By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Configure default antispoofing rules

0

Hi,

My app is deployed on ECS Fargate and use Application Load Balancer, how can I configure the network with default antispoofing rules?

Thanks.

  • iBehr EXPERT
    10 months ago

    Can you clarify what you are referring to as anti-spoofing rules in this context? Are you referring to adding a Layer 7 WAF (Web Application Firewall) to the load balancer?

  • rePost-User-3071397
    10 months ago

    I would like to know how to setup rule to anti-spoofing for my app. Is there any AWS document for anti-spoofing?

Topics
Security, Identity, & Compliance
Tags
AWS Network Firewall
Language
English
rePost-User-3071397
asked 10 months ago541 views
1 Answer
2

To answer your question, spoofing attacks can have multiple categories such as the ones mentioned below. If your use case is focussed on something more specific, then you can mention that.

  • ARP Spoofing

When we consider a scenario for within the VPC environment, AWS provides secure and private connectivity between EC2 instances of all types. Every packet flow on the network is individually authorized against a rule to validate the correct source and destination before it is transmitted and delivered.

You can go through this documentation for more insights regarding this. Sharing an excerpt from the doc.

Moreover, while address resolution protocol (ARP) packets trigger an authenticated database look-up, ARP packets never hit the network as they are not needed for discovery of the virtual network topology. This means ARP spoofing is highly improbable on the AWS network.

This medium article also talks in detail about what I am referring to.

Moreover, since you are using an Application Load Balancer Because the load balancer is in a virtual private cloud (VPC), traffic between the load balancer and the targets is authenticated at the packet level, so it is not at risk of man-in-the-middle attacks or spoofing.

You can refer our documentation on Load Balancer Target groups to get more information regarding this.

  • Email spoofing

If you are using Amazon SES for Emails, SES adds DMARC verdicts to incoming emails, and publishes aggregate DMARC reports to domain owners. These two new features will help combat email spoofing and phishing. This documentation talks about the same.

  • DNS spoofing:

If you are using Amazon Route 53 for your domain, you can protect your domain from DNS spoofing, by configuring Domain Name System Security Extensions (DNSSEC), a protocol for securing DNS traffic.

For your use case, I would also like to recommend AWS WAF which can work with your current architecture and offers advanced protection and mitigation against most Layer 7 attacks by inspecting the requests that are forwarded to your Application Load Balancer

AWS
AWS-User-3413787
answered 10 months ago
profile pictureAWS
EXPERT
iBehr
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content