Understanding AWS Firewalls

WAF, DNS Firewall, and Network Firewall 

AWS offers several firewall options, each designed to secure different layers of your cloud infrastructure. These firewalls: WAF (Web Application Firewall), DNS Firewall, and Network Firewall, each address specific security needs based on your workload. Let’s explore the differences between them and when to use each. 

AWS WAF (Web Application Firewall) 

Primary Use

Protecting web applications and APIs 

What It Does

AWS WAF protects web applications and APIs from common threats that target the application layer (Layer 7), such as SQL injections, cross-site scripting (XSS), and bot attacks. 

When to Use 

If your infrastructure has public-facing web applications or APIs, AWS WAF is essential. It filters HTTP/S traffic and prevents malicious actors from exploiting vulnerabilities in your web app. 

Key Benefits

• Customizable rules to filter traffic based on IP addresses, HTTP headers, URI   strings, or query string parameters. 

• Protection from Layer 7 DDoS attacks, ensuring availability. 

• Compliance with security standards (e.g., PCI-DSS, HIPAA). 

Example

A financial institution running an online banking platform could use AWS WAF to protect against attacks targeting sensitive user data and to ensure the platform meets regulatory requirements. 

DNS Firewall (Amazon route 53 DNS Firewall) 

Primary Use

Blocking access to known malicious domains 

What It Does

DNS Firewall controls outbound DNS requests and blocks queries to known malicious domains, protecting against threats like data exfiltration, DNS tunneling, or botnet communication. 

When to Use

DNS Firewall is ideal when your focus is preventing unauthorized applications or devices (including IoT devices) from accessing malicious domains. It protects your environment from threats that attempt to exploit the DNS layer. 

Key Benefits

• Control which domains users and devices can resolve. 

• Integrates with threat intelligence feeds to block connections to malicious domains in real-time. 

• Prevents DNS spoofing and hijacking attacks. 

AWS Network Firewall 

Primary Use

Network-level protection for VPCs 

What It Does

AWS Network Firewall is a stateful firewall that provides network-level protection for your Virtual Private Cloud (VPC) environments. It inspects traffic flowing in and out of VPCs and can filter based on port, protocol, and packet content. 

When to Use

Use AWS Network Firewall when you need to secure your VPC at the network level, filtering traffic based on policies that go beyond simple security group rules. It’s ideal for advanced intrusion detection and deep packet inspection. 

Key Benefits

• Protection from network-based threats, such as DDoS attacks, port scanning, and malware propagation. 

• Supports stateful and stateless filtering for granular control. 

• Integrated with AWS Transit Gateway for centralized network security. 

When To Use Each Firewall 

WAF: Protect web applications and APIs from Layer 7 attacks and ensure compliance with regulations like PCI-DSS. 

DNS Firewall: Prevent data exfiltration, DNS tunneling, and unauthorized access to malicious domains. Ideal for managing DNS security across many endpoints or IoT devices. 

Network Firewall: Secure VPC traffic with network-level filtering, including intrusion detection and deep packet inspection. 

Conclusion

In some cases, you might need to use multiple firewalls in tandem to cover different aspects of your security posture, such as using WAF for application layer security and Network Firewall for VPC-level security. 

If you have any questions about AWS Firewalls or would like PMsquare to provide guidance and support for your cybersecurity solution, contact us today!

Be sure to subscribe to our newsletter to have PMsquare articles and updates sent straight to your inbox.