What would be the BEST way to reduce the potential impact of these attacks in the future?

By:
In: SCS-C01
Tagged:
With: 2 Comments
A distributed web application is installed across several EC2 instances in public subnets residing in two Availability Zones.Apache logs show several intermittent brute-force attacks from hundreds of IP addresses at the layer 7 level over the past six months.

What would be the BEST way to reduce the potential impact of these attacks in the future?

Use custom route tables to prevent malicious traffic from routing to the instances.

Update security groups to deny traffic from the originating source IP addresses.

Use network ACLs.

Install intrusion prevention software (IPS) on each instance.

Explanations:

Custom route tables control traffic routing within VPCs, but they cannot filter malicious traffic or prevent layer 7 attacks specifically.

Security groups are stateful firewalls, but updating them to block specific IP addresses may be ineffective against constantly changing attack sources. Additionally, brute-force attacks often use a wide range of IP addresses.

Network ACLs are stateless and provide an additional layer of security, but they are typically better suited for filtering traffic at a broader network level (e.g., IPs, ports), not specifically mitigating application-level attacks like brute force.

Installing intrusion prevention software (IPS) on each instance would directly mitigate layer 7 attacks by identifying and blocking malicious traffic targeting the web application.

2026-04-01

2 Comments

  1. Martha
    Author

    I plan that the answer is:
    Install intrusion prevention software (IPS) on each instance.

  2. Jesse
    Author

    I strategize that the answer is:
    Install intrusion prevention software (IPS) on each instance.

Leave a Reply to Jesse Cancel reply

Your email address will not be published. Required fields are marked *

ten − 6 =