# Front-End Security

Front-end security is accomplished through a four-pronged defense setup. Specifically, protections are in place (i) to protect against DDOS attack, (ii) enable DNS security, (iii) detect unwanted front-end changes and (iv) detect front-end intrusion.

| Type             | Details                                                                                                                                                          |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| DDOS             | Prevent DDOS attack using AWS load shedding mechanisms by throttling users that attempt to access relevant IP address at a rate exceeding 500 hits in 5 minutes. |
| DNS              | Enable and implement [AWS DNSSEC](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec.html).                                        |
| Intrusion        | Changes to web application assets are monitored using AWS Cloudwatch and Simple Notification Service (SNS).                                                      |
| Intrusion        | Changes to AWS account are monitored through AWS Cloudtrail.                                                                                                     |
| Unwanted Changes | Utilize [third-party service provider ](https://visualping.io/)to monitor changes to UI.                                                                         |

#### Incidence Response

The Web 2.0 incidence response plan involves diagnosing and resolving alerts that have been escalated and triaged via an incident response workflow board.