www.nordcloud.com 1

AWS re:Invent 2015CSA Meetup

Oslo, 09.11.2015

www.nordcloud.com 2

About re:Invent

● Annual AWS user conference since 2011

● Focus on learning

● All materials are available

● Security and Compliance track

https://reinvent.awsevents.com/

www.nordcloud.com 3

About Nordcloud

www.nordcloud.com 4

SEC323 Securing Web Applications with AWS WAF

STG205 Secure Content Delivery Using Amazon CloudFront

AWS WAFWeb Application Firewall

www.nordcloud.com 5

Use cases for WAF

www.nordcloud.com 6

AWS WAF vs traditional approach

● Simple● Easy and fast to install● Reasonably priced● Reduce false positives● Automation● Optimal workflow

www.nordcloud.com 7

AWS WAF in nutshell

● Protect websites and content

● Block or allow requests

● Monitor events

● Customizable, flexible

● Integrates with other services

● Fast to deploy

www.nordcloud.com 8

AWS WAF workflow

● Create a web ACL

○ Add a rule

■ AND/OR

■ Block, allow, count

■ Ordered

○ Add match conditions

■ IP

■ Match any part (string or binary)

■ SQLi (url decoded request, valid SQL)

● Assign to CloudFront

○ ~1 minute to changes

○ 1 minute metrics

○ Request samples, observing rules in action

www.nordcloud.com 9

AWS WAF typical ruleset

1. Whitelisted IPs - ALLOW2. Blacklisted IPs - BLOCK3. Blacklisted signatures - BLOCK4. SQL Injection - COUNT5. Suspicious activity - COUNT

Default - ALLOW

www.nordcloud.com 10

AWS WAF automated blacklist

www.nordcloud.com 11

SEC324 Introducing Amazon Inspector

Amazon Inspector

www.nordcloud.com 12

Amazon Inspector usage workflow

● Install inspector agent on your instance

● Tag instances with application specific info

● Configure Inspector

○ Application and assessment

● Start Inspector

● Exercise and test your service

● Telemetry collects information

● Stop inspector (or wait timeout)

● Look at findings

www.nordcloud.com 13

Amazon Inspector in a nutshell

● Security insight into application deployments● Runs an automated, repeatable, full scale,

dynamic check of your running services● Selectable built-in rules

○ Use AWS security knowledge to strengthen servers

● Delivery of actionable findings○ Carefully explained○ Help their resolution

● Automatable

www.nordcloud.com 14

Amazon Inspector rule packages

● CVE (Common vulnerabilities and exposures)

● Network security best practices

● Authentication best practices

● Operating system security best practices

● Application security best practices

● PCI DSS 3.0 readiness

www.nordcloud.com 15

Amazon Inspector availability

Limited preview, apply and try it out!

www.nordcloud.com 16

Questions?

Please contact:

Attila BaboCloud Architectattila.babo@norcloud.comMobile: +47 936 71565www.nordcloud.com