Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Categories
Blogs

An Overview of DDoS Attacks: Understanding the Threat.

An Overview of DDoS Attacks: Understanding the Threat.

In the current digital era, cybersecurity is key. Among the various threats that organizations face are Distributed Denial of Service (DDoS) attacks which are particularly disruptive. DDoS attack defence is one of the top security concerns on the web today, regardless of the attacker’s purpose, because disruption of availability can result in financial losses and other undesirable repercussions. In this blog article we will explore how AWS Shield operates, its features, and its importance in the current cybersecurity landscape.

DDoS Attacks

DDoS attacks involve overwhelming a server, service, or network with more traffic than it can handle, causing it to slow down or crash. Attackers use millions of tonnes of traffic to bring down a victim’s web applications from multiple sources, which is known as DDoS extortion.

There are basically 3 types of DDoS attacks:

Volume-Based Attacks

These attacks use methods to create huge amounts of traffic in order to completely saturate bandwidth, causing a traffic jam that prevents genuine traffic from flowing into or out of the targeted site.

Protocol Based Attacks

By consuming enormous amounts of per-connection resources, these attacks misuse stateful protocols and therefore put a strain on firewalls and load balancers.

Application Layer Attacks

Some of the most advanced DDoS attacks take use of flaws in the application layer by establishing connections and launching process and transaction requests that consume finite resources such as disc space and memory.

AWS Shield Overview

What is AWS Shield?

AWS Shield is a managed solution for preventing DDoS attacks basically on AWS-hosted applications. It inspects traffic in real-time and applies mitigation strategies automatically in order to avoid performance degradation.

There are basically two types of AWS Shields.

AWS Shield Standard (Free Service)

It is a free service offered to all AWS customers. It guards you against 96% of today’s most prevalent attacks, such as SYN/ACK floods, Reflection attacks, and HTTP slow reads. This protection is deployed to your Elastic Load Balancers, CloudFront distributions, and Route 53 resources automatically and transparently.

AWS Shield Advanced (Paid Service)

It is a paid service that adds volumetric DDoS mitigation, sophisticated attack detection, and mitigation for attacks at the application as well as network layers to AWS Shield.

You also have access to DDoS Response Team (DRT) 24*7 for tailored mitigation during attacks.

Key Features of AWS Shield.

Automatic Protection: AWS Shield offers automatic protection for all AWS customers at no additional cost. This basic protection, known as AWS Shield Standard, defends against most common, frequently occurring network and transport layer DDoS attacks.

Advanced Protection: AWS Shield Advanced provides enhanced protections for more sophisticated and larger scale DDoS attacks. It includes additional detection and mitigation capabilities, 24/7 access to the AWS DDoS Response Team (DRT), and financial protection against spikes in your AWS bill resulting from a DDoS attack.

Real-Time Visibility: AWS Shield Advanced customers have access to detailed attack diagnostics and the ability to create alarms in Amazon CloudWatch based on the occurrence of DDoS events.

Integration with AWS Services: AWS Shield works seamlessly with other AWS services like AWS WAF (Web Application Firewall), Amazon CloudFront, and Amazon Route 53, providing a holistic approach to security.

Why AWS Shield is Important

Comprehensive Protection

AWS Shield’s multi-layered defence strategy covers a wide range of attack vectors. Its integration with other AWS services ensures a robust security posture for your applications.

Cost-Effective

With its automatic protection feature, AWS Shield Standard offers fundamental DDoS protection at no extra cost, making it a cost-effective solution for all AWS customers. For those requiring advanced protection, AWS Shield Advanced offers additional benefits, including financial safeguards.

Reduced Complexity

Managing cybersecurity can be complex, AWS Shield’s managed service approach reduces this complexity, allowing organizations to focus more on their core business activities.

Enhanced Business Continuity

DDoS attacks can disrupt business operations significantly. AWS Shield enhances business continuity by ensuring that applications remain available and performant even under attack.

This brings us to the end of this blog, thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

AWS Backup an Amazon EC2 instance

AWS Backup of an Amazon EC2 Instance

AWS Backup is a fully managed backup services that Centralises data protection across AWS services and on-premises enviroments. It simplifies the backup process by providing a unified interfaces to manage backups, retention policies , and recovery options. In this blog article, we will provide a demo of a backup and restore job on an AWS EC2 instance.

Let’s proceed as follows.

In the left navigation pane in the AWS Backup console, under My account, choose Settings. On the Services opt-in, choose Configure resourses.

On the Configure resources page, use the toggle switches and make sure only EC2 is selected.

In the AWS Backup console, select  Backup plans in the left navigation pane under My account, and then click Create Backup Plan.

For backup plan options, select Build New Plan.

Backup plan name — provide a unique backup plan name. For this demo, enter EC2-webapp.

