Introduction to AWS Shield
AWS Shield is a Distributed Denial of Service (DDoS) protection service in AWS. It is designed to safeguard applications running on AWS from the impact of DDoS attacks by detecting and mitigating malicious traffic before it reaches the application.
Key features and aspects of AWS Shield include:
DDoS Protection:
AWS Shield provides protection against DDoS attacks, which can overwhelm a website or application with a flood of traffic, making it unavailable to users.
Managed Service:
AWS Shield is a fully managed service, meaning that AWS handles the detection and mitigation of DDoS attacks on behalf of the customer.
AWS Shield comes in two tiers: AWS Shield Standard and AWS Shield Advanced.
AWS Shield Standard:
AWS Shield Standard is automatically included at no extra cost with all AWS customers. It provides automatic DDoS detection and inline mitigation to protect against common and most frequently observed DDoS attacks.
AWS Shield Advanced:
AWS Shield Advanced is a premium, subscription-based service that provides enhanced DDoS protection. It includes additional features such as 24/7 DDoS response support, advanced threat intelligence, and additional DDoS mitigation capabilities.
Global Network of DDoS Scrubbing Centers:
AWS Shield leverages a global network of DDoS scrubbing centers strategically located across the AWS global network infrastructure. This allows for the identification and filtering of malicious traffic close to the source, preventing it from reaching the targeted application.
Integration with CloudFront and Route 53:
AWS Shield integrates seamlessly with Amazon CloudFront (Content Delivery Network) and Amazon Route 53 (DNS service), providing DDoS protection for globally distributed content and domain name resolution.
Dedicated DDoS Response Team (DRT):
AWS Shield Advanced customers have access to the AWS DDoS Response Team (DRT), a team of security experts available around the clock to provide assistance during DDoS attacks.
Advanced Threat Intelligence:
AWS Shield Advanced includes advanced threat intelligence capabilities, helping to identify and mitigate sophisticated and evolving DDoS attacks.
Real Time DDoS Dashboard:
AWS Shield provides a real time DDoS dashboard that allows customers to monitor ongoing attacks and view mitigation details.
AWS Shield plays a crucial role in maintaining the availability and reliability of applications hosted on AWS by protecting them from the disruptive effects of DDoS attacks. It is an integral part of AWS’s overall security and resilience strategy for its cloud services.
How AWS Shield works
AWS Shield works by detecting and mitigating DDoS attacks to ensure the availability and performance of applications hosted on AWS. An overview of how AWS Shield works is given below.
1. Traffic Monitoring:
AWS Shield continuously monitors and analyzes the incoming network traffic to AWS customers’ applications.
2. Automatic DDoS Detection:
AWS Shield uses machine learning algorithms and anomaly detection techniques to identify patterns associated with DDoS attacks. It automatically detects abnormal traffic behavior that may indicate a potential DDoS attack.
3. Automatic Mitigation (AWS Shield Standard):
For customers using AWS Shield Standard (included for free with all AWS customers), automatic mitigation measures are applied in real-time to mitigate the impact of common and frequently observed DDoS attacks.
4. Global Network of DDoS Scrubbing Centers:
AWS Shield leverages a globally distributed network of DDoS scrubbing centers. These centers are strategically located across the AWS global network infrastructure.
5. Traffic Diversion and Filtering:
When a potential DDoS attack is detected, AWS Shield can divert the traffic to these scrubbing centers. The traffic is then carefully examined, and malicious or unwanted traffic is filtered out, allowing only legitimate traffic to reach the targeted application.
6. Integration with AWS Services:
AWS Shield seamlessly integrates with other AWS services, such as Amazon CloudFront (CDN) and Amazon Route 53 (DNS service), to provide comprehensive DDoS protection for globally distributed content and domain name resolution.
7. AWS Shield Advanced Features:
For customers subscribing to AWS Shield Advanced, additional features are available:
Dedicated DDoS Response Team (DRT): Access to a dedicated team of security experts available 24/7 to provide guidance and support during DDoS attacks.
Advanced Threat Intelligence: Utilizes advanced threat intelligence to identify and mitigate sophisticated and evolving DDoS attacks.
8. Real Time DDoS Dashboard:
AWS Shield provides a real time DDoS dashboard that allows customers to monitor ongoing attacks, view mitigation details, and gain insights into the nature of the attacks.
