Category: AWS Network Firewall

Protective DNS services, commonly known as PDNS, are a go-to solution if you’re aiming to bolster the security of your infrastructure from the ground up. Unlike traditional methods involving software-based agents or devices for traffic filtering, PDNS services take a unique approach – they scrutinise the DNS requests made by users and adjust responses based on predefined rules within the service. In this post, we explore the seamless integration of PDNS services with workloads in the Amazon Web Services (AWS) Cloud, showcasing their effectiveness in enhancing cybersecurity within cloud environments.

In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.