AWS Network Firewall: Flow-Based Control Improves Security

AWS Network Firewall

Using AWS Network Firewall for Flow Management Improves Network Security

AWS Network Firewall manages stateful network firewalls and intrusion detection and prevention. It lets you apply security rules to VPC network traffic for better control. This blog article describes flow capture and flow flush, new AWS Network Firewall technologies that increase network visibility and security policy enforcement. While flow flush selectively terminates some or all flows, flow capture provides complete access into current network flows for monitoring and troubleshooting. These features help with network monitoring, troubleshooting, policy changes, and security circumstances that need isolating infected computers quickly.

Traffic flow is permanent if the firewall allows it. For compliance with your revised security needs, you may want to analyse and re-apply the new policy on existing flows after changing firewall rules, such as switching from a broader to a more targeted firewall policy.

This is especially beneficial in fast-paced security scenarios or dynamic cloud settings with changing security rules. These new features allow users better insight and control over this crucial firewall activity by natively recognising active flows and selectively flushing their connection data from the firewall's inspection engine. You may maintain network policy enforcement during scheduled security upgrades or security events by flushing dubious network traffic flows.

The AWS Network Firewall API and AWS Management Console offer these features.

Before AWS starts employing these new functionalities, let's examine some new terminology.

Terminology comprehension:

AWS Network Firewall's active flow is a monitored network connection with a uniquely identified source IP, destination IP, source port, destination port, and protocol. Flow capture and flush characteristics refer to active network flows as non-closed. This includes TCP sessions in the NEW or ESTABLISHED stage.

Flow filters match active network flows based on one or more parameters, such as source IP address, destination IP address, source port, destination port, or protocol. One flow filter matches several network flows that meet requirements.

This firewall function captures all active flows at a certain period using the supplied flow filter or filters. This functionality lets you see network traffic, security events, and flows before flushing. According to your flow filter(s), flow flush flushes a subset of active flows from the firewall flow table at a certain time. After flushing, packets are appraised as midstream flows based on stream exception criteria.

Summary: Flow capture and flush workflow

The open-source intrusion detection and prevention system Suricata is used by AWS Network Firewall for stateful inspection. When evaluating VPC traffic, the firewall stores detailed connection status data in a flow table. This means the firewall knows the full context of every network connection, not simply packets.

Depending on flow filter criteria like IP address, port, or protocol, you may need to flush flows to clear all active flows (during troubleshooting or maintenance) or selectively (during firewall rule updates, to flush long-running flows). Either flush flows directly using pre-specified filters or catch flows for examination before flushing. The firewall operation history lets you track and verify capture and flush actions.

Check out the flush and flow capture features:

These functions are accessible via console:

Enter the Amazon VPC console after login into AWS management.

Select Firewalls under Network Firewall in the navigation pane.

Firewalls: Select the firewall to collect or flush flows.

Firewall activities includes Configure flow capture and flush.

Capturing flow

Using full or partial 5-tuple filters to capture active flows is covered here. In the same VPC, AWS Network Firewall checks traffic on subnets 10.0.1.0/24 and 10.0.2.0/24. Find and flush active TCP port 80 traffic from 10.0.1.0/24 to 10.0.2.0/24.

Use the console to capture flow:

Select Configure Flow Capture to discover active flows. A new window appears.

Select Availability Zone.

The destination or source address must be entered.

Protocol (ICMP, TCP, UDP, IPv6-ICMP, or SCTP), Source Port, Destination Port, and Minimum Age of Flow are optional.

Select “Add filter.” Add up to 20 filters using entire or partial 5-tuple combinations.

Select “Start capture.”

Only one filter is needed to catch TCP port 80 traffic from subnet 10.0.1.0/24 to 10.0.2.0/24. Additional filters are shown to demonstrate filter choices. Specialised filters speed up operation.

After capture, the flow operation displays filter flows.

Flushing

Learn how to flush flows using a whole or partial 5-tuple in this section. Use the capture approach in the previous section to detect active flows before flushing. You may also specify new filters to flush certain active flows, starting a new flush operation.