Backup rule name — For this tutorial, enter EC2-Dailies.

Instead of using the default backup vault that is automatically created for you in the AWS Backup console, you can create specific backup vaults to save and organize groups of backups in the same vault.
To create a backup vault, choose Create new Backup vault.

Enter a name for your backup vault. Encryption move with the default one.

Backup frequency select daily, for the backup window move with the default backup window which is set to start at 5 AM UTC and lasts 8 hours.

For the retention period, select always.

Copy to destination — As part of your backup plan, you can optionally create a backup copy in another AWS Region. Select your destination region then move with the default vault.

Note: Cross-region copy incurs additional data transfer costs.

Those are the only settings we need. Click Create Plan.

Assign resources to the backup plan

Select the created backup plan and choose the Assign resources button.

Under the resource assignment name, choose a name.

For the IAM role move with the default role.

 

Define resource selection move as shown below.

Foe resources ID-based assignment, select the Resource type and the name of the resource.

To exclude specific resource IDs, select the Resource type and the name of the resource.

For tags-based resource assignment, provide the key-value pair of the Amazon EC2 instance.

Choose the Resource selection button to assign the resources to the backup plan.

Navigate to the AWS Backup console. The backup jobs will be seen under Jobs.

Restore an Amazon EC2 instance using AWS Backup

Navigate to the backup vault selected in the backup plan and select the latest completed backup.

To restore the EC2 instance, select the recovery point ARN and choose Restore.

The restore of the ARN will bring you to a Restore backup screen that will have the configurations for the EC2 instance using the backed-up AMI and all the attached EBS volumes.

In the Network settings pane, accept the defaults or specify the options for the Instance type, Virtual Private Cloud (VPC), Subnet, Security groups, and Instance IAM role settings.

This example proceeds with no IAM role. The IAM role can be applied to the EC2 instance after the restore process is completed.

To successfully do a restore with the original instance profile, you must edit the restore policy. If you apply an instance profile during the restore, you must update the operator role and add the PassRole permissions of the underlying instance profile role to Amazon EC2. The default service role created by AWS Backup manages creating and restoring backups.

It has two managed policies: AWSBackupServiceRolePolicyForBackup and AWSBackupServiceRolePolicyForRestores. It also allows “Action”: “I AM PassRole” to launch EC2 instances as part of a restore.

In the Restore role pane, accept the Default role or Choose an IAM role to specify the IAM role that AWS Backup will assume for this restore.

In the Advanced settings pane, accept the defaults.

AWS Backup will use the SSH key pair used at the time of backup to automatically perform your restore.

After specifying all of your settings, choose Restore Backup. The Restore jobs pane will appear, and a message at the top of the page will provide information about the restore job.

Check for your restored backup job under Restore jobs in the AWS Backup console.

Once the job status appears as completed, navigate to the Amazon EC2 console and select Instances in the left navigation pane to see the restored EC2 instance. The EC2 instance is restored using the backup of the AMI and the attached EBS volume.

This brings us to the end of this blog article.

AWS Backup empowers organizations to protect their data assets with a scalable, automated, and secure backup solution.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected]

Thank you!

Categories
Blogs

Protecting Applications with AWS Shield

Protecting Applications with AWS Shield

DDoS (Distributed Denial of Service) attacks are still a big threat to online businesses. Attackers use millions of tonnes of traffic to bring down a victim’s web applications from multiple sources.

What is AWS Shield?

AWS Shield is a managed solution for preventing DDoS attacks basically on AWS-hosted applications. It inspects traffic in real-time and applies mitigation strategies automatically in order to avoid performance degradation.

Meanwhile, it inspects incoming requests fast and blocks harmful traffic using a multivariate method (based on traffic signatures, anomaly algorithms, packet filtering, and other techniques).

Types of AWS Shields:

AWS Shield Standard (Free Service)

It is a free service offered to all AWS customers. It guards you against 96% of today’s most prevalent attacks, such as SYN/ACK floods, Reflection attacks, and HTTP slow reads.

AWS Shield Advanced (Paid Service)

It is a paid service that adds volumetric DDoS mitigation, sophisticated attack detection, and mitigation for attacks at the application as well as network layers to AWS Shield.

You also have access to DDoS Response Team (DRT) 24*7 for tailored mitigation during attacks.

How does AWS Shield Work?

At the network and transport layers as well as the application layer, AWS Shield Standard and AWS Shield Advanced provide protection against DDoS attacks on resources.

Meanwhile, it provides automatic protection to all customers who use services like Amazon CloudFront, Amazon Route 53, and Elastic Load Balancer at no additional cost.

It enables organizations to build custom web access control lists (web ACLs) that can include traffic inspection conditions that become rules. There is a corresponding action for each rule (allow, block, or count).

