When you deliver web content through a CDN such as CloudFront, a best practice is to prevent viewer requests from bypassing the CDN and accessing your origin content directly. In this blog post, you’ll see how to use CloudFront custom headers, AWS WAF, and AWS Secrets Manager to restrict viewer requests from accessing your CloudFront origin resources directly. read more ...
In this blog post, you’ll learn to implement automated security response mechanisms within your AWS environments. This post will include common patterns, implementation considerations, and an example solution. Security response automation is a broad topic that spans many areas. The goal of this blog post is to introduce you to core concepts and help you get started. read more ...
Your mission in this workshop is to use AWS WAF, Amazon Inspector, and Systems Manager to build an effective set of controls around your AWS workloads. Learn to use AWS WAF to mitigate common attack vectors against web applications such as SQL injection and cross-site scripting. Additionally, learn how to use Amazon Inspector and Systems Manager to automate security assessments and operational tasks such as patching and configuration management across your Amazon EC2 fleet. read more ...
In this blog post, we’ll show you how to use Amazon GuardDuty to automatically update the AWS Web Application Firewall to automatically block suspicious hosts Web Access Control Lists (WebACLs) and VPC Network Access Control Lists (NACLs) in response to GuardDuty findings. After GuardDuty detects a suspicious activity, the solution updates these resources to block communication from the suspicious host while you perform additional investigation and remediation. Once communication has been blocked, further occurrences of a finding are reduced, allowing security and operations teams to focus more on higher priority tasks. read more ...
In this post, I show you how to deploy a sample custom Alexa skill and use an Alexa-enabled device, such as Amazon Echo, to get information about GuardDuty findings across your AWS accounts and regions. The information provided by this sample skill gives you a broad overview of GuardDuty finding statistics, severities, and descriptions. When you hear something interesting, you can log in to the GuardDuty console or another analysis tool to investigate the findings data. read more ...
Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web applications. In addition, Amazon Cognito supports OAuth 2.0 as an industry standard protocol for authorization, and the sample application in this blog post relies on JSON Web Tokens to authorize access to private content. JSON Web Token (JWT) is a JSON-based open standard for creating access tokens which assert a series of claims as a JSON object. JSON Web Tokens can also be signed using private/public key pairs in order to verify content authenticity and integrity. read more ...
CloudFront field-level encryption helps secure sensitive data such as a customer phone numbers by adding another security layer to CloudFront HTTPS. Using this functionality, you can help ensure that sensitive information in a POST request is encrypted at CloudFront edge locations. This information remains encrypted as it flows to and beyond your origin servers that terminate HTTPS connections with CloudFront and throughout the application environment. In this blog post, we demonstrate how you can enhance the security of sensitive data by using CloudFront field-level encryption. read more ...
Implementing Security Controls in the World of Internet, Big Data, IoT and E-Commerce Platforms - This workshop will give participants the opportunity to take a security focused journey across various AWS services and implement automated controls along the way. You will learn how to apply AWS security controls to services such as Amazon EC2, Amazon S3, AWS Lambda, and Amazon VPC. In short, you will learn how to use the cloud to protect the cloud. read more ...
This Quick Start automatically deploys an outbound web filtering proxy on the Amazon Web Services (AWS) Cloud, using the Sophos Unified Threat Management (UTM) virtual appliance. The Quick Start also uses Sophos Outbound Gateway to extend security to multiple virtual private clouds (VPCs). Sophos UTM provides multiple security functions, including firewall, intrusion prevention (IPS), VPN, and web filtering. Sophos Outbound Gateway provides a distributed, fault-tolerant architecture to provide visibility, policy enforcement, and elastic scalability to outbound web traffic. The Quick Start builds a cloud environment that enables you to whitelist AWS API calls without allowing internet access. You can also use this reference deployment to enable other proxy use cases with Sophos UTM. The Quick Start includes AWS CloudFormation templates that automatically deploy the web proxy into your AWS account in about 20 minutes. You can customize these templates to meet your specific requirements. read more ...
In this blog post, we show you how to configure an LDAPS (LDAP over SSL/TLS) encrypted endpoint for Simple AD so that you can extend Simple AD over untrusted networks. Our solution uses Elastic Load Balancing (ELB) to send decrypted LDAP traffic to HAProxy running on Amazon EC2, which then sends the traffic to Simple AD. read more ...