Network layer attacks

There are several types of network layer attacks, including but not limited to the following:

• Automated port scans: Port scans attempt to discover open ports for attackers to try and compromise.
• Spoofing: An attacker sets up their own server with an IP address of the server being attacked and tries to intercept traffic intended for the legitimate IP.
• DoS: An attacker or a group of attackers (DDoS) attack an application entry point (such as website or email server) with traffic that is designed to overwhelm the system, either with volumes or with packets that will cause errors to accumulate.

AWS inherently prevents IP spoofing and port scanning within EC2 networks. Any attempt at spoofing an IP or scanning ports within an EC2 environment is treated as a violation of the AWS terms, and any system attempting to perform either of those will be automatically and immediately blocked from any further access.

AWS provides a set of guidelines on how to protect an application against DoS and DDoS attacks and allows for the ease of management of the security features that help to achieve this with AWS Shield and AWS WAF. We will discuss this in more detail in the Delivering advanced network security in AWS section of this chapter. We can also use WAF to prevent injection attacks and session hijacking, and we can use the AWS Shield service to help us mitigate DoS and DDoS attacks. We will discuss these two services in the Delivering advanced network security in AWS section of this chapter.