Console-initiated flow flush:

Option 1: Record, erase

Select “Configure Flow.” Use the Configure flow capture process to cleanse flows that match the filters you previously defined.

Select Start flush in to flush.

Option 2: Direct flush

For firewall operations, choose “Set up flow flush”.

Set filter settings.

Start flushing.

You may inspect flushed flows after the flow flush using either option.

You can collect and flush flow to validate flushing again. Clients usually rejoin after flushing flows. The firewall's flow table and flow capture data reveal these retries. Minimum age can be used as a filter to reduce repeat flows in flow capture data.

For the stateful engine of your firewall, AWS Network Firewall flow logs show flushed flows. These entries show the flow's previous condition and the rationale field's flushed status.

Historical firewall operations

The Firewall operation history provides capture and flush actions from the preceding 12 hours using AZ-specific operation IDs. Any operation above 12 hours is immediately deleted. Click on a Flow operation ID to view capture or flush flow operation details.

What to know:

One flow capture or flush per AZ per firewall is allowed. If your firewall endpoints are in distinct AZs, you can capture or flush flows simultaneously.

Use Minimum age in Filter settings to identify or flush long-running flows. Only flows active for five minutes or longer are considered when the Minimum Age is 300 seconds.

The firewall policy's stream exception policy applies to packets that reach it after their flow state has been flushed. The reject stream exception policy is recommended for most applications.

Due to the distributed firewall technology, firewall hosts may perform flow capture and flush operations differently. The firewall distributes capture and flush actions instead than executing them in real time.

These traits support IPv4 and IPv6 flows.

For auditing, AWS CloudTrail logs flow capture and flush operations as management events.

In conclusion

This post showed you how to utilise flow capture and flush to detect and clear out existing flows and test your security configurations, including stream exception policies, as needed. These new features allow organisations to monitor network traffic, respond quickly to security problems, and apply updated security policies consistently to all active connections. These features are enabled by default for new and current clients and are free.

My page for @sheikahzine; about Impaz's duty to her village, empty of people and full of memories.

[id in alt text]

*whispers* spamton and tenna collaborating toward a big telethon event but spamton is kicked out of the mansion before its meant to air live and doesnt show up, makes tenna hurt and angry because spam ghosted / he was left in the dark and spamton seeing the telethon live while he walks the streets and sees tenna calling him a flake on air, last nail in his coffin, so on and so forth, i trust you with this vision

thanks for your vision. im sending a swarm of locusts to your location

Decon scenes as they are in ENT 👎

Decon scenes if they let the crew at least have some gay awakenings in that cursed blue room 👍

The cat is sleeping, must race to accomplish as many fibre arts tasks as possible without interference

Clone^2 - graveyard shift

The dinging of the door alerts Sarah of someone walking in, and she barely glances up from her phone to see who it is. It's past midnight and somehow her coworker John managed to convince her to take over his graveyard shift at their convenience store. He owes her one, because she's been standing here for an hour and nobody's come in.

Not a surprise to her - nobody likes to stay out past sundown in Amity Park, even after nearly three years of ghosts appearing all over the place.

But still, it happens sometimes. So she doesn't look up. The dinging bell just lets her know that it's not a ghost, and that's really all she can ask for. The last time she worked late and a ghost came in, she was cleaning the shelves from some weird goo for an hour.

However, the lack of footsteps in the store after a few seconds worries her enough that she forces her head to lift. And a frown weaves its way onto her face when she sees no one at the door, nor anyone in the closet aisles.

...Shit, was there really a ghost here? Can they ring door when they come in? Normally she sees them just phase right through. And normally they glow, bright and jarring that leaves a migraine building behind Sarah's eyes.

Her eyes quickly scan the shelves again, looking for anything out of place -- anyone with too many heads, or too many teeth, or snakes for hair. She's pretty sure a coworker saw that once when they were working graveyard.

But she still sees no one. Apprehension raises the hair on the back of her neck, and she straightens up from her lean against the counter. Fuuuck. Was this one of those... marshmallow ghosts? An animal ghost?

