AWS re:Invent 2023
Safeguarding Infrastructure from Ddos Attacks with Aws Edge Services Net201

Title

AWS re:Invent 2023 - Safeguarding infrastructure from DDoS attacks with AWS edge services (NET201)

Summary

  • Presenters: Paul (manager for the threat research team) and Tsuri Amami (solution architect specialist for edge services).
  • DDoS Trends: DDoS attacks remain consistent in number but have shifted from infrastructure layer events to application layer attacks, with a 40% year-over-year increase in web request floods.
  • Innovations in DDoS Attacks: A new vector, the Rapid Reset Vulnerability, exploiting HTTP/2 was discussed, with a peak attack at 155 million requests per second.
  • Proxy Abuse: 88% of application layer attacks leverage proxies to obfuscate the attacker's IP.
  • AWS Mitigation Strategies: AWS uses default mitigations, protocol-aware mitigations, and proactive measures like botnet disruption and takedown requests to protect against DDoS.
  • Shared Responsibility: Customers are responsible for implementing certain measures to protect their applications, such as well-architected frameworks, enabling AWS WAF, and using services like CloudFront and Global Accelerator.
  • AWS WAF and Shield Advanced: AWS WAF allows custom and managed rules to filter traffic, while Shield Advanced offers additional protection, including automatic rule creation during attacks and cost protection.
  • Best Practices: Utilize IP reputation lists, rate-based rules, and geographical controls to mitigate DDoS risks. Shield Advanced users should enable proactive engagement and layer 7 auto mitigation.

Insights

  • Shift to Application Layer Attacks: The shift from infrastructure to application layer attacks indicates that attackers are adapting and finding new ways to exploit web services, which requires a different set of mitigation strategies.
  • Importance of Edge Services: The use of AWS edge services like CloudFront and Global Accelerator is emphasized as a key strategy in protecting against DDoS attacks, highlighting the importance of a strong perimeter defense.
  • Proxy Networks as a Challenge: The widespread use of proxy networks by attackers complicates the process of identifying and mitigating DDoS attacks, making it a significant challenge for AWS and its customers.
  • Automation in Mitigation: AWS's approach to DDoS mitigation heavily relies on automation, such as the automatic creation of WAF rules by Shield Advanced during an attack, which is crucial for responding to attacks in real-time.
  • Collaboration with ISPs: AWS's collaboration with ISPs for takedown requests and botnet disruption shows the importance of cross-organizational cooperation in combating cyber threats.
  • Customer Responsibility: The talk reinforces the concept of shared responsibility, where customers must also take proactive steps to secure their applications, emphasizing the need for customer awareness and action in security practices.
  • Educational Resources: The presentation concludes with links to further educational resources, suggesting AWS's commitment to educating customers on security best practices and the use of their services for DDoS mitigation.
Saas Operations in Action Buy with Prime Bwp301Safely Migrate Databases That Serve Millions of Requests per Second Nfx307