Shield & WAF demo

Shield Standard

2 type

Shield Standard

Shield Advanced

feature

Quick detection

AWS Shield Standard provides always-on network flow monitoring that inspects incoming traffic to AWS and uses a combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real time.

click to edit

Inline Attack mitigation

Automatic mitigations are applied inline to your applications so that there is no impact to latency. A

feature

ADvanced detection

you have 24/7 access to the AWS DDoS Response Team (DRT), whom you can engage before, during, or after a DDoS attack. The DRT helps triage the incidents, identify root causes, and apply mitigations on your behalf. You can also engage with the DRT for any post-attack analysis.

click to edit

Advanced Attack Mitigation

provides you with more sophisticated automatic mitigations for attacks targeting your applications running on Amazon EC2, Elastic Load Balancing, CloudFront, and Route 53 resources. Using advanced routing techniques, AWS Shield Advanced provides additional mitigation capacity to protect against larger DDoS attacks.

WS Shield Standard uses several techniques, such as deterministic packet filtering and priority-based traffic shaping, to automatically mitigate attacks without impact to your applications.

You can also mitigate application-layer DDoS attacks by writing rules using AWS WAF.

When you use AWS Shield Standard with CloudFront and Route 53, you receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.

The DRT also applies manual mitigations for more complex and sophisticated DDoS attacks.

For application-layer attacks, you can use AWS WAF to respond to incidents.

With AWS WAF, you can set up proactive rules like Rate Based Blacklisting to automatically block bad traffic or respond immediately to incidents as they happen.

There is no additional charge for using AWS WAF for application-layer protection. You can also engage directly with the DRT to place AWS WAF rules on your behalf, in response to an application layer DDoS attack. The DRT will diagnose the attack and, with your permission, apply mitigations on your behalf.

Attack notificaton

You gain complete visibility into DDoS attacks with near-real-time notification through CloudWatch and detailed diagnostics on the AWS WAF and AWS Shield console. Working with the DRT, you can access post-event analysis and investigation. You can also view a summary of prior attacks from the console.

DDOS cost protection

Safeguard from scaling charges because of a DDoS attack that causes usage spikes on Amazon EC2, Elastic Load Balancing, CloudFront, or Route 53. If any of these services scale up in response to a DDoS attack, AWS will provide AWS Shield service credits for charges as the result of usage spikes.

Specilaized Support

AWS Shield Advanced provides enhanced detection, inspecting network flows, and also monitoring application-layer traffic to your Elastic IP address, Elastic Load Balancing, CloudFront, or Route 53 resources. Using additional techniques, such as resource-specific monitoring, AWS Shield Advanced provides granular detection of DDoS attacks and also detects application-layer DDoS attacks, such as HTTP floods or DNS query floods, by baselining traffic on your resource and identifying anomalies.

Global Availablity

AWS Shield Advanced is available globally on all CloudFront and Route 53 edge locations. You can protect your web applications hosted anywhere in the world by deploying CloudFront in front of your application. Your origin servers can be Amazon S3, Amazon EC2, Elastic Load Balancing, or a custom server outside of AWS. You can also enable AWS Shield Advanced directly on an Elastic IP address or Elastic Load Balancing load balancer in these AWS Regions: Northern Virginia, Oregon, Ireland, Tokyo, and Northern California.

WAF

AWS WAF includes two different ways to see how your website is being protected: one-minute metrics are available in CloudWatch and Sampled Web Requests are available in the AWS WAF API or management console. These allow you to see which requests were blocked, allowed, or counted and what rule was matched on a given request (i.e., this web request was blocked due to an IP address condition, etc.).

. You create a web ACL and define its protection strategy by adding rules. Rules define criteria for inspecting web requests and specify how to handle requests that match the criteria. Y

OWASP 10

In AWS, these are software firewalls that inspect your web traffic and verify that it conforms to the norms of expected behavior. The feature that enables WAF to do this is adherence to the Open Web Application Security Project (OWASP) top ten. The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, and FTC.

ou set a default action for the web ACL that indicates whether to block or allow through those requests that pass the rules inspections. You can create a web access control list (ACL) using the AWS WAF console and rules that you want to use to block and filter web requests. This is where you specify whether you want to block web requests or allow them. If a web ACL has more than one rule, web requests must satisfy just one of the rules. AWS WAF evaluates the rules in the order that they're listed in the web ACL.

demo

feature

can protect ALB, API GW, and cloudfront( Means your web server)