https://oldfart.aka.corp.amazon.com:7009/oldfart/oldfart.cgi?name=yasuarak&submit=Show+me
Worldwide summary: 13575 ( 2.23% ) < yasuarak > ( 97.77% ) 594817
There are 608,393 employees at Amazon right now.
13,575 employees (2.23% of the employees at Amazon today) were hired before yasuarak.
Of current employees, 594,817 (97.77%) were hired after yasuarak.
Tokyo summary: 38 ( 2.55% ) < yasuarak > ( 97.38% ) 1449
There are 1,488 employees at Amazon in Tokyo right now.
38 Tokyo employees (2.55% of the employees in Tokyo at Amazon today) were hired before yasuarak.
Of current Tokyo employees, 1,449 (97.38%) were hired after yasuarak.
NET-1
Throughout the session we will visually show how each layer of perimeter protection is added to a basic web application.
Here we show you a basic web application. This application if left as is, does not take advantage of all the security measures available to you which leaves it vulnerable to attack.
This simplified architecture is shown so we can draw attention to the principles we’re discussing today and how and where each layer of protection is added.
Let’s begin by adding the first layer of perimeter protection, Amazon CloudFront.
Threats are coming at us from multiple angles.
There are DDoS attacks that try to exhaust your application resources so it won’t be available to your users. This includes volumetric attacks, transport layer attacks, and application layer attacks.
We see two things within DDOS attacks: first, short lived attacks that only last for a couple of minutes are increasing in number. Second, the larger DDOS attacks are exponentially growing in size. The memcached reflection attack seen earlier this year peaked well over 1 Tbps and was more than twice the size of the Mirai botnet attacks.
**CLICK** We’re also confronted by web application attacks that exploit some weakness in your application code.
**CLICK** There are also all kind of bots, generating half of web traffic by some estimates. Some are good like search bots for site indexing. Others are bad and try to steal content from your website.
NET-1
Throughout the session we will visually show how each layer of perimeter protection is added to a basic web application.
Here we show you a basic web application. This application if left as is, does not take advantage of all the security measures available to you which leaves it vulnerable to attack.
This simplified architecture is shown so we can draw attention to the principles we’re discussing today and how and where each layer of protection is added.
Let’s begin by adding the first layer of perimeter protection, Amazon CloudFront.
NET-1
Throughout the session we will visually show how each layer of perimeter protection is added to a basic web application.
Here we show you a basic web application. This application if left as is, does not take advantage of all the security measures available to you which leaves it vulnerable to attack.
This simplified architecture is shown so we can draw attention to the principles we’re discussing today and how and where each layer of protection is added.
Let’s begin by adding the first layer of perimeter protection, Amazon CloudFront.
AWS Services
We are influencing CISO or security groups to rely on PrivateLink as the new normal way to access AWS Service APIs (and other SaaS or DaaS offerings)
API, micro-services / Anything behind a load balancer
Internal applications like APIs or micro-services are common use cases, like logging, monitoring, and container systems. Also, any services or resources can be accessed if they are behind a load balancer.
Software-as-a-Service (SaaS)
Third party software hosted on the AWS Marketplace or when using bring your own license, like SnowFlake and TrendMicro
Services that process sensitive data
When customers are concerned about data, PrivateLink offers an additional layer of security to manage where data is flowing, like CapitalOne and MasterCard
And with that, we’ve now added our first layer of perimeter protection by restricting all access to your application through CloudFront.
I’m now going to hand the session over to Ritwik who will talk about how to add the next two layers of perimeter protection.