Do you know? AWS has approximately 1 Million+ active enterprise customers.

That is a massive number by any means which makes AWS a juggernaut of sorts in the industry. As a result, cybersecurity attacks that are targeted at websites hosted on AWS are also substantial.

But, Amazon – the parent company of AWS being a customer-centric company cares for its enterprise users and has set up elaborate measures to thwart security threats.

AWS WAF (Web Application Firewalls) and Shield are the security infrastructure that AWS has created to stop security gateways right at the website’s doorsteps.

Enter, AWS WAF and Shield

Amazon announced the launch of AWS WAF and Shield at the ‘re:Invent 2016’. It was presented as an exclusive tool to protect customers from Distributed Denial of Service (DDoS) attacks.

The release was in view of a 125% YoY increase in DDoS attacks. Further, Amazon’s DNS provider Dyn (Dynamic Network Services) was also impacted by a DDoS attack which seriously affected AWS data centers located in northern Virginia and Ireland.

What is AWS WAF and Shield?

AWS WAF is Amazon’s ingenious security tool that helps website owners monitor HTTP and HTTPS requests that come to their website through Amazon CloudFront and Application Load Balancer. It is predominantly used to prevent DDoS attacks used bots and Trojan programs. AWS WAF also doubles up as a content accessing system for the website.

AWS Shield is advanced form of AWS WAF. AWS Shield comes in two variants – AWS Shield Standard and AWS Shield Advanced forms. AWS Shield is by default included with AWS services. AWS Shield Advanced offers additional protection from DDoS attacks and hence comes for an extra price.

How does it work?

AWS WAF sets a perimeter defence that prevents attackers and bots from gaining access to servers and systems beyond it. The defense mechanism works based on rules set by the admin. The admin can set rules to allow or prevent specific kinds of requests.

It performs three major security tasks to prevent security attacks.

Web Traffic Filtering with customer rules

AWS WAF allows set specific rules like allowing and blocking requests from specific IPs and taking count of such requests that meet your criteria for further analysis and decision making.

Malicious Request Blocking

Scanning and blocking bots and crawlers that attack the website with malicious requests.

Active Monitoring & Tuning

Consistently monitoring the requests received by the website and fine tuning the firewall measures to allow or block the right kind of requests.

What kind of cyber threats does AWS WAF & Shield help prevent?

AWS WAF helps secure a website from four most common and widely deployed cyber security threats.

DDoS attacks

Distributed Denial of Service attacks where the server is flooded with HTTP requests from bots or crawlers. The overburden of requests freezes the server’s functioning and might even shut it down from performing.

SQL Injection

Malicious SQL codes are injected into data-driven applications or entry fields to take over database contents from the attacked website.

XSS attacks

Cross-site scripting or XSS attacks insert malicious codes into vulnerable websites which output information to unsuspecting users. The code starts stealing sensitive information stored as cookies or session tokens from the browser of the end-user who uses such vulnerable website.

Brute force attacks

Brute force attacks are trial and error methods used to steal user passwords or encryption keys. The attacker deploys the attack repeatedly until the right password is accessed and system entry is granted.