Diferentiating Security Services
(this post if part of the material I cover in my devops course)
AWS Shield/Shield Advanced
- AWS Shield is layer-4 protection, defending you from DDOS attacks like SYN flood, UDP floods or other reflection attacks. It does that by setting static thresholds and implementing Inline attack mitigation.
- AWS Shield Advanced adds more advanced detection and mitigation mechanisms, together with access to AWS Shield Response Team.
- documentation for Shield/WAF/FW-Manager
AWS WAF
- AWS WAF is a layer-7 firewall, monitoring HTTP and HTTPS
- It can protect your services by inspecting the source IP addresses of users, and other parameters that are part of the HTTP requests.
- If request is denied, WAF will respond with HTTP 403 response.
AWS Firewall Manager
- AWS Firewall Manager is a service that can be used to centrally manage firewall rules across accounts.
Amazon GuardDuty
- Amazon GuardDuty is a service that uses machine learning to to threat detection.
- It looks at CloudTrail logging/VPC Flow Logs/DNS Logs, looking for unusual API calls, known malicious IP addresses, failed loggins, port scanning etc.
- GuardDuty documentation
AWS Macie
- Amazon Macie is an AI assisted service that scans S3 for personal information that does not comply with HIPAA/GDPR (names, credit-card IDs, social security number etc.)
- Macie documentation
Amazon Inspector
- Inspector is used to protect Operating Systems, by inspecting our networks and ec2 instances
- Networking assessments: It does configuration analysis on security groups to see if there are open ports left open
- Host assessments: You'll have to install an agent, and it will look for CVEs, and will try to find places where you can harden your system based on CIS benchmarks.
- Amazon Inspector
- Amazon Inspector documentation