Content Delivery Infrastructure Updates #3

Fastly Introduces Cutting Edge Next-Gen Control Panel

Fastly’s next generation control panel is a response to the need for complete visibility and instant feedback on applications, allowing customers to respond and innovate instantaneously. As its customer base has increased and expanded in terms of diversity, Fastly has made accommodations to serve a wider range of needs and use cases. Long-time users of Fastly need not worry, the interface retains a lot of its original features while improving navigation, easier access to data, and providing a more intuitive user experience. The dashboard features a reconfigured information architecture with easy-to-analyze grids and typography.

The service summary now features easy-to-access actions that can be selected from a drop-down panel at the upper-right corner of the page, as well as an array of links across the top of the screen so that you can toggle between existing configurations and create new ones. Finally, the configuration panel has been arranged horizontally to give a more minimalistic aesthetic to the interface. It also includes a summary of the tabs contents to improve clarity in user experience. You can try these new features out yourself at the following link.

Coming Right Up! DDoS Attacks-as-a-Service for $5

You can hire a DDoS attack like you would a bounty hunter, for as little as 5$. Distributed denial of service attacks (DDoS) are a form of cyber-criminal activity that has thrived in the digital era, creating a bustling underground marketplace where the DDoS attacks are bought and sold like commodities. Incapsula’s latest blog post details services that “rent out access to a network of enslaved botnet devices (e.g., Trojan-infected PC’s)” to launch the attacks on unsuspecting users.

DDoS-for-hire services get away with it by disguising themselves as stresser services, that test the durability and resilience of your server. Of course, as long as you pay them their required fee, the server that they “stress test” need not be your own.

It’s a pretty scary thought, but it’s one that is borne out in reality for as cheap as 5$ in the underground hacker community. It’s a steep drop in prices, down from $19 last year. Now anyone can hire a DDoS attack on the cheap.  Incapsula researchers searched for such DDoS-for-hire ads on Fiverr, on online marketplace that offers $5 services and found plenty of them offering to “stress test” your server against DDoS attacks.

When they reached out to one of the DDoSers, they admitted that any site could be targeted barring government websites and hospitals. While the Incapsula team reported the illegal services to Fiverr, which promptly removed a good deal of them, it’s a scary reminder that DDoS-for-hire is a becoming a common feature of everyday life.

Azure Rolls Out New CDN PoPs

Microsoft’s Azure is making new PoPs available to all CDN integrated Azure Media Service customers, across a range of regions including India, Australia, and South America. The new PoPs are compatible with existing streaming endpoints. Customers can now enable CDN for streaming endpoints created in any region, meaning that once you enable it from any region, all CDN PoPs will be automatically turned on. Azure is working on providing premier tier and multiple CDN options.

Azure Becoming An Edge Security Juggernaut

Azure is announcing the debut of its Azure Security Center, which is now available to all Azure customers. It is a signal of its commitment to becoming a leader in cybersecurity and threat intelligence by creating an integrative security platform. Azure has thus far invested over $1 billion in R&D to improve its threat solution capabilities.

The security center provides an overview and feedback on the security state of Azure resources, allowing customers configure cloud security policies and respond to threats and attacks. Customers also have access to actionable insights and recommendations provided by Microsoft’s vast global threat intelligence network, which is powered by machine learning and quickly detects threats. They also have access to solutions provided by Microsoft’s security ecosystem, which includes partners such as Cisco, Qualys, Barracuda, Check Point, Fortinet, F5, Imperva, and Trend Micro.

Other features which are detailed on its website include:

  • A log integrator which streamlines the process of getting security data.
  • Support for more Azure resource types including RedHat and many more Linux distros, including system update status, OS configurations, and disk encryption.
  • Email notifications.
  • New detection of lateral movement, outgoing attacks, and malicious scripts.
  • Security incidents overview.
  • REST APIs.
  • Integrated vulnerability assessment from Azure ecosystem and partners

AWS Raising the Bar on CDN+WAF Configuration

You can now use AWS CloudFormation to automate WAF configuration using example rules and match conditions. Amazon’s web application firewall integrates well with CloudFront, which is its CDN, to control and fine tune the type of traffic that is allowed or blocked on your web applications. Integrating CDN with WAF in this fashion allows you to provision, update, and delete the components of WAF. The CloudFormation template deploys some of the following rules and conditions as part of the solution:

  • A manual IP rule that contains an empty IP match set that must be updated manually with IP addresses to be blocked.
  • An auto IP rule that contains an empty IP match condition for optionally implementing an automated AWS Lambda function.
  • A SQL injection rule and condition to match SQL injection-like patterns
  • A cross-site scripting rule and condition to match Xss-like patterns in URI and query string.
  • A size-constraint rule and condition

The example rules count the requests that match the rules for you to test with your web application in order to provide a modular means of creating and updating nested stacks. In sum,  WAF Web ACL evaluates all requests against the rules and conditions prescribed, returning a HTTP 403 error message to client computers that send blocked requests and serving allowed or counted requests.

A basic configuration of rules and match conditions using CloudFormation is outlined in the following link along with instructions.

AWS Inspector is Proof They’re Serious About Security

AWS Inspector is an assessment service allows you to scale your security vulnerability testing, automating it across test, deployment and production environments, and allowing you to forward your findings to your ticketings and workflows. Amazon notes that the process can be conceptualized in two broad parts.

The first part of the security process entails using AWS Inspector to quickly identify and analyze security vulnerabilities while the second part deals with remedying the vulnerabilities that have been located. Because AWS Inspector is an integrated solution that works with workflow and ticketing systems, the process of remediation can be easily automated by using the AWS Lambda function, which allows you to run code without provisioning or managing servers. The function is also cost efficient, charging customers only for the compute time and not when the function is idle.

When AWS Inspector runs a security assessment, it sends a message to the Amazon Simple Notification Service, which in turn invokes AWS Lambda. Lambda fetches the findings and formats and emails them using a separate SNS topic.

Therefore, the major hurdle is setting up the Lambda function in the region in which Inspector is running, and setting up a dedicated SNS topic that Inspector notifies whenever there are findings. Instructions for configuring the SNS topic can be found on this link. After that, you’re ready to roll. Just set your findings to be published to the SNS topic, create the Lambda function, and you’ll receive email findings reports.

Digiprove sealCopyright secured by Digiprove © 2016