AWS Web Application Firewall

Benefits and Comparison of AWS WAF

Sponsors

Find me on LinkedIn

AWS Certifications

Presented by Adam Book

What is a WAF?

According to OWASP:

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

Why use AWS (or any) WAF?1) Prevent / govern Abuse

Legitimate Users

Nefarious Users

Cloud Server Database

Web spider

Why use AWS (or any) WAF?2) Application DDos

Legitimate Users

Nefarious Users

Cloud Server Database

How do WAFs Work?1) Prevent / govern Abuse

Legitimate Users

Nefarious Users

Cloud Server Database

Setting up the AWS WAF

Elastic Load Balancing

Auto Scaling

Amazon EC2

Amazon CloudFront

AWS WAF

Users

Setting up the AWS WAF

1. Create a web ACL

2. Add a RULE

3. Add Match Conditions

4. Assign to CloudFront

Setting up the AWS WAF

At the simplest level, AWS WAF lets you choose one of the following behaviors

Allow all requests except the ones that you specifyUseful when you want to serve all your content from a public website, but to block attackers.

Block all requests except the ones you specify Useful when you want CloudFront to server content for a restricted website whose users are readily identifiable in a web request (ip address / cookie value)

Count the requests that match the properties that you specifyYou can configure the WAF to count the requests which match certain properties before you start using rules that block / allow the requests.

Setting up the AWS WAF

The first step will be to Name the ACL

Using the Wizard

Setting up the AWS WAF

• IP• String• SQLi

Matching Conditions

Customizing Rules

• AND / OR• Block, allow, or• Ordered conditions

Setting up the AWS WAF

Then we create the match condition

Using the Wizard

Setting up the AWS WAF

We will then add our condition to our

rule

Using the Wizard

Setting up the AWS WAF

Then choose which CloudFront assets to attach the WAF

Using the Wizard

AWS WAF Pricing

Pricing Outline

• $5 Per web ACL, $1 per rule per month

• You can Reuse rules across multiple CloudFront distributions with no additional costs

• $0.60 per million requests• Low monthly minimum

AWS WAF Pricing

Typical Monthly Bill

• Test Environment (1 rule) - $ 6 per month / $72 per year

• Small Site – (6 rules 58M views) - $46 per month / $552 per year

• Medium Site (6 rules 260M views) - $67 per month / $804 per year

No EC2 charges are incurred

Comparative PricingAWS WAF vs other WAF

Typical Monthly Bill

Rules EC2 charge Monthly Yearly

AWS WAF 6 N/A 67 804

Sophos NA 32.21 161.05 1,578.00

Imperva NA 97.36 1010.16 8,927.00

Monthly charge is based off of hourly charge with 24x7x30 Minimum EC2 instance used in calculations

Extra Benefits seen from AWS WAF

Elastic Load Balancing

Auto Scaling

Amazon EC2

Amazon CloudFront

AWS WAF

Users

Unathorized

Benefits of AWS WAF

Additional protection against web attacks which you specify. Condition defined can be of characteristics such as the following:– The IP address that request originates from– The values in the request headers– Strings that appear in the requests– The length of requests– The Presence of SQL code that is likely to be malicious– The presence of a script that is likely to be malicious

Benefits of AWS WAF

• Rules that you can reuse for multiple web applications

• Real time metrics and sampled web requests

• Automated administration using the Web API

Reporting & Logging

• Blocked Web Requests

• Allowed Web Requests

• Counted Web Requests

Adjustments to rules in response to real time analytics

Time period can be adjusted by sliding graph endpoints or with filters

Real Time Metrics (CloudWatch)

Integrating with others

The AWS WAF integrates with the following APIs, SDKs and CLI’s

AWS CLI AWS Tools for

Windows PowerShell

AWS Toolkit for Visual

Studio

AWS Tools for

Windows PowerShell

iOS

AndroidPython (boto)

Ruby

Java

JavaScript

JavaScript

Node.js

Extra Benefits seen from AWS WAF

Elastic Load Balancing

Amazon EC2

Amazon CloudFront

AWS WAF

Usersauthorized

by IP

Unathorized

AmazonRDS

CloudFormationtemplate

goo.gl/WjNTE2

Questions?

Image by http://www.gratisography.com/

Interested in SponsoringAWS Atlanta?

Image by http://www.gratisography.com/