[AWS] Security Basics

To understand AWS Security services, you need to know the basics of internet/cloud security threats and practices.

CIA Triad Model

  • Confidentiality
    • limits information access only to authorized users
  • Integrity
    • maintains the consistency of data
  • Availability
    • makes data available when you need

Best Security Practices

  • A Strong Identity Foundation
  • Traceability
    • monitors, alerts, and audit actions and changes
  • Security at all Layers
    • applies a defence-in-depth approach
  • Automation of Best Security Practices
  • Protection of Data in Transit and at Rest
  • Minimization of attack surface

DDoS (Distributed Denial of Service)

The attack attempts to make your application unavailable to end-users by large packet floods or a massive number of requests.

  • It can be done by using reflection and amplification techniques or by using botnets.

Layer 4 DDoS Attack

  • Also known as an SYN flood. An attacker rapidly initiates a connection to a server without finalizing the connection.
  • The packet that the attacker sends is the SYN packet, a part of TCP’s three-way handshake used to establish a connection – SYN, SYN-ACK, ACK -.
  • There is only a finite number of open current TCP connections. By sending many SYN packets at the same time, it consumes all of the allowed TCP connections.

Amplification DDoS Attack

  • Amplification attacks are used to magnify the bandwidth that is sent to a victim using NTP, SNMP, or DNS.
    • Network Time Protocol (NTP) is an internet protocol used to synchronize with computer clock time sources in a network.
  • An NTP amplification attack is a reflection-based volumetric DDoS attack in which an attacker exploits an NTP server functionality (small request size and large response size – 556.9 amplification factor) in order to overwhelm a targeted server with an amplified amount of UDP traffic.

Layer 7 DDoS Attack

  • An attacker sends a flood of GET or POST requests to the server, usually through a botnet or compromised computers.

PII – Personally Identifiable Information

PII is any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, credit card number, date and place of birth, mother’s maiden name, or bio-metric records.

  • Personal data could be used in identity theft and financial fraud.

AWS Security Services

  • Identity and Access
    • IAM
    • Amazon Cognito
  • Attack Protection
    • AWS Shield
    • AWS WAF
  • Audit and Traceability
    • CloudWatch
    • CloudTrail
    • AWS X-Ray
    • AWS Config

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s