automated traffic and your aws environment_b
TRANSCRIPT
Automated Traffic And Your AWS Environment David Dowling June 2015 – AWS User Group Melbourne
Don’t Worry! This Is Not A Sales Pitch
Amazon Web Services
Bot Report 2014
Types of Automation
• Good Automation = CloudFormation, Auto Scaling Elastic Load Balancing and Googlebots
• Bad Automation = Site scraping, SQL Injection, fake Googlebots, DDoS bots
AWS Address Space Is Frequently Scanned
Googlebot Or DDoS Impersonator?
So, Like, What Does This Have To Do With AWS?
• If you can reduce malicious automated traffic hitting web servers you can control expenditure and reduce noise for the Security and DevOps teams
Amazon ELB
AmazonELB
Web servers
Amazon ELB
Web servers
Scaling Group
Availability Zone 1
Availability Zone 2
Quiz Time – Which Country Has The Largest Amount of Attack Traffic?
1. People’s Republic of China
2. Russia
3. One of the Stans
4. United States of America
The US And Alaska?
Application Denial of Service (DoS)
Torshammer script
Torshammer result
DDoS Attacks On Sites In AWS
• GreatFire.Org gets DDoS by a Nation-state
• “Because of the number of requests we are receiving, our bandwidth costs have shot up to USD $30,000 per day”
Do You Really Want A 253 Gig DDoS Attack On Your AWS Instance?
Site Scraping – Why?
Media – Steal page views
E-Business – Steal ad revenue
Insurance – rate harvesting and then undercutting
Social Media – Stealing user data to create fake accounts
Transportation – systematically undercutting pricing
Government Agencies – List harvesting
Lovely Faces – Aka your Facebook profile photo scraped from Facebook
AWS Test Drive
https://www.imperva.com/ld/aws_testdrive.asp
More Information?
• [email protected] or 0403 803 804 • AWS share a lot of great stuff on SlideShare
• www.Blog.Imperva.com
• http://www.botopedia.org/
• Verizon Data Breach Report