Table of Contents
What are AWS Firewalls?
Amazon Web Services (AWS) is a public cloud service platform that supports a broad selection of operating systems, programming languages, frameworks, tools, databases, and devices. AWS uses a shared security model meaning that while Amazon takes responsibility for protecting the infrastructure that runs AWS services, the customer is responsible for the data and applications utilized by end users. Because of this, it is important that customers take the necessary steps to protect their data, applications and networks by securing their digital property with a firewall of some type.
The term AWS Firewall refers to any computer security system that monitors the traffic, network, applications, or data running on the Amazon cloud. Generally, these security systems fall into two categories: Web Application Firewalls and Network Firewalls.
AWS Web Application Firewall
Web Application Firewalls play a critical role in the protection of web-based applications running on the Amazon cloud. They form the backbone for defensive against cloud-based exploits that compromise security or harm the availability of applications and data. There are numerous companies that offer Web Application Firewalls on the AWS marketplace, each with their own advantages and disadvantages. While each AWS WAF differs in technology and implementation, they most generally provided:
- Application Security: Protecting web applications is any Web Application Firewall primary purpose. A powerful WAF should be able to protect applications, data, APIs, and mobile app backends from common cyber attacks such as OWASP Top 10, zero-day threats, data leakage, and DDoS attacks.
- Traffic Filtering: Traffic filtering is one of the most practical and important operations performed by a Web Application Firewall. By filtering traffic based on a factors such as HTTP headers, keywords, IP addresses, and even URI strings, the Web Application Firewall can prevent harmful interactions before they reach an application.
While Amazon does offer their own internal firewall service, users can often find more specialized third party firewalls on the AWS Marketplace better tailored to their needs. Currently, there are several major features that the native AWS Web Application Firewall lacks deemed important to the protection of applications in the modern age. Features such as integrated SSL offloading, more detailed reporting, wider region support, and a more flexible pricing model are just a few reasons why users are tending to move toward using third-party WAFs.
With AWS maintaining its position as the most popular public cloud infrastructure platform, comprising 41.5% of applications workloads in the public cloud, applications utilizing Amazon infrastructure are often under constant attack. It is important that companies and individuals invest in the security of their applications and data with a powerful and proven Web Application Firewall.
AWS Network Firewalls
Network Firewalls (most predominantly NextGen Firewalls) on AWS offer network protection that compliment the application protection provided by Web Application Firewalls. While there is some overlap between what a Network Firewall and Web Application FIrewall protect (most notably data), Network Firewalls provide security over the entire network perimeter which includes the highly vulnerable port and protocol levels. In addition, they add powerful security features to AWS deployments such as:
- Packet Filtering: By monitoring all incoming and outgoing packets the firewall can regulate which applications and hosts are allowed to interact with the network.
- Virtual Private Network (VPN): Many modern firewalls offer VPN technology to allow virtual point-to-point links between two nodes through a safe and regulated source.
- Deep Packet Inspection (DPI): DPI is a method that inspects not only the packet’s multiple headers, but also the actual data content of the packet. In this way the firewall can filter protocol non-compliances, viruses, spam, intrusions, or other defined criteria.
- Antivirus Inspection: Antivirus inspection checks packets for virus that travel through the network to infect endpoint devices.
- Website Filtering: Website filtering is a technique used to check incoming web pages to see if the page needs to be censored or declined to show at all. Reasons for blockage could be advertising, pornographic content, spyware, viruses and other unsafe content.
- DNS Reputation Filtering: By filtering content against a database which records the reputation and validity of an IP address, firewalls can block harmful content more easily.
Currently AWS does not offer a native Network Firewall, therefore customers must turn to third party companies for network protection on their AWS deployments. Many AWS customers are often misled into believing that a Web Application Firewall is enough protection within the popular cloud deployment. However, It is important to consider the vulnerability of your data and application-related-packets on their way to and in retrieval from the cloud. In both these cases a Web Application Firewall is not enough to guarantee their protection.
Often hackers will try and steal data or information on its way out of an AWS Network and into a private network. As companies continue to spread their online resources across multiple clouds and infrastructures (public and private) the opportunity for cyber criminals to strike continues to grow.