Helping Organizations Securely Access AWS Resources

When organizations migrate their applications, workloads, and data into public cloud environments, IT administrators must increasingly manage and secure their resources across multiple virtual clouds and on-premises corporate networks. And as cloud resources grow across multi- and hybrid-cloud environments, protecting access, applications, and data for workload deployments becomes an increasingly complex task.

Traditionally, Infrastructure as a Service (IaaS) providers such as AWS are responsible for the security and availability of their own infrastructure as part of the cloud “shared security model.” However, organizations are ultimately responsible for both the security of their own applications, workloads, and data in the public cloud and the protection of on-premises and private cloud resources.

Although most major public cloud environments use identity and access management frameworks for their own resources, centralized visibility and security across virtual private clouds require the ability to provide cross-platform network access, incident alerting for detection, and response to cyber-threats. Therefore, AWS customers are responsible for the secure usage of unmanaged AWS services and must provide their own security through authentication and user access control to protect their Amazon cloud environments.

Perimeter 81 offers end-to-end cloud resource visibility, management, and protection for AWS while at the same time enabling organizations to manage their resource access across multi-cloud environments for security and compliance risk management. AWS users can deploy Perimeter 81 for secure network access to their resources located within AWS. simply by creating secure tunnels between their Perimeter 81 network and AWS VPCs, all the while maintaining scalability and speed.

AWS is safe in standalone form, with Perimeter 81 acting as a complementary platform that adds access management and improved visibility on top of AWS’ shared security model. Organizations can also use Perimeter 81 to prevent AWS resources from becoming non-compliant, to avoid failed audits and protect against data breaches and compromised user access.

By making cloud resources more difficult to access and exploit through continuous security auditing, alerting, and configuration management, Perimeter 81 enables organizations to view who is accessing their AWS infrastructure through automated security policies so that IT administrators can make configuration and security decisions across their entire cloud infrastructure.

Deploying Secure Network Access with AWS and Perimeter 81

Perimeter 81 provides remote-access VPNs that enable network security and compliance for organizations that have transitioned to the public cloud or hybrid cloud environments using SSL or Internet Protocol Security (IPsec), the secure network protocol suite that authenticates and encrypts data at the IP Packet Layer. Establishing virtual tunneled connections with Site-to-Site IPsec between network resources and an external device and user requires two main components: Perimeter 81’s VPN client software and secure network access gateway.

AWS_P81

In addition, AWS Transit Gateway allows admins to connect multiple VPCs using a single Site-to-Site connection, unlike the AWS Virtual Gateway which requires one Site-to-Site connection per VPC. Inter-region AWS Transit Gateway peering is available in regions including US East, US West, and the EU.

To create a Remote Access VPN tunnel, the IPsec protocol negotiates security associations (SA) with the Internet Key Exchange (IKE) management protocol to create an authenticated and secure communication channel between a user, device, and network resources. IPsec VPN mutual negotiation exchanges keys for end-to-end encryption occurring in two phases. First, users with their devices establish a secure channel that negotiates the IPsec security association (SA). Second, users and devices negotiate the IPsec SA for authenticating traffic that will flow through the tunnel.

The IP traffic that flows between the two components passes between the Perimeter 81 private gateway and the client, thereby creating an IPsec tunnel to establish a secure VPN communications tunnel. The private tunnel and the data traveling over any network, public or private, is encrypted, keeping all data private and secure. 

Security Use Case: Perimeter 81 IP Whitelisting in the Cloud

IP whitelisting allows IT administrators to assign any team member a single, static outgoing IP address and enables new cloud and on-premises security configurations that are only possible with static IP addresses. Implementing IP whitelisting not only improves security but also promotes a more productive workforce by providing a secure and easy way for users to access private network resources from both personal and corporate mobile devices.

Instead of blocking access to identified risks and threats, such as in the case of blacklisting applications, web pages, or IP addresses, IP whitelisting allows IT administrators to identify and permit access only to trusted resources. By whitelisting IPs, admins are granting only trusted users within a specified IP address range permission to access specific domains or network resources such as emails, applications, URLs and more.

Because remote users must always connect to a gateway first and then have their IP address whitelisted to a security group, AWS VPCs can be configured to work with Perimeter 81. With AWS, inbound traffic from Perimeter 81 can be authorized by whitelisting the Perimeter 81 Private Network IP address to the selected Security Groups (AWS Virtual Firewall).

AWS Security Groups enable the control of IP traffic to your instance, including traffic that can reach instances and services both in the cloud and on-premises. To whitelist IPs, allow computers from only Perimeter 81 Private Servers to access instances using SSH, or use a web server that allows all IP addresses to access instances using HTTP or HTTPS, so that external users can browse the content on web servers only once connected to Perimeter 81.

Perimeter 81 and AWS Benefits

Together, Perimeter 81 and AWS ensure total cloud security with least privilege access for resource management and visibility across multi-cloud environments. The Perimeter 81 solution also increases productivity through cloud security monitoring, provides easy AWS resource migration with an encrypted, instant and scalable security infrastructure, and actionable intelligence from analytics and data that can help identify anomalies and threats. Additionally, Perimeter 81’s client application provides detailed reporting, management of user permissions, servers, and groups, and offers threat recommendations simplifying AWS cloud security while meeting compliance and audit standards.

To learn more about securing your AWS network access with Perimeter 81 please visit: www.perimeter81.com/AWS