Sarah really does not want to have to fight off a three-eyed raccoon looking-thing with eagle feet. She's heard the horror stories. And there was no way to contact the Phantom or the Red Huntress to come pick it up -- and she wasn't gonna try her luck with the Drs. Fentons.

Her fingers itch for the broom hanging on the wall behind her. It probably won't do much against a mutant raccoon-ghost-monster, but it'll make her feel better.

There's a rustle and crinkle in the candy aisle, and Sarah's hands are curled around the broom before she could blink. Her heart beating in her chest. She walks out from the counter, the bristled end raised like a bat in the air as she creeps apprehensively towards the noise.

There's nothing there when she peers around the side, and the aisle shelves are tall enough that she can't see over them.

She raises the broom higher. Sarah was in softball. She could take out a raccoon-eagle-hybrid.. thing.... easily. She just... needs to pretend its a golf ball. Except golf isn't softball so that's a terrible comparison.

Oh god she was gonna get her face ripped off, wasn't she.

John so owes her one. So much.

Creeping down the aisle, she keeps her ears perked for any new sounds. But all she can really hear is the soft pop music playing on the store speakers -- chosen by yours truly from her own personal playlist -- and the hum of the freezers. Ugh. This was not good for her paranoia. Like, at all.

Sarah's down at the end of the aisle when she feels a quick set of taps on her shoulder. Her nerves are already shot, so she shrieks and whirls around on her foot, swinging the broom blindly.

Only to be met with sudden and blunt resistance. Blinking rapidly, Sarah stares up and sees a black gloved hand gripping the broom handle tightly, small white bandages peeking over the side around five fingers. Following the hand down connects it with an arm, and then a chest, and suddenly she's staring at a black hoodie and black jacket.

When she tilts her head up, Sarah comes face to face with the bone-white mask and the terrifying, unearthly green eyes of their local vigilante, the Phantom.

...Holy fuck. It was the Phantom.

He was taller than she initially thought. Was her jaw on the ground? Probably. It was flapping like a fish out of water. "I- uh, you-- buh--"

Slowly, the Phantom raised his free hand and wrapped it around the handle of the broom. Sarah watches, wide eyed still and stammering as he firmly plucked the broom out of her hands and turned to lean it against the shelves.

Something about him doing that must've kicked her brain back into gear, because the first thing that comes out of her mouth is; "Your eyes are really green."

And she was going to lock herself in the freezer in the back for that one. She feels her face grow hot with embarrassment, and the Phantom only looks at her blankly. Her eyes shift nervously. "Well, it's true."

It was! The green eyes of the Phantom was his most defining feature other than that unsettling mask he wore. Especially considering they were the same color as some of the ghosts. It was one of the many, many creepy things about the guy.

Looking at it gave her the same, faint headache as when she stared at a ghost for too long. So Sarah drops her gaze a little to avoid it.

The Phantom remains silent, but he raises his hands and signs something to her that she doesn't understand. Fuck, that's right. He didn't speak - and Sarah doesn't know any ASL.

Sarah cringes. "Sorry, I don't know ASL."

She can feel his burning green eyes boring into her, and he remains as silent as the grave as he reaches into his back pocket and pulls out a phone in a plain black case. She watches him turn it on -- or at least she assumes he does, there's a privacy protector covering the screen -- and type something into.

He holds it up to her face when he's done, and she squints at the screen. In the notes app, a small text reads; 'We're ready to pay.'

..Oh. This wasn't Sarah's night. Embarrassment flashes hot through her and she forces out a laugh in order to try and quell it, Phantom shoves the phone back into his pocket. "Oh! Oh, right! I'm sorry, I'll uh- get up to the front--" She stops in her tracks.

Wait. Did that message say 'we?'

She smiles nervously, tilting her head up at the Phantom as her brows thread together. "Um," she swallows dryly, "we?" Didn't... didn't the Phantom work alone?

As if startled, the Phantom jerks. And for the first time since he showed up, he blinks and turns around. Which personally, doesn't bode that well as the Phantom swivels his head from side to side like he's looking for someone.

