In this modern era, organisations running on cloud can face severe threats from hackers at any time. Data breaches happen daily, and business have a responsibility to their customers to protect their data. They must protect against data theft or security breaches. Business are facing many challenges related to the security like:
- Data Privacy
- Integrity, Non-authentication and Non-Repudiation
- Online attacks like phishing, man-in-the middle attack, DDoS, SQL injection, Phlashing, etc.
That’s why it is crucial for businesses to protect their cloud infrastructure before it gets hacked. So, there should be a safe and complete system dedicated to securing the cloud infrastructure. In this post we will focus on the AWS services that helps businesses to protect their AWS infrastructure and their relevant use-cases.
What is WAF?
AWS WAF is a web application firewall that monitors web request which are forwarded to Application Load Balancer (ALB), Amazon API Gateway, or CloudFront. AWS WAF can also allow or block any web request as per your rules and conditions. That means your WAF sits above CloudFront or ALB so, if you don’t have these services on your infrastructure then you cannot use AWS WAF.
When to choose WAF?
AWS WAF can allow or block only the web request so, if you want to block the web request you WAF Is right choice for you. AWS WAF works with rules and conditions for the web request.
If you want your CloudFront or load balancer serve content for public request, but also want to block request from attackers then WAF can help you. Sometimes you see some of the web request with one IP’s continuously hit the website, in this case you can use WAF to block those IPs.
WAF another feature is it allows you to count the requests that match the properties you specify.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. There are two tiers of AWS Shield – Standard and Advanced.
You can use AWS Shield-standard with no additional cost. AWS Shield standard defends against most common DDoS attack that target your website or applications.
When to choose AWS Shield and its types?
You can use AWS WAF to help minimize the effect of DDoS attack So, when to use shield? AWS shield standard is automatically included with no extra cost but if you need extended protection against DDoS attack for your Amazon Elastic Compute Cloud instances, Elastic Load Balancing load balancers, Amazon CloudFront distributions, Amazon Route 53 hosted zones, and your AWS Global Accelerator accelerators you can use AWS shield Advanced.
If you have the technical expertise and want full control over monitoring for and mitigating layer 7 attacks, AWS Shield Standard is likely the appropriate choice. But if your business or industry is a likely target of DDoS attacks, or if you prefer to let AWS handle most of the DDoS protection and mitigation responsibilities for layer 3, layer 4, and layer 7 attacks, AWS Shield Advanced might be the best choice.
What is AWS Inspector?
Amazon Inspector is an automated security assessment service which helps to make a better security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities and deviations for best practices and provides list of security issues. Amazon Inspector Assessment is done on each EC2 instance to verify the security best practices. AWS Inspector is tag based and the agent-based security assessment service. Assessment template looks for EC2 instances with specific tags to identify Assessment targets.
When to choose AWS Inspector?
AWS inspector is an IDS (Intrusion Detection system) which helps you to detect the vulnerabilities
in your application. It only detects and provides you with the assessment report and the prevention should be done by yourself. It provides you the report on the how vulnerable is your application. If you feel there is some memory leakage in your application, then Inspector can help to find out for you. If you find there is no encryption happening when data in transit, you can use this service to find out the cause. Also, if you want to analyze the network configuration to find the accessibility of ec2 instances, then Inspector is the best service for you.
What is GuardDuty?
Amazon GuardDuty is an intrusion detection service that monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment.
When to choose Amazon GuardDuty?
As an intrusion detection service, Amazon GuardDuty helps in issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. If you want to detect compromised EC2 instances serving malware or mining bitcoin, unauthorized infrastructure deployments like instances deployed in a region that has never been used, password policy change, unusual API calls, etc. Amazon GuardDuty is the best service to be used.
Amazon GuardDuty can be enabled with no software or hardware to deploy and maintain.
Key management service (KMS)
What is KMS?
AWS Key Management Service (KMS) makes it easy for you to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications. AWS KMS is integrated with AWS CloudTrail to record all API requests, including key management actions and usage of your keys. AWS KMS is integrated with AWS services to simplify using your keys to encrypt data across your AWS workloads.
When to choose KMS?
KMS is a fully managed service that makes easy to create and control encryption keys in AWS.
KMS utilizes symmetric encryption which means that the same key is used for encryption and decryption. If you want an extra layer of security while Data at Rest, then KMS is the best option for you. Amazon KMS is integrated with almost all the AWS services.
When you encrypt your data, your data is protected, but you must protect your encryption key. AWS KMS also helps to encrypt your plain text data with data key and encrypt the data key with another key. This is called as Envelope Encryption.