Key concepts in network security director - Amazon WAF, Amazon Firewall Manager, Amazon Shield Advanced, and Amazon Shield network security director
Findings reference
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Introducing a new console experience for Amazon WAF

You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see Working with the console.

Key concepts in network security director

Note

Amazon Shield network security director is in public preview release and is subject to change.

Resources

The compute, networking, and security resources that handle your application traffic:

  • Compute – Amazon Elastic Compute Cloud instances

  • Networking – Application Load Balancers, Amazon API Gateways, Amazon CloudFront distributions, VPC subnets, and VPC elastic network interfaces (ENIs)

  • Security – Amazon WAF web ACLs, VPC security groups, and VPC network access control lists (NACLs)

Findings

Alerts about missing or misconfigured network security services, with severity levels of NONE, INFORMATIONAL, LOW, MEDIUM, HIGH, or CRITICAL. network security director generates findings by evaluating configuration settings and threat intelligence for each resource.

Severity

A measure of a resource's vulnerability to potential security events, based on Amazon best practices and threat intelligence. Severity assessment considers both potential vulnerabilities and existing protections. A resource's severity level matches its most severe finding, or shows as none if there are no findings.

Network topology

A visual representation of your network that shows resource connections, internet exposure, and tag-based relationships. Use the topology view to investigate resources and their findings.

Understanding network security director findings

Note

Amazon Shield network security director is in public preview release and is subject to change.

Network security director generates specific findings for each type of resource it analyzes. These findings help you identify security issues and take appropriate action. The following table lists all possible findings by resource type.

network security director findings by resource type
Resource type Finding description
Application Load Balancer

  • CloudFront origin is also Internet accessible without CloudFront protections

  • Amazon WAF missing bot and scraper rules

  • DDoS activity detected

  • Resource has no firewall attached for protection

  • Amazon WAF missing all rules - no protection, possible misconfiguration

  • Amazon WAF missing key Amazon Managed Rules (IP Reputation, Common Rules, or Bad Inputs)
Amazon API Gateway

  • Amazon WAF missing bot and scraper rules

  • Resource has no firewall attached for protection

  • Amazon WAF missing all rules - no protection, possible misconfiguration

  • Amazon WAF missing key Amazon Managed Rules (IP Reputation, Common Rules, or Bad Inputs)
Amazon CloudFront

  • Amazon WAF missing bot and scraper rules

  • DDoS activity detected

  • Resource has no firewall attached for protection

  • Amazon WAF missing all rules - no protection, possible misconfiguration

  • Amazon WAF missing key Amazon Managed Rules (IP Reputation, Common Rules, or Bad Inputs)
Amazon Elastic Compute Cloud (EC2) instance

  • Allows unrestricted inbound access (0.0.0.0/0) on all ports

  • Allows unrestricted inbound access (0.0.0.0/0) to RDP port 3389

  • Allows unrestricted inbound access (0.0.0.0/0) to SSH port 22

  • Allows unrestricted outbound access (0.0.0.0/0) on all ports

  • Resource has no firewall attached for protection

  • CloudFront origin is also Internet accessible without CloudFront protections

  • Resource has no firewall attached for protection

  • Amazon WAF missing bot and scraper rules

  • Amazon WAF missing all rules - no protection, possible misconfiguration

  • Amazon WAF missing key Amazon Managed Rules (IP Reputation, Common Rules, or Bad Inputs)
VPC security group

  • Allows unrestricted inbound access (0.0.0.0/0) on all ports

  • Allows unrestricted inbound access (0.0.0.0/0) to RDP port 3389

  • Allows unrestricted inbound access (0.0.0.0/0) to SSH port 22

  • Allows unrestricted outbound access (0.0.0.0/0) on all ports
VPC network access control list (NACL)

  • Allows unrestricted inbound access (0.0.0.0/0) on all ports

  • Allows unrestricted inbound access (0.0.0.0/0) to RDP port 3389

  • Allows unrestricted inbound access (0.0.0.0/0) to SSH port 22

  • Allows unrestricted outbound access (0.0.0.0/0) on all ports
Amazon WAF web ACL

  • Bot activity detected

  • Amazon WAF missing bot and scraper rules

  • Amazon WAF WebACL is not associated with any resources

  • Amazon WAF missing all rules - no protection, possible misconfiguration

  • Amazon WAF missing key Amazon Managed Rules (IP Reputation, Common Rules, or Bad Inputs)