Sarah thinks, after the Phantom stalks up to the end of the aisle and looks around, she hears him sigh. And when he walks back, he snatches the broom with an elegant twist and knocks it against the shelves.

Thud, thud, thud!

There's very, very quiet shuffling that Sarah would have missed if she hadn't been looking for it, and then silence for a few seconds, before suddenly there's a small child pushing past her side and over to the Phantom.

And in the process, scaring the shit out of Sarah.

She squeaks and jumps, nearly tripping over her own feet as the child makes a spot next to the Phantom's side. "Where did you come from?!" She says, her heart pounding against her ribcage.

The child says nothing, just stares at her through a creepy bone-white mask reminiscent of the Phantom's. Although unlike the Phantom, he was wearing some... kind of... dark red ninja outfit?

Sarah really wasn't quite sure. It was partially covered by a jacket that clearly belonged to the Phantom and with the sleeves rolled up multiple times to his elbows. The jacket alone nearly obscured the sword attached to his hip.

...Why the hell did the child have a sword.

She looks between Phantom and the child, at a loss for words. Why-- why did the Phantom have a kid with him, why was the kid wearing a mask like his.

"You have a child with you." Sarah says bluntly, her voice flat. It betrays how shocked she feels. The Phantom doesn't say anything, as she should have expected, but he does nod shortly.

The child bristles slightly, but says nothing. Part of his mouth was uncovered, and she watched it twist downward into a scowl at her. Unlike the Phantom, his eyes were not green. She couldn't see his eyes at all, actually. They were shadowed by the mask.

There's the sound of paper thwipping, and like a magician pulling out a card, the Phantom holds out a note card to her. He stares, expectantly, and Sarah reluctantly takes it.

Written in neat writing and bold sharpie are the words; "This is Wraith."

...And that's it. Sarah glances up at Phantom. Then at the supposed 'Wraith'. Then back at Phantom. "You're bringing a child with you to ghost hunt?" She asks, and okay, maybe she's not able to hide all of the judgement leaking into her voice. "And you gave him a sword?"

The Phantom stares at her blankly, or well, probably blankly. All of his expressions are unreadable with the mask he wears. But the kid, Wraith, bristles again like a stray cat. His scowl deepens, he puffs up, and he opens his mouth like he's about to say something.

...Only for the Phantom to immediately snap his hand out and cover his mouth. Wraith makes an angry sound, and Phantom drags the boy into his side, seemingly nonplussed as he twists his wrist and pulls another note card out of nowhere.

"He is perfectly capable of handling himself." The card reads, and then continues; "I would not have been able to stop him anyways. Wraith would have followed me regardless."

Did he have these prepared?

Best not to question it, Sarah decides. The Phantom has always been strange. So she just nods mutely and stuffs the two notecards into her back pocket. "Okay," she says, and moves around the Phantom. "I'll check you out up front."

I post art for large fandoms and no one says a single god damn interesting thing in the tags but when I post terror art there is a WAY higher proportion of ppl being chatty and unhinged in the tags

I'm rereading Master and Commander and I'm deeply in danger of just posting every single passage from it ever but I did love the way that the capture of the prize in Chapter 6 was framed on either side by the logbook's entry, and also the way he transitions out of it to set the scene and tone:

Sunday, July 1 … Mustered the ship’s company by divisions read the Articles of War performed Divine Service and committed the body of Henry Gouges to the deep. At noon dº weather. Ditto weather: but the sun sank towards a livid, purple, tumescent cloud-bank piled deep on the western horizon, and it was clear to every seaman aboard that it was not going to remain ditto much longer. The seamen, sprawling abroad on the fo’c’sle and combing out their long hair or plaiting it up again for one another, kindly explained to the landmen that this long swell from the south and east, this strange sticky heat that came both from the sky and the glassy surface of the heaving sea, and this horribly threatening appearance of the sun, meant that there was to be a coming dissolution of all natural bonds, an apocalyptic upheaval, a right dirty night ahead. The sailormen had plenty of time to depress their hearers, already low in their spirits because of the unnatural death of Henry Gouges (had said, ‘Ha, ha, mates, I am fifty years old this day. Oh dear,’ and had died sitting there, still holding his untasted grog) – they had plenty of time, for this was Sunday afternoon, when in the course of nature the fo’c’sle was covered with sailors at their ease, their pigtails undone. Some of the more gifted had queues they could tuck into their belts; and now that these ornaments were loosened and combed out, lank when still wet, or bushy when dry and as yet ungreased, they gave their owners a strangely awful and foreboding look, like oracles; which added to the landmen’s uneasiness.

