AWS WAF,Shield, Firewall Manager - Secure Web Apps Just 1-Click

The Challenge:

The challenges associated with safeguarding web applications are multi-faceted. Cyber attackers continuously devise new strategies to breach security measures, steal sensitive data, and disrupt services.

The array of common malicious web attacks encompasses:

• SQL injection, where malicious code is injected into input fields to manipulate databases.

• cross-site scripting (XSS), which targets users with malicious scripts.

• DDoS attacks on layer 7 (HTTP Flood), which are designed to consume application resources.

• More web application attacks and threats from the OWASP Top 10.

The ASCENDING Approach:

We can leverage AWS WAF, AWS Shield, and AWS Firewall Manager together to create a comprehensive security solution for your web application resources.

What is AWS WAF?

AWS WAF (Web Application Firewall) is usually placed logically between users and web servers and provides the capability to monitor/analyze HTTP and HTTPS requests directed towards your protected web application resources. Maintaining and configuring your own set of security rules can be a challenge. With AWS WAF, you can now apply AWS Managed Rules, which gives you protection against common vulnerabilities and emerging threats.

What is AWS Schield?

AWS Shield is a managed service designed to protect applications running on AWS from distributed denial of service (DDoS) attacks, and it comes in two tiers: Standard and Advanced.

What is AWS Firewall Manager? 

AWS Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced.

With Firewall Manager, you set up your security policies/protections just once and the service automatically applies them across your accounts and resources.

The Solution:

ASCENDING presents a cutting-edge WAFv2 Regional solution, equipped with AWS Managed Rulesets for OWASP Top 10. This innovative offering allows for seamless deployment of one of the following options, tailored to your specific use case:

• Option 1: Regional Web ACL for individual AWS accounts

   

• Option 2: AWS Firewall Manager policy for deploying Web ACL across multiple AWS Organization accounts

Our solution also provides the following optional features:

• IPv4 block list

• CloudWatch Metrics (Enabled by default)

• Request Sampling (Enabled by default)

• Rate Limiting by IP (Required)

• Web Request Body Size Constraint in Bytes (Block Web Requests that their Body Size is larger than this number)

• Exclude One Rule From AWSManagedRulesCommonRuleSet We enabled (Default is SizeRestrictions_BODY since the default body size limit is 8 KB, which is too small)

• Regex Set to Block Web Requests that Don't Match Them (Only compare the Host in the request header, e.g. your Regex could be .*\.example\.com)

• AWS account IDs in your organization that the Firewall Manager applies the policy to (Used when option 2 is selected)

• Resource ARN to be associated with the Web ACL (Used when option 1 is selected)