Fortifying Media Platforms: Tackling DDOS Attacks and Security Threats with Proven Solutions

Introduction

In the contemporary digital landscape, ensuring robust security for web applications is crucial. Web Application Firewalls (WAFs) offer essential protection by filtering and monitoring HTTP traffic between a web application and the Internet. AWS WAF (Web Application Firewall) is a powerful tool that helps protect your web applications from common web exploits and vulnerabilities. Implementing AWS WAF can significantly enhance the security posture of your applications, making them more resilient against attacks.

Problem Statement

We began encountering challenges with one of our media clients when we observed DDOS attacks. We became aware of these attacks through alerts triggered by the surge in incoming requests. Consequently, the performance of several of our micro-services deteriorated, as we had not implemented auto-scaling due to client constraints. Along with DDOS attacks we were also concerned about other common security threats.

So, we were looking for a solution which should be able to help us mitigate the above problems.

Solution Approaches

To deal with these security threats, we started looking for different solutions and approaches as discussed below:

1. AWS Shield:

   Approach: AWS Shield provides managed DDoS protection that safeguards applications running on AWS.
   Benefits: Offers advanced protection against DDoS attacks.
   Challenges: Can be costly, especially for smaller applications or startups.
   Considerations: Ideal for applications requiring high-level protection against DDoS attacks but may exceed budget constraints.

2. AWS GuardDuty:

   Approach: AWS GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior.
   Benefits: Provides intelligent threat detection and continuous monitoring.
   Challenges: Primarily focuses on threat detection rather than direct mitigation.
   Considerations: Useful for identifying and responding to threats but requires additional measures for proactive threat mitigation.

3. AWS WAF:

   Approach: Implement AWS WAF to filter and monitor HTTP traffic, protecting against common web exploits and vulnerabilities.
   Benefits: Offers customizable rules, automated protection, and integrated rate limiting based on HTTP methods.
   Challenges: Requires initial setup and configuration but provides comprehensive security features.
   Considerations: Cost-effective compared to AWS Shield and fulfills the requirement to limit the number of requests according to our specific needs.

Chosen Solution

Among the available solutions, AWS WAF stands out as an optimal choice for achieving operational excellence and enhancing web security:

1. Customizable Rules: Easily define and manage security rules to mitigate evolving threats and enforce compliance requirements.
2. Integrated with AWS Services: Seamlessly integrates with AWS resources like CloudFront, API Gateway, and Application Load Balancers, ensuring consistent and scalable security across distributed environments.
3. Automated Scaling and Management: Leverages AWS’s infrastructure to automatically scale and adapt to changing traffic patterns, reducing manual intervention and operational overhead.
4. Cost-Effective: Compared to AWS Shield, AWS WAF offers cost-effective protection tailored to specific security needs, including request rate limiting based on HTTP methods.

Steps by Step Procedure to Implement AWS WAF

1. Define Security Requirements
   Identify the specific security requirements for your web application, including common web exploits, rate limiting, and compliance needs.
2. Create a Web ACL
   Create a Web Access Control List (Web ACL) in AWS WAF to define and manage security rules.
3. Add Rules to Web ACL
   Basic Protection: Implement AWS Managed Rules to protect against common web exploits.
   Custom Rules: Define custom rules to address specific security needs, such as rate limiting based on HTTP methods.
4. Apply Web ACL to AWS Resources
   Associate the Web ACL with your AWS resources, such as CloudFront distributions, API Gateway, or Application Load Balancers.
5. Monitor and Update Rules
   Continuously monitor the performance of your Web ACL and update rules as needed to adapt to new threats and security requirements.

Our Case

Securing our systems against cyber threats is a top priority, and implementing a WAF was a crucial step in this direction. In our case, deploying a WAF came with several key requirements.

Key Requirements:

1. Rate Limiting: Limit the number of incoming requests based on specific HTTP methods (POST and PUT) and a custom header, on a per IP address basis. This helps to prevent excessive load and potential abuse from any single IP address.
2. Custom Response Codes: Send a custom HTTP response code whenever a request is blocked by the WAF, providing clear feedback to the client about the reason for the blockage.
3. Threshold Blocking: Block requests when the total number of requests exceeds a certain threshold, ensuring that the system remains stable and can handle legitimate traffic effectively.
4. Logging: Enable logging of blocked requests only, allowing us to analyze the data later to identify the IP addresses and URLs that those IPs were trying to access.

Implementation Process

We thoroughly tested the WAF implementation in a non-production environment to ensure its effectiveness. Once confident in its performance, we initially enabled it in production in count mode, a non-blocking mode where the WAF reports breaches without blocking requests.

After verifying the reports and ensuring everything was functioning correctly, we proceeded to update the AWS ALB with the AWS WAF configuration for our production environment.

Conclusion

Implementing AWS WAF enhances the security of your web applications by providing customizable, cost-effective protection against common web exploits. By leveraging AWS WAF, you can ensure comprehensive security management, automated scaling, and compliance with industry regulations. This approach aligns with our goal of achieving operational excellence and maintaining a robust security posture for our web applications. Embrace the future of web security with AWS WAF and safeguard your applications against evolving threats.