2024/09/06 How to effectively use AWS WAF

Typhon666_death 263 views 10 slides Sep 06, 2024

Slide 1 of 10

About This Presentation

2024/09/06 #jawsug_yamanashi
This is the presentation material given at JAWS-UG Yamanashi for 5 minutes LT.

Size: 1.33 MB

Language: en

Added: Sep 06, 2024

Slides: 10 pages

Slide Content

How to
effectively
use AWS WAF
~Essential Points to Know About WAF~

2024/09/06 JAWS-UG Yamanashi#1
Shun Yoshie

AWS resources related to AWS WAF
Global Service Regional Service
AWS WAF is a web application ﬁrewall that lets you monitor the HTTP(S) requests
that are forwarded to your protected web application resources.
You can protect the following resource types:

Key points after implementing AWS WAF
Rule tuning: Basically, include rule exclusion settings.
Rule Tuning
Monitor trafﬁc after initial deployment and adjust rules to prevent false positives and
over-detection.
Regular Log Review Regularly review logs stored in CloudWatch Logs or S3 to detect any anomalies.
Performance Monitoring
Monitor the impact of the WAF on system performance and make adjustments as
necessary.
Security Incident Response Analyze the details of attacks blocked by the WAF and update the incident response plan.
WAF Rule Updates Regularly update the WAF rule set to address new threats.
Cost Management Periodically review usage and optimize to stay within budget.
Today's
point

Rough
texture
Disable the rule group /
rule itself
Add excluded IP addresses
to whitelist
Override target rule to
Count mode
Exclude with nestable rule
statements
Exclude with label match
rule statement
Disable the web ACL itself
Web ACL Disable Rule Group/Rule OffIP Address Permission
Override to CountScope-down StatementExcluding labeling requests
01 02 03
04 05 06
DEALING WITH FALSE POSITIVE
Fine
texture
Today's
point
Today's
point
Today's
point

Override to COUNT
AWS WAF counts the request but does not determine whether to allow it or block it.

Scope-down Statement
A scope-down statement is a nestable rule statement that you add inside a managed rule
group statement or a rate-based statement to narrow the set of requests that the containing
rule evaluates.

ex)We don't want WAF to detect
"access from the ofﬁce IP address"
AND
"access to /administrator/"

In other words,
Detected if
"NOT from an ofﬁce IP address"
OR
"NOT from an access to /administrator/"

Excluding labeling requests

Requests labeled in COUNT mode are combined with the target label in subsequent rules to
exclude requests if certain conditions are met.

ex)If “the request detected and labeled by the BadBots_HEADER rule”
is “NOT from an ofﬁce IP address”, block the request.
Same
label

CONCLUSION
Managed Rules alone can block trafﬁc roughly. By ﬁnely tuning the rules, you can effectively
block malicious trafﬁc that bypasses the AWS WAF.

SELF-INTRODUCTION
SHUN YOSHIE
Security Consultant
Security-JAWS core-member
JAWS PANKRATION chairman
Like: AWS Security Hub
Tech: CNAPP, Multi-cloud

https://aws.amazon.com/jp/developer/community
/heroes/shun-yoshie/

CREDITS: This presentation template was created by Slidesgo, and
includes icons by Flaticon and infographics & images by Freepik
DO YOU HAVE ANY QUESTIONS?

: Shun Yoshie

: Shun Yoshie

: Typhon666_death
THANKS

2024/09/06 How to effectively use AWS WAF

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

2024/09/06 How to effectively use AWS WAF

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......