Do you think IIT Guwahati certified course can help you in your career?
What is AWS Network Firewall?
AWS Network Firewall is a managed service intended to detect and prevent intrusion, which deploys essential network protections for all Amazon Virtual Private Clouds (VPCs) easily. This service can be set up effortlessly and automatically scales with the network traffic, removing the need to deploy and manage any infrastructure. With a network firewall, we can filter the traffic at the perimeter of our VPC including filtration of the traffic going to and coming from an internet gateway or over VPN or AWS Direct Connect. It uses the open-source intrusion prevention system (IPS) for stateful inspection and supports Suricata compatible rules.
We can use Network Firewall to monitor and protect our Amazon VPC traffic in the following ways:
Only pass traffic through available AWS service domains or IP address endpoints, such as Amazon S3.
Custom lists of known bad domains can be used to limit the types of domain names that can be accessed from our applications.
Deep packet inspection on the traffic entering or leaving our VPC can be performed.
Filter protocols like HTTPS can be detected using stateful protocol, independent of the port being used.
Using the flexible rule engine of AWS Network Firewall, we can define firewall rules that give us fine-grained control over network traffic. We can also import rules already written in standard open-source rule formats and enable integrations with managed intelligence feeds sourced by AWS partners. This network firewall works together with AWS Firewall Manager to build policies based on AWS Network Firewall rules and then centrally apply them across our VPCs.
What are the benefits of AWS Network Firewall?
The benefits of using AWS Network Firewall are as described below:
Managed infrastructure for high availability - AWS itself manages AWS Network Firewall infrastructure, and it automatically scales with our network traffic. It can support hundreds of thousands of connections, so we do not have to manage our network security infrastructure.
Flexible protection through fine-grained control - AWS Network Firewall has a flexible rules engine that supports thousands of custom rules, which can be defined to protect unique workloads. These rules can be based on IP, port, protocol, domain, and pattern matching and are written in common open-source rule formats.
Consistent policy management across VPCs and accounts - AWS Network Firewall works with AWS Firewall Manager to provide centrally managed security policies across existing accounts and VPCs. We can ensure mandatory security policies are automatically enforced on newly created accounts and VPCs. Additionally, it provides real-time firewall activity monitoring through Amazon CloudWatch metrics.
What are the resources managed by AWS Network Firewall?
The following resources can be managed using AWS Network Firewall:
Firewall - It provides traffic filtering logic for the subnets in a VPC.
Firewall Policy - It defines the rules and other settings for a firewall to filter incoming and outgoing traffic in a VPC.
Rule Group - It defines a set of rules to match against VPC traffic and the actions to take when the Network Firewall finds a match. Network Firewall uses stateless and stateful rule group types, each with its own Amazon Resource Name (ARN).
How can we access AWS Network Firewall?
We can access the AWS Network Firewall in the following ways:
AWS Management Console - This provides a web interface for managing the service.
AWS Command Line Interface - This provides commands for accessing the service using the command-line interface.
AWS Network Firewall API - This provides a RESTful API for handling connection details and errors.
AWS SDKs - This provides language-specific APIS for access. The SDKs can handle the connection details, request retries and errors.
AWS CloudFormation - This helps in modelling and setting up the resources for AWS Network Firewall so that we can spend less time managing these resources and more time on our applications that run in AWS.
AWS Tools for Windows PowerShell - This lets developers and administrators manage their AWS services and resources in the PowerShell scripting environment.
What are the features of AWS Network Firewall?
The features associated with the AWS Network Firewall are discussed below:
High availability and automated scaling - AWS Network Firewall offers built-in redundancies to ensure all traffic is consistently inspected and monitored. AWS Network Firewall provides a Service Level Agreement with an uptime commitment of 99.99%. It automatically scales our firewall capacity up or down based on the traffic load to maintain steady, predictable performance to minimize costs.
Stateful firewall - The context of traffic flows for more granular policy enforcement are considered in this feature, such as dropping packets based on the source address or protocol type. The match criteria for this stateful firewall are the same as AWS Network Firewall’s stateless inspection capabilities, including a match setting for traffic direction. We can write the firewall rules based on source/destination IP, source/destination port, and protocol using the flexible rule engine of AWS Network Firewall.
Web filtering - AWS Network Firewall supports inbound and outbound web filtering for unencrypted web traffic. Server Name Indication (SNI) is used to block access to specific sites for encrypted web traffic. In addition, it can also filter fully qualified domain names (FQDN).
Intrusion prevention - AWS Network Firewall’s intrusion prevention system (IPS) provides active traffic flow inspection with real-time network and application layer protection against vulnerability exploits and brute force attacks. Threat signatures based on attributes like byte sequences/packet anomalies can be known using the signature-based detection engine.
Alert and flow logs - Alert logs are rule-specific and provide additional data about the rule that was triggered and the session that triggered the rule. State information about all traffic flows passing through the firewall is provided by flow logs, with one line per direction.
Central management and visibility - We can centrally deploy and manage security policies across our applications, VPCs, and accounts in AWS Organizations using the AWS Firewall Manager. AWS Firewall Manager organizes AWS Network Firewall rules groups into policies that we can deploy across our infrastructure to help us scale enforcement in a consistent and hierarchical manner. It also provides an aggregated view of policy compliance across accounts and automates the remediation process.
Rule management and customization - AWS Network Firewall enables customers to run Suricata-compatible rules sourced internally, from in-house custom rule development or externally, from third-party vendors or open-source platforms.
A diverse ecosystem of partner institutions - Integration with central third-party policy orchestration and exporting logs to analytics solutions is possible as AWS Network Firewall integrates with AWS Partners. AWS Network Firewall supports popular managed threat intelligence feeds for customers who prefer to leverage their existing managed rule providers. For more visibility, AWS Network Firewall logs and security event information can be sent to third-party analytics solutions, such as Security Information and Event Management (SIEM) software.
What are the pricing values for AWS Network Firewall?
The price for the service is set at an hourly rate for each firewall endpoint. We also have to pay for the amount of traffic billed by the gigabyte, which is processed by our firewall endpoint. Data processing charges apply for each gigabyte processed through the firewall endpoint regardless of the traffic’s source or destination. In addition, we also incur standard AWS data transfer charges for all data transferred via the AWS Network Firewall.
NAT Gateway Pricing - If we choose to create a NAT gateway in our AWS account along with Network Firewall, standard NAT gateway processing and per-hour usage charges are waived on a one-to-one basis with the processing per GB and usage hours charged for our firewall.
What are the benefits of using AWS Network Firewall?
The major benefits of AWS Network Firewall are that we do not have to personally manage and build the network security infrastructure ourselves and we can centrally manage security policies. Additionally, we can build custom firewall rules.
Can AWS Network Firewall manage security across multiple AWS accounts?
Yes, we can use AWS Network Firewall to manage security across multiple AWS accounts as it facilitates the management of security for an organization as well as multiple accounts.
Can AWS Network Firewall inspect encrypted traffic?
No, AWS Network Firewall does not support inspection for encrypted traffic.
Conclusions
We have learned about AWS Network Firewall and its features in this blog. We have also discussed the benefits of using AWS Network Firewall as well as the price quotations for using this service.
85+ registered