (New) A5: Security Misconfiguration A6: Sensitive Data Exposure A7: Insufficient AttackProtection (new) A8: Cross-Site Request Forgery A9: Using Components with Known Vulnerabilities A10: Underprotected APIs (New) Security Automations Preconfigured Protections Highly Flexible Rules Engine Whitepaper + CloudFormation template http://bit.ly/2t503Su
  36. 36. Security Automations Security Automations Preconfigured Protections Highly Flexible Rules Engine Automated anomaly detection that you can take action on using Lambda functions.  Dynamic Rules Based on Anomaly  Using Lambda & Service Logs
  37. 37. Security Automations Traditional incident responseAutomated incident response Next-generation incident response Security Automations Preconfigured Protections Highly Flexible Rules Engine
  38. 38. Demo Architecture
  39. 39. AWS WAF Demo-2 Security Automations - Bots and scrapers
  40. 40. Takeaways • AWS Shield for DDoS protection and mitigation • VPC to limit public-facing components • AWS WAF for protection from Layer 7 attacks
  41. 41. Thank you!

×