Protecting your physical servers from outside attack is usually achieved through a combination of network monitoring, anti-virus and anti-malware computers, and hardware and software firewalls to protect internal networks, servers, and system components from an outside attack. Firewall protection comes in many forms. Companies often have hardware firewalls attached (or incorporated into) their network switches, as separate hardware devices, or software firewalls installed on a server operating system. Routers also have built-in firewalls, and most workstations have built-in firewalls such as the Windows Firewall available on the Windows operating system.
All of these firewall options are available to protect data stored on-premise, on a company’s internal IT infrastructure. So how exactly do you go about protecting your non-tangible items such as web applications that live off-site, in the cloud? Amazon Web Services offers a web application firewall aptly named AWS WAF. AWS WAF helps to protect web applications that are built on the AWS cloud infrastructure by shielding them from common web exploits. These exploits can impact the availability and productivity of your web applications, compromise security, or run up your cloud computing bill by consuming an excessive amount of resources.
How It Works
AWS users subscribe to AWS WAF. The service allows users to control which types of traffic is allowed to access your web applications, and which traffic should be blocked via web security rules you customize and set in AWS WAF. Users can create custom rules to block unwanted traffic based on common attack patterns such as cross-site scripting or SQL injections. Sample rules include filtering web requests by IP address, HTTP headers or body, or even URI strings.
Depending on your web applications’ requirements such as compliance or how sensitive the data stored and transmitted via said web applications, you can adjust the AWS WAF to ensure that unwanted internet traffic including outside attacks are blocked from accessing your applications. As your needs change, new rules can be built and configured in a matter of minutes through the AWS WAF dashboard.
Easy Deployment and Management
AWS WAF works to protect any application that is deployed on Amazon CloudFront content delivery service. As an add-on for CloudFront, users don’t have to worry about deploying any additional software. Not only is deploying the AWS firewall easy to do, but your rules can be reused across all of your web applications. So if you configure rules for blocking traffic for one web application, you can copy the same rules across the other web applications hosted on CloudFront.
Like any other AWS service, users only pay for what they need. Users are charged on a monthly basis based on the number of web access control lists created, the number of rules on each web ACL, and the number of web requests received. These charges are added to your Amazon CloudFront pricing. Besides only paying for what is used, users also don’t have to pay for any upfront commitment and can
cancel at any time. So if you have to scale or cancel your web applications hosted on CloudFront, you can adjust or stop your AWS WAF service as needed.