AWS WAF Case Study: Application Protection for a serverless Media Exchange Platform

Executive Summary

The Media Governance Union running a wide range of services, including the daily news exchange, several co-productions, program exchanges and technical, programming, legal and management consultancies, as well as industry and international conferences and an international frequency planning and coordination wanted to develop and host a custom application onto the Cloud with all the Security Best practices and controls in place as necessitated. The Union negotiates rights for major sports events and organizes their coverage for the region. The Union wanted us to develop an application and filter any cyber threats to the application.

About the Customer

The Client is a Quasi-Government Media Governance Union and works closely with the other regional broadcasting unions on matters of common concern such as reserving frequencies for broadcasters, harmonization of operating and technical broadcasting standards and systems and finalizing the Broadcasting Treaty.

Customer Challenge

Web applications are vulnerable to a variety of attacks. These attacks include:
• Specially crafted requests designed to exploit a vulnerability or take control of a server;
• Volumetric attacks designed to take down a website;
• Bad bots and scrapers programmed to scrape and steal web content.

In the Client architecture, the Static Web Application is hosted on S3 and is accessible only via the AWS CloudFront CDN. The request is received from outside and CDN either replies with the cached content or requests the content from S3 if not cached. Thus, the access to the web application was required to be firewalled and protected from any type of common attacks and thus hardening the security posture.

Why AWS

Web applications are vulnerable to a variety of attacks. These attacks include:
• Specially crafted requests designed to exploit a vulnerability or take control of a server;
• Volumetric attacks designed to take down a website;
• Bad bots and scrapers programmed to scrape and steal web content.

In the Client architecture, the Static Web Application is hosted on S3 and is accessible only via the AWS CloudFront CDN. The request is received from outside and CDN either replies with the cached content or requests the content from S3 if not cached. Thus, the access to the web application was required to be firewalled and protected from any type of common attacks and thus hardening the security posture.

Partner Solution

After an initial assessment, Aspire NXT helped the Client to:

• Setup a secured environment using WAF for protection against common web attacks.
• We attached AWS WAF to CloudFront CDN wherein a request comes from the outside, it is filtered by WAF before allowing access to the CDN
• We enabled Logging for WAF to periodically review the logs and identify any possible optimizations and custom rules which can be suggested to the Client.
• A web application firewall is optimized to protect their web application and it is deployed analyze bi-directional web-based (HTTP/HTTPS) traffic - detecting and blocking anything malicious.
• It works as a shield or proxy between the internet and their web application thus protecting the server from exposure.
• During periodic reviews we realized that an average request going through WAF are 150K/day.

WAF is configured to protect the Client web applications against the following type of attacks:
• SQL Injection
• Cross Site Scripting (XSS)
• HTTP Flooding Scanners and Probes (Reconnaissance)
• IP Reputation Lists
• Bots and Scrapers
• Whitelisting/Blacklisting
• Rate-based DDoS protection
• Other Custom Rules

Results and Benefits

Some of the benefits and results that the client achieved using AWS WAF are as under:
• Optimized filtration of the web applications.
• Inspects the web traffic, and prevents common attacks stemming from variety of reasons like misconfigurations, vulnerabilities, etc.
• Helps protect the web applications/APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
• Gives control over how traffic reaches the applications by enabling us to create security rules that block common attack patterns.
• Some other benefits like agility to protect against attacks, ease of use, improved visibility over web traffic, etc.

Top
close slider