Application ID¶
Application ID is used as the final source of truth based on actual traffic flowing through the valtix gateway instances to define security policies. This can be specified as a part of defining the service object. Service object is used to identify the type of communication that is happening between a source and a destination. Typically services are identified by layer4 ports. A more powerful and precise way to identify communication is using application ID. This looks into multiple aspects of the payload going beyond layer7 even to understand the actual application in use. This is very helpful in defining security policies more precisely and also prevent against potential hijack of valid layer4 ports by attacks. For application ID to work, either the valtix gateway is acting like a proxy with full TLS decryption or the traffic is in clear.
Selection of Application IDs¶
- Navigate to Manage > Services.
- Click Edit of an existing service or Create a new service.
- In the Application IDs dropdown , pick and choose the relevant application IDs
Empty application IDs mean that service object choice is purely based on destination port and protocol defined there. If one or more application IDs are specified, then it is an OR condition, wherein if any one of those application IDs is detected then it is considered as matching this service.
Application ID Classification¶
Below are three (3) classes of application IDs. Client application Ids make sense while defining egress service objects. Legacy application IDs make sense while defining east-west service objects. Cloud service application IDs make sense while defining service objects for use in access security policies to cloud managed services.
Client application IDs are used while defining a service object for traffic egressing the cloud. This is the ID of the application originating the egress traffic. Here are a few examples.
Application Category | Application IDs |
---|---|
Command line web utilities | Wget, cURL |
Browsers | Chrome, Firefox, Safari, Internet Explorer |
Packaging tools | Advanced Packaging Tool (apt) |
Cloud utilities | AWS CLI |
Legacy application IDs are your classic lift and shift applications that the enterprises choose to move from on-prem to public cloud environments. Here are a few examples.
Application Category | Application IDs |
---|---|
Interactive | SSH, Telnet, RDP |
Databases | MSSQL, MySQL, PostgreSQL |
File Sharing | SMBv2, SMBv3, NFSv4 |
Authentication | LDAP, LDAP-TLS, Active Directory, Kerberos |
Data Transfer | FTP |
Communication | RPC |
Voice | SIP |
Transport | HTTP, HTTPS |
Name Resolution | DNS |
Cloud service application IDs are your native cloud managed services. Following is the list of application IDs for AWS managed services.
AWS Service Application ID |
---|
AWS Alexa |
AWS Amplify |
AWS Api Gateway |
AWS Api Execute |
AWS App AutoScaling |
AWS App Stream2 |
AWS App Mesh |
AWS App Sync |
AWS Athena |
AWS RDS |
AWS Autoscaling Plans |
AWS Backup |
AWS Batch |
AWS Budgets |
AWS Savings Plans |
AWS ACM |
AWS Cloud9 |
AWS Cloud Dir |
AWS Cloud Form |
AWS Cloud HSMv2 |
AWS Cloud HSM |
AWS Svc Disc |
AWS Cloud Srch |
AWS Cloud Trail |
AWS Cloud Watch |
AWS Events |
AWS Logs |
AWS Synthetics |
AWS Code Artfct |
AWS Code Build |
AWS Code Commit |
AWS Code Deploy |
AWS Code Profile |
AWS Code Review |
AWS Code Pipeline |
AWS Code Star |
AWS Code Star Notifications |
AWS Cognito IDP |
AWS Cognito Identity |
AWS Cognito Sync |
AWS Comprehend |
AWS Comprehend Medical |
AWS Compute Optimizer |
AWS Config |
AWS Connect |
AWS Data Exchange |
AWS DLM |
AWS Data Pipeline |
AWS Data Sync |
AWS DMS |
AWS Detective |
AWS Devops Guru |
AWS Direct Connect |
AWS DS |
AWS Dynamo DB |
AWS DAX |
AWS Streams |
AWS Elastic Beanstalk |
AWS Elastic Compute |
AWS Elastic Block Storage |
AWS Image Builder |
AWS ECR |
AWS ECS |
AWS EKS |
AWS EFS |
AWS Elastic Inference |
AWS Elastic Transcoder |
AWS Elastic Cache |
AWS ES |
AWS Elastic Map Reduce |
AWS FMS |
AWS Forecast |
AWS Fraud Detector |
AWS IoT |
AWS FSX |
AWS Gamelift |
AWS Glacier |
AWS Global Accelerator |
AWS Glue |
AWS Ground Station |
AWS Guard Duty |
AWS Health |
AWS IAM |
AWS Access Analyzer |
AWS Import Export |
AWS Inspector |
AWS IoT1click |
AWS IoT Analytics |
AWS Data |
AWS Tunnelling |
AWS Jobs |
AWS IoT Events |
AWS Greengrass |
AWS Prefix ATS |
AWS Greengrass ATS |
AWS IoT Sitewise |
AWS IoT Things Graph |
AWS KMS |
AWS Kinesis Analytics |
AWS Firehose |
AWS Kinesis |
AWS Kinesis Video |
AWS Lake Formation |
AWS Lambda |
AWS App Wizard |