[...]

Jack leant back against the curved run of the stern-window and let Killick’s version of coffee down by gulps into his grateful stomach; and at the same time that its warmth spread through him, so there ran a lively tide of settled, pure, unfevered happiness – a happiness that another commander (remembering his own first prize) might have discerned from the log-entry, although it was not specifically mentioned there: 1/2 past 10 tacked, 11 in courses, reefed topsail. AM cloudy and rain. 1/2 past 4 chase observed E by S, distance 1/2 mile. Bore up and took possession of dº, which proved to be L’Aimable Louise, French polacre laden with corn and general merchandise for Cette, of about 200 tons, 6 guns and 19 men. Sent her with an officer and eight men to Mahon.

Epic animatic update :

I'm still suffering

I kind of hate this actually

Mr. House and Courier Six drawn by @boonnimii

Please reblog this to get a bigger sample size!

艾AA!

Mentally insane about the Earthsea Cycle tonight

I finished The Farthest Shore a couple hours ago and God. Just god. The messages in the series are so amazing and I adore them so much it's hard to put it into words honestly.

I am very very very very much looking forward to Tehanu which I didn't think the copy I ordered was going to arrive until next week but I check the tracking earlier and it's supposed to come tomorrow and I'm so siked.

Just all the little things and the nuances of the series and writing are so incredible.

the ADHD brain really is like

i'm gonna go upstairs and write

*guitars hanging on bedroom wall*

oh right I was gonna try to learn the intro to De Selby Part 1 on guitar

*spends 20 minutes picking around with the track to learn it by ear*

well now i've learned it but i'm worried i might forget how to play it next time i practice

maybe i'll just jot it down really quick in guitar pro...

*spends an hour making a tab*

oh yeah i came up here to write didn't i

Top 5 animated movies?

oh this is a fun one!!

5. Any Wallace And Gromit Movie - they simply all slap. probably the wrong trousers but i enjoy all of them. the most recent one absolutely hit the mark in a way i wasn't expecting. wallace and gromit never miss, also movies i will never ever turn down watching

4. luca - kind of a stand in for all of my favourite pixars but this is kind of the one i think of. it is vastly underrated imo and i cannot watch the ending without crying a lot

3. nimona - also another one that i can't watch without crying! but so so endlessly fun, i adore this film and i need a physical copy of it actually

2. the boy and the heron - this is hands down my favourite ghibli, i have gotten almost universal responses of 'really?' when i say this to people but it is True, touches on a lot of themes that i love and just generally has so much depth and different ways you can read it. and those are my favourite kinds of films! emotional but ultimately very hopeful and very kind. big fan of the boy and the heron. my other ghibli highlights are kaguya and mononoke probably but after boy and the heron my ranking is pretty changeable

1. flow (2024) dir. gints zilbalodis - if flow has 10000 fans i am one of them. if flow has 10 fans i am one of them. if flow has 1 fan that is me. if flow has no fans i am no longer on this earth. i love flow i adore flow i need to watch it again immediately. you don't know how many times ive stared longingly at the limited edition blu ray i can't currently buy. saw it 3 times in cinemas and it was the most beautiful thing i ever saw in my entire life. third time i said to my friends arguably the whale is God and they all went neon what the hell are you on about. flow 2024 is my best friend

honorable mention to robot dreams also. we need more movies about the power of friendship and also september by earth wind and fire

im literally so satc pilled rn sorry