About the customer
This customer is composed of more than one customs agents with presence in México, providing security, service, and experience for more than 40 years to all its clients.
It facilitates and simplifies the administrative work for the customers by concentrating all the services they require for their business, first-class customer service, and the technological platform to respond effectively and in a timer manner to the innovations and the speed of the changes in the international commerce.
Issue
Since many customs companies in the regio suffered cyber-attacks to its websites and databases, like ransomware, the customer worried about its information and business security, so they looked up for a partner, which could provide the peace of mind and security of having a strategic ally, with the aim to improve the security of its infrastructure and avoid attacks, to have better access control to the information and specially to the websites, ensuring the protection against any type of attack that could occur.
One of the main reasons for looking for a partner was ensuring the protection for its WordPress website, which was ready for the launching.
Solution
Criptonube/Myappsoftware started with the integration of the customer´s AWS Console under its administration to analyze the current state of the infrastructure, such as deployed services, network configurations, security levels, all this applying a Well-Architected Framework Review.
After to find the opportunities areas in the infrastructure as result of the WAFR, according with the best practices and collaboration of the customer, we applied the follow security level improves:
The website hosted on an EC2 instance running a Linux operating system, was placed behind an Application Load Balancer with a security certificate imported to Certificate Manager. This web server has more than 1 website, so we configured different target groups to ensure the correct listening by each port, such as 50001, 8080, 80, etc. (for internal traffic, not by internet). By this way, we ensure the web server isn’t public facing.
Also, we added AWS WAF with different rules such as SQL Injection, Amazon Reputation List, Amazon Anonymous List, Linux Rules Set, WordPress Rules Set. A custom rule was added to allow connections from other customer’s servers.
In IAM, we did a depuration of users that were no longer used or were no longer in the company.
Finally, the AWS Security Hub was implemented like part of the security monitoring.
AWS Services implemented
Certificate Manager: to manage the security certificate
Application Load Balancer: to manage the requests to the webserver and avoid the server be expose
Web Application Firewall: to implement rules that improve the security level at the webserver
Security Hub: to know the opportunities areas about the security
AWS CloudWatch: to implement a dashboard to monitor the resources like CPU usage, Network In, and alarms.
AWS CloudTrail: to save the about the interaction with the services
IAM: to manage the access control at user level and programmatic access
AWS Config: to control and inventory of configuration
AWS RDS: We used this service for the customer databases they have Aurora MySQL engine as well as SQL standard edition PostgreSQL
Results and benefits
Was implemented different security services to improve the security level at the infrastructure, providing to the customer a more reliable, safe, and fast architecture, an in this way keep the pace of mind of the customer about its information protection.
Doing different tests with the customer, it tells us that feels the site more agile, loading quickly than before. Whereby the customer´s experience navigating through the websites is more successful.
Learned Lessons
With this case we learned and put in practice, how to increase the security of the websites, helping to have a more secure and agile infrastructure for the end customers.