The count mode can assist organizations in observing traffic patterns and determining whether to implement a given rule in allow or block mode.

The rate-limiting feature is one of the clearest examples of this. If an IP address receives more than two thousand requests in a five-minute period, it will be automatically blocked using this feature.

How To Setup AWS Shield

follow these steps in order to configure AWS Shield to your AWS account.

Sign in to the AWS Console. In the search box, type shield then select WAF and Shield under services.

In the left side of the navigation pane Under Shield, click on ‘Getting started’.

you will be brought to the AWS shield dashboard, then on the right side of the dashboard under Get started with shield advanced, click subscribe to shield advance.

In order to Subscribe to AWS, Shield Advanced, we need to accept all the terms & conditions.

Check all checkboxes to proceed further and then click on the ‘Subscribe’ button.

As a result, we have successfully subscribed to Advanced protection.

Now, we can proceed further ‘Add resources to Protect’.

Now, click on ‘Add resources to Protect’ to add resources.

Here, we can choose the Region and then can choose the Resource type that you want to protect and can click on Load more resources to add other resources.

NOTE: Membership alone does not grant access to all of the features, such as the AWS SRT (Shield Response Team), which can provide immediate support during an assault (including proactive event response, i.e. they will start to mitigate the attack as soon as they notice it). You must sign up for Enterprise or Business support to further receive SRT help.

This brings us to the end of this blog, thanks for reading and stay tuned for more.

Conclusion

AWS Shield stands as a critical component in the range of tools and services available to businesses and organizations seeking robust protection against Distributed Denial of Service (DDoS) attacks. By leveraging AWS Shield’s advanced capabilities, businesses can fortify their defences, mitigate potential disruptions, and maintain the integrity and availability of their applications and data in the face of evolving cyber threats.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you

Categories
Blogs

What is AWS artifact

What is AWS Artifact.

Amazon Web services has become a bedrock of cloud computing offering a plethora of services to cater for diverse business needs. Among its offerings are the AWS artifacts, a collection of compliance and security reports that provides valuable insights into the security and regulatory compliance of AWS services.

What is AWS Artifact?

AWS Artifact is a centralized resource for accessing documentation related to AWS services’ security and compliance. Additionally, it offers a collection of reports and certifications that can be used by customers, auditors, and regulators to understand AWS’s adherence to industry standards and best practices.

AWS Artifact is not a service you can use to build a resource like an EC2 instance, or an RDS database, in contrast to other AWS services. Instead, you use it to access and download AWS security and compliance data as well as any online agreements.

AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI) reports, and Service Organization Control (SOC) reports. You can submit the security and compliance documents (also known as audit artifacts) to your auditors or regulators to demonstrate the security and compliance of the AWS infrastructure and services that you use.

The primary categories of artifacts available in AWS Artifacts.

Compliance Reports: These reports detail how AWS aligns with various compliance frameworks such as SOC (Service Organization Control) reports, PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), and more. These reports are invaluable for organizations that need to demonstrate compliance with specific regulations.

Agreements: AWS Artifacts also provides access to agreements such as the AWS Customer Agreement, AWS Data Processing Addendum and others. These agreements outline the terms and conditions governing the use of AWS services and data protection responsibilities.

Third-Party Attestations: AWS Artifacts includes attestations from third-party auditors and assessors. These attestations validate AWS’s security and compliance controls, providing an additional layer of assurance to customers.

Certifications: AWS holds various certifications for its services, including ISO (International Organization for Standardization) certifications, and more. These certifications demonstrate AWS’s commitment to meeting stringent security and compliance requirements.

Benefits of AWS Artifacts

AWS enables you to keep tabs on the resources used by your applications, accessibility, and stored data. Additionally, it offers identification and access control together with ongoing real-time security information monitoring.

Key Features and Benefits

Transparency and Assurance: AWS Artifacts promotes transparency by providing customers with detailed information about AWS’s security and compliance posture.

Simplified Compliance Reporting: For complex organizations instead of conducting extensive audits and assessments, customers can leverage AWS’s compliance reports and certifications to auditors and regulators.

Streamlined Audits: Auditors and regulators can access AWS Artifacts to gain insights into AWS’s security controls and compliance which streamlines the audit process.

Improved Manageability: Allows you to manage agreements with AWS at scale.

Updated and Accessible Documentation: AWS Artifacts ensures that documentation is kept up to date, reflecting the latest security measures and compliance.

How to Access AWS Artifacts

AWS Artifacts can be accessed through the AWS Management Console and AWS CLI. Users with appropriate permissions can navigate to the AWS Artifacts section to view and download the available reports, agreements, attestations, and certifications. I will show a demo on how we can use the AWS management console to download accounts agreement. Proceed as follows.

