Download - Csa meetup 09.11.2015
www.nordcloud.com 1
AWS re:Invent 2015CSA Meetup
Oslo, 09.11.2015
www.nordcloud.com 2
About re:Invent
● Annual AWS user conference since 2011
● Focus on learning
● All materials are available
● Security and Compliance track
https://reinvent.awsevents.com/
www.nordcloud.com 3
About Nordcloud
www.nordcloud.com 4
SEC323 Securing Web Applications with AWS WAF
STG205 Secure Content Delivery Using Amazon CloudFront
AWS WAFWeb Application Firewall
www.nordcloud.com 5
Use cases for WAF
www.nordcloud.com 6
AWS WAF vs traditional approach
● Simple● Easy and fast to install● Reasonably priced● Reduce false positives● Automation● Optimal workflow
www.nordcloud.com 7
AWS WAF in nutshell
● Protect websites and content
● Block or allow requests
● Monitor events
● Customizable, flexible
● Integrates with other services
● Fast to deploy
www.nordcloud.com 8
AWS WAF workflow
● Create a web ACL
○ Add a rule
■ AND/OR
■ Block, allow, count
■ Ordered
○ Add match conditions
■ IP
■ Match any part (string or binary)
■ SQLi (url decoded request, valid SQL)
● Assign to CloudFront
○ ~1 minute to changes
○ 1 minute metrics
○ Request samples, observing rules in action
www.nordcloud.com 9
AWS WAF typical ruleset
1. Whitelisted IPs - ALLOW2. Blacklisted IPs - BLOCK3. Blacklisted signatures - BLOCK4. SQL Injection - COUNT5. Suspicious activity - COUNT
Default - ALLOW
www.nordcloud.com 10
AWS WAF automated blacklist
www.nordcloud.com 11
SEC324 Introducing Amazon Inspector
Amazon Inspector
www.nordcloud.com 12
Amazon Inspector usage workflow
● Install inspector agent on your instance
● Tag instances with application specific info
● Configure Inspector
○ Application and assessment
● Start Inspector
● Exercise and test your service
● Telemetry collects information
● Stop inspector (or wait timeout)
● Look at findings
www.nordcloud.com 13
Amazon Inspector in a nutshell
● Security insight into application deployments● Runs an automated, repeatable, full scale,
dynamic check of your running services● Selectable built-in rules
○ Use AWS security knowledge to strengthen servers
● Delivery of actionable findings○ Carefully explained○ Help their resolution
● Automatable
www.nordcloud.com 14
Amazon Inspector rule packages
● CVE (Common vulnerabilities and exposures)
● Network security best practices
● Authentication best practices
● Operating system security best practices
● Application security best practices
● PCI DSS 3.0 readiness
www.nordcloud.com 15
Amazon Inspector availability
Limited preview, apply and try it out!
www.nordcloud.com 16
Questions?
Please contact:
Attila BaboCloud [email protected]: +47 936 71565www.nordcloud.com