Layer 7

With applications becoming more sophisticated every day, we also need to start thinking about more sophisticated ways to protect our applications. At the application layer, we need a device that understands the application and the type of traffic that will be flowing to and from the application. Application firewalling is perhaps the most difficult and wide-ranging subject, and there are numerous ways to approach it. AWS offers WAF, which can help with securing web applications, but there are also other third-party solutions for different application types and for centralized security that's been designed by mainstream firewall vendors and is available from the AWS Marketplace.

As you can see, network security has many different aspects to take into consideration. When designing network security for our application, we need to consider any and all connection points of our application and think about which types of communication protocols we will be using. We should then map these protocols to the OSI network layers to discover the vulnerabilities we might be introducing. Finally, once we have categorized our potential weaknesses, we need to implement appropriate security solutions for each and every layer. In the following sections, we will take a look at how to design our AWS services with security in mind and how to implement security for our application at all the relevant OSI layers.