Log into the AWS management console and type AWS artifacts in the search box, then select AWS Artifacts under services select.

As we can see in the Artifacts console, we can subscribe to notifications for the availability of new reports and agreements or updates to existing reports and agreements.

We can view reports and also view agreements.

To download a report, make sure you have enough permissions then click view report as shown.

In the reports console, we can see we have third party reports and AWS reports. Let’s move with AWS reports. Here there are a range of reports. Select the first one, Accessibility and conformance report then click download.

Download successful, go ahead and access it in your download’s directory. Thats it. This brings us to the end of this blog.

Conclusion

AWS artifacts play a crucial role in enhancing transparency, simplifying compliance reporting and providing a guarantee to customers, auditors and regulators regarding AWS security and compliance practices.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected]

Thank you!

Categories
Blogs

Amazon Macie Overview

How Amazon Macie Works

Introduction

As organizations grow, so do the volumes of sensitive data that need to be stored securely. Organizations must comply with the growing data privacy regulations and evolving guidance on protecting their sensitive data. This makes identifying and protecting sensitive data at scale complex, expensive and time consuming. Amazon Macie is a data security service to help you address these challenges. It discovers sensitive data using machine learning and pattern matching and provide visibility into data security risks and enables automated protection against those risks.

What is Amazon Macie?

Amazon Macie is a data security service that discovers sensitive data by using machine learning and pattern matching to automatically discover, classify, and protect sensitive data in Amazon Simple Storage Service (Amazon S3).

When you enable Macie, the service automatically provides an inventory of Amazon S3 buckets and identifies security risks, including buckets that are unencrypted, publicly accessible or shared outside your organization.

Macie automatically samples and analyzes objects in your s3 buckets, inspecting them for sensitive data such us personally identifiable information like names and credit card numbers.

Macie continually adds to its list of sensitive data types. You can also define your own data types to customize it to your unique business needs.

With multi account support using AWS organizations, you can view your data security posture across your s3 environment from a single Macie administrator account.

How does Macie work?

Within a few minutes after enabling Macie for your AWS account, Macie will generate your S3 bucket list in the region where you enabled it. It means Macie works at the region level. Macie will also begin to monitor the security and access control of the buckets. When it detects the risk of unauthorized access or any accidental data leakage, it generates detailed findings.

Macie provides this information to you directly. Macie also uses the information to calculate statistics and provide assessments about the security and privacy of your bucket inventory overall and individual buckets in your inventory. For example, you can find the total storage size and number of buckets in your inventory, the total storage size and number of objects in those buckets, and the total storage size and number of objects that Macie can analyse to detect sensitive data in the buckets.

Types of Amazon Macie findings

Policy Findings: Discover violations of security policies such us access Control, unauthorized access attempts, data not encrypted per policy and many more.

Sensitive Data Findings: Identify types of sensitive data such us PII (Personally Identifiable Information (e.g., SSN)), Financial Data (Financial information (e.g., credit card numbers)).

Use Cases of Amazon Macie

Data Discovery and Classification: Amazon Macie automatically scans the cloud storage, such as Amazon S3 buckets, to identify sensitive data.

Continuous Monitoring and Alerts: Amazon Macie continuously monitors data access and usage patterns, raising alerts for suspicious activities or potential data breaches.

Compliance and Governance: With Amazon Macie’s comprehensive audit trail and reporting capabilities, organizations can demonstrate compliance with data protection regulations, such as GDPR, CCPA, or HIPAA. simplifying compliance audits and ensuring adherence to data governance policies.

Integration with Security Hub and AWS Services: Amazon Macie seamlessly integrates with AWS Security Hub, allowing organizations to consolidate security findings from various services into a unified dashboard.

Custom Data Identifiers: Organizations can use custom data identifiers in Amazon Macie to create specific data patterns tailored to its unique business requirements.

Monitoring and processing Amazon Macie findings

Amazon Event Bridge

With Event Bridge, you can automate monitoring and processing of certain types of events, including events that Macie publishes for findings. To learn more about Event Bridge, see the Amazon Event Bridge User Guide.

AWS Security Hub

AWS Security Hub is a security service that provides you with a comprehensive view of your security state across your AWS environment. With Security Hub, you can review Macie findings as part of a broader analysis of your organization’s security posture. To learn more about Security Hub, see the AWS Security Hub User Guide.

Conclusion

Amazon Macie empowers organisations with unparalleled data security capabilities by automating data discovery, classification and monitoring. For organizations handling vast volumes of sensitive data in the cloud, Amazon Macie stands as a cornerstone, providing the cutting-edge tools needed to safeguard the foundation of their security.

This brings us to the end of this blog, thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected]

Thank you!