Category: AWS Network Firewall

Managing access to websites and safeguarding users from harmful content is a critical component of a layered cybersecurity approach, especially in educational settings. Schools and institutions of higher learning have a responsibility to provide a secure online experience for their students and staff. Traditionally, this has been accomplished through on-site web filtering appliances. Amazon Web Services ( AWS) Network Firewall allows customers to filter their outbound web traffic from on-premises environments based on fully qualified domain names (FQDN) or Server Name Indication (SNI) for encrypted traffic. This post will use AWS Client VPN to demonstrate routing and filtering traffic from external resources through Network Firewall.

Amazon Web Services (AWS) is continuing its collaboration with Defending Digital Campaigns (DDC) to offer more than 20 cybersecurity-related AWS services for low-to-no cost to all active and registered national party committees and federal candidate campaigns.

Protective DNS services, commonly known as PDNS, are a go-to solution if you’re aiming to bolster the security of your infrastructure from the ground up. Unlike traditional methods involving software-based agents or devices for traffic filtering, PDNS services take a unique approach – they scrutinise the DNS requests made by users and adjust responses based on predefined rules within the service. In this post, we explore the seamless integration of PDNS services with workloads in the Amazon Web Services (AWS) Cloud, showcasing their effectiveness in enhancing cybersecurity within cloud environments.

In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.