Understanding AWS Firewalls
WAF, DNS Firewall, and Network Firewall
AWS offers several firewall options, each designed to secure different layers of your cloud infrastructure. These firewalls: WAF (Web Application Firewall), DNS Firewall, and Network Firewall, each address specific security needs based on your workload. Let’s explore the differences between them and when to use each.
AWS WAF (Web Application Firewall)
Primary Use
Protecting web applications and APIs
What It Does
AWS WAF protects web applications and APIs from common threats that target the application layer (Layer 7), such as SQL injections, cross-site scripting (XSS), and bot attacks.
When to Use
If your infrastructure has public-facing web applications or APIs, AWS WAF is essential. It filters HTTP/S traffic and prevents malicious actors from exploiting vulnerabilities in your web app.
Key Benefits
Customizable rules to filter traffic based on IP addresses, HTTP headers, URI strings, or query string parameters.
Protection from Layer 7 DDoS attacks, ensuring availability.
Compliance with security standards (e.g., PCI-DSS, HIPAA).
Example
A financial institution running an online banking platform could use AWS WAF to protect against attacks targeting sensitive user data and to ensure the platform meets regulatory requirements.
DNS Firewall (Amazon route 53 DNS Firewall)
Primary Use
Blocking access to known malicious domains
What It Does
DNS Firewall controls outbound DNS requests and blocks queries to known malicious domains, protecting against threats like data exfiltration, DNS tunneling, or botnet communication.
When to Use
DNS Firewall is ideal when your focus is preventing unauthorized applications or devices (including IoT devices) from accessing malicious domains. It protects your environment from threats that attempt to exploit the DNS layer.
Key Benefits
Control which domains users and devices can resolve.
Integrates with threat intelligence feeds to block connections to malicious domains in real-time.
Prevents DNS spoofing and hijacking attacks.
AWS Network Firewall
Primary Use
Network-level protection for VPCs
What It Does
AWS Network Firewall is a stateful firewall that provides network-level protection for your Virtual Private Cloud (VPC) environments. It inspects traffic flowing in and out of VPCs and can filter based on port, protocol, and packet content.
When to Use
Use AWS Network Firewall when you need to secure your VPC at the network level, filtering traffic based on policies that go beyond simple security group rules. It’s ideal for advanced intrusion detection and deep packet inspection.
Key Benefits
Protection from network-based threats, such as DDoS attacks, port scanning, and malware propagation.
Supports stateful and stateless filtering for granular control.
Integrated with AWS Transit Gateway for centralized network security.
When To Use Each Firewall
WAF: Protect web applications and APIs from Layer 7 attacks and ensure compliance with regulations like PCI-DSS.
DNS Firewall: Prevent data exfiltration, DNS tunneling, and unauthorized access to malicious domains. Ideal for managing DNS security across many endpoints or IoT devices.
Network Firewall: Secure VPC traffic with network-level filtering, including intrusion detection and deep packet inspection.
Conclusion
In some cases, you might need to use multiple firewalls in tandem to cover different aspects of your security posture, such as using WAF for application layer security and Network Firewall for VPC-level security.
If you have any questions about AWS Firewalls or would like PMsquare to provide guidance and support for your cybersecurity solution, contact us today!
Be sure to subscribe to our newsletter to have PMsquare articles and updates sent straight to your inbox.