Amazon Web Services recently introduced its own Web application firewall. How does the AWS WAF compare to others...
on the market? Is it something enterprises should consider using standalone or in conjunction with another WAF?
Web application firewalls are designed to examine network traffic and block traffic based on wide-ranging policies that can include application-specific rules. WAFs implement firewall rules, such as blocking traffic based on protocol, as well as application level checks. WAFs can implement encryption and block content that violates policies. WAFs can also use stateful monitoring so they can evaluate more complex logic than if they were stateless and had access only to the latest packet under examination.
The AWS Web application firewall implements the features one would expect in a WAF, such as the ability to create rules to prevent common attack methods like cross-site scripting and SQL injection attacks.
As with other AWS services, cloud administrators can use the AWS console or the AWS API to configure and manage AWS WAF.
AWS WAF rules are executed on AWS CloudFront endpoints. CloudFront is AWS' content delivery network (CDN), which has endpoints distributed around the globe. This means application developers and administrators do not have to concern themselves with configuring reverse proxy servers or other servers to run a Web application firewall. Since rules need to propagate to all CDN end nodes, it can take about one minute before rule changes are in effect.
AWS offers two methods to debug WAF rules: using CloudWatch metrics and Sampled Web Requests. The CloudWatch service collects several metrics -- such as EC2, ElastiCache and DynamoDB metrics -- every minute. AWS WAF users can inspect those metrics to get a sense of the volume of traffic blocked by the rules. In addition, the Sampled Web Request API call allows administrators to determine why a particular packet was blocked by a specific rule.
Find out more about comparing the top Web application firewalls.
Dig Deeper on Cloud Network Security Trends and Tactics
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading