Sunday, February 19, 2023

VPC FLOW LOGS

 






      
WHAT IS VPC FLOW LOGS?


ANSWER:

VPC Flow logs is a feature in Amazon Web Services (AWS) that allow you capture the details of traffic that flows in and out from the network interfaces in your VPC. It detects a potential security threats and optimize application performance. 


HOW DO YOU CONFIGURE VPC FLOW?

ANSWER:

You can enable VPC Flow in your console, set-up the interval of flow capture ( 10mins, 20 mins), set up the destination ( S3 bucket, CloudWatch) and establish a destination log group where the flow log is established. 
                                      

IF YOU MAKE A CALL TO KNOW THE METADATA OF YOUR INSTANCE DOES  VPC FLOW LOGS CAPTURES IT ?

ANSWER:

No, VPC Flow logs does not capture metadata API calls. VPC Flow logs only capture information about the network traffic that comes in and out of your infrastructure. 

WHAT ARE THE LIMITS TO VPC FLOW?

ANSWER:

Tags -YOU cannot tag a flow log.

IAM - You cannot associate IAM role with the flow log.

Cost- VPC flow logs can incur additional bills from storage to data transfer. In this case, AWS cost explorer / budget can be enabled.

VPC flow logs cannot keep log for longer periods. You can customize.

It can only capture metadata traffic such as IP address. It does not capture encrypted keys that is used to encrypt the traffic. 

WHAT PROBLEM CAN VPC FLOW LOG SOLVE?

ANSWER:

Compliance: It helps to solve and provide audit trail of network.

Congestion: This helps to solve traffic jam to any potential bottlenecks such as the quality of services (QoS).

Security: VPC flow logs detects unauthorized access attempts. 


VPC FLOW LOGS CAPTURES WHAT INFORMATION?


ANSWER:

VPC Flow Logs captures sources, destination of your IP addresses, ports, protocol, bytes.


VPC FLOW LOG CAN BE CONFIGURED AT THREE
 LEVELS?

ANSWER:

VPC , Subnet,  Network interface level. 


HOW DOES VPC FLOW LOGS STORE DATA TO A DESTINATION?

ANSWER:

VPC Flow logs data can be use for Datadog analysis.

VPC flow logs can be sent to CloudWatch Logs where it analyses the logs insights.

VPC flow logs can be stored in s3 bucket which is integrated with AWS Athena.


WHAT IS THE DIFFERENCE BETWEEN VPC FLOW LOGS AND CLOUD TRAIL?

ANSWER:

VPC Flow logs captures the entire network traffic. The information within the network such security group, instances, subnet etc 

CloudTrail log shows a comprehensive details of API activity in your entire AWS account. 




Happy Learning!!😊

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

CONFIGURING A PHISHING CAMPAIGN IN MICROSOFT DEFENDER.

Configuring a phishing campaign in Microsoft Defender (specifically Microsoft Defender for Office 365) involves creating a simulated attack ...