Automated Traffic And Your AWS Environment David Dowling June 2015 – AWS User Group Melbourne

Don’t Worry! This Is Not A Sales Pitch

Amazon Web Services

Bot Report 2014

Types of Automation

• Good Automation = CloudFormation, Auto Scaling Elastic Load Balancing and Googlebots

• Bad Automation = Site scraping, SQL Injection, fake Googlebots, DDoS bots

AWS Address Space Is Frequently Scanned

Googlebot Or DDoS Impersonator?

So, Like, What Does This Have To Do With AWS?

• If you can reduce malicious automated traffic hitting web servers you can control expenditure and reduce noise for the Security and DevOps teams

Amazon ELB

AmazonELB

Web servers

Amazon ELB

Web servers

Scaling Group

Availability Zone 1

Availability Zone 2

Quiz Time – Which Country Has The Largest Amount of Attack Traffic?

1. People’s Republic of China

2. Russia

3. One of the Stans

4. United States of America

The US And Alaska?

Application Denial of Service (DoS)

Torshammer script

Torshammer result

DDoS Attacks On Sites In AWS

• GreatFire.Org gets DDoS by a Nation-state

• “Because of the number of requests we are receiving, our bandwidth costs have shot up to USD $30,000 per day”

Do You Really Want A 253 Gig DDoS Attack On Your AWS Instance?

Site Scraping – Why?

Media – Steal page views

E-Business – Steal ad revenue

Insurance – rate harvesting and then undercutting

Social Media – Stealing user data to create fake accounts

Transportation – systematically undercutting pricing

Government Agencies – List harvesting

Lovely Faces – Aka your Facebook profile photo scraped from Facebook

AWS Test Drive

https://www.imperva.com/ld/aws_testdrive.asp

More Information?

• David.Dowling@Imperva.com or 0403 803 804 • AWS share a lot of great stuff on SlideShare

• www.Blog.Imperva.com

• http://www.botopedia.org/

• Verizon Data Breach Report