9. Logging and Reporting:
AWS Shield provides detailed logs and reports, enabling customers to analyze attack patterns, understand the effectiveness of mitigations, and take proactive measures to enhance security.
By combining real time traffic monitoring, automatic detection, global network infrastructure, and integration with AWS services, AWS Shield works to detect and mitigate DDoS attacks effectively, ensuring the availability and reliability of applications hosted on AWS. It provides both automatic protection for all AWS customers (Shield Standard) and enhanced, subscription-based protection with additional features (Shield Advanced).
What is a DDos attack ?
A Distributed Denial of Service (DDoS) attack is an attempt to disrupt the functioning of a server, service, or network by attacking it with a flood of traffic from multiple sources. In a DDoS attack, the goal is to make a website, application, or online service unavailable to its intended users.
Key characteristics of DDoS attacks include:
Distributed Nature:
DDoS attacks involve a large number of compromised computers and devices, forming a botnet. These devices are often spread across the globe and are controlled by the attacker.
Overwhelming Traffic:
The attacker sends a massive volume of traffic to the target, overwhelming its capacity to handle legitimate requests. This flood of traffic consumes available bandwidth, server resources, or network components.
Variety of Attack Vectors:
DDoS attacks can take various forms, utilizing different attack vectors. Common types include:
- Volumetric Attacks: Flood the target with a massive volume of traffic (e.g., UDP amplification attacks)
- TCP Connection Exhaustion: Overwhelm the target by exhausting its available TCP connections
- Application Layer Attacks: Target vulnerabilities in the application layer, such as HTTP, DNS, or other protocols
- Spoofed IP Addresses: Attackers often use techniques to spoof or disguise the source of the attack traffic, making it challenging to identify and block malicious requests.
- Motivations: DDoS attacks can be motivated by various factors, including financial extortion, competition, hacktivism, or simply causing disruption for malicious intent
- Duration and Intensity: DDoS attacks can be short-lived and intense, aiming to quickly overwhelm the target, or they can be prolonged with lower-intensity traffic to create an ongoing disruption
- Reflection and Amplification: Some DDoS attacks leverage reflection and amplification techniques, where the attacker sends requests to reflectors (e.g., open DNS resolvers) with the source address spoofed to appear as the target. The reflectors then amplify the response, directing it to the target
- Mitigation Challenges: DDoS attacks pose challenges for mitigation due to their distributed and varied nature. Defending against DDoS attacks requires robust infrastructure, traffic filtering, and often the use of specialized DDoS protection services
- Botnets: Many DDoS attacks are orchestrated using botnets, which are networks of compromised computers controlled by the attacker without the owners’ knowledge
Mitigating DDoS attacks requires a combination of network infrastructure resilience, traffic filtering, and, in many cases, the use of specialized DDoS protection services that can detect and mitigate attacks in real time. Organizations often employ DDoS mitigation strategies to ensure the availability and reliability of their online services.
Step-by-step procedure to create AWS Shield
Creating AWS Shield involves enabling the service and, in some cases, subscribing to AWS Shield Advanced for additional features. Here is a general step-by-step procedure to enable AWS Shield:
Enable AWS Shield Standard:
In the AWS Management Console, select the “Services” dropdown.
Under the “Security, Identity, & Compliance” section, click on “WAF & Shield.” and then click on ‘Go to AWS Shield’
AWS Shield Standard is automatically included with all AWS customers at no additional cost.
Subscribe to AWS Shield Advanced (Optional):
Access the AWS Management Console:
If you are not already in the AWS Shield console, navigate to the “Services” dropdown and click on “WAF & Shield” under “Security, Identity, & Compliance.” and then click on ‘Go to AWS Shield’
In order to subscribe to AWS Shield Advanced, click on “Subscribe to Shield Advanced”
Review the features and pricing details for AWS Shield Advanced and complete the registration.
Conclusion:
In conclusion, AWS Shield is a critical component of a well-architected and secure AWS environment, helping organizations maintain the availability and reliability of their applications in the face of evolving cybersecurity challenges. As the threat landscape evolves, AWS Shield stands as a shield, safeguarding digital assets hosted on the AWS platform.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
