Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Advice on securing an intranet web app

0

Hello we currently run a third party intranet browser based app. The single server is in a data centre and access is a public facing IP address secured by a Netscaler enabling 2FA authentication (physical fobs) and then forwarding to the internal url for the app login.

We wish to migrate the server to AWS (seems straightforward) and then allow secure MFA access. What can we use to replace the Netscaler's role. Ideally clients will use Microsoft or Google Authenticator soft MFA. The app itself is a third party CRM system and we don't have access to the codebase. I'm a bit lost with the AWS options such as WAF, Cognito etc. Is someone able to offer advice on what to use or indeed if Cognito etc. are the right tools. I guess this must be a fairly common requirement but I can't find anything on the knowledge base.

Thank you.

Themen
Sicherheit, Identität & KonformitätVernetzung & Bereitstellung von InhaltenAWS Framework mit guter Struktur
Tags
AWS Identity and Access ManagementAmazon CognitoVernetzung & Bereitstellung von InhaltenSicherheit
Sprache
English
Anthony
gefragt vor 4 Monaten268 Aufrufe
2 Antworten
1
Akzeptierte Antwort

Hey Anthony, your looking then at some kind of reverse proxy to front your internal web server.

I'd say you have a a few options..

  1. Search AWS Marketplace for a 3rd Party product that you can deploy into your VPC
  2. Purhase, setup and install a 3rd Party product into your VPC like your NetScalers
  3. Use an AWS ALB with user authentication as such https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html This allows you to force users to authenticate with something like a OIDC Service or Amazon Cognito
profile picture
EXPERTE
Gary Mclean
beantwortet vor 4 Monaten
  • Anthony
    vor 4 Monaten

    Thank you Gary... that gives me some options to look at. Much appreciated.

0

Hi,

With AWS, MFA authenticators are managed with IAM: https://aws.amazon.com/iam/features/mfa/

If you look at this page, you will see that both Google and Microsoft software authenticator for IOS and Android are supported.

To try them, please, follow this setup guidance: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html

Best.

Didier

profile pictureAWS
EXPERTE
Didier_Durand
beantwortet vor 4 Monaten
  • Anthony
    vor 4 Monaten

    Thank you Didier. Unless I have misunderstood, your reply is more aimed at using MFA for users with access to the management console rather than users of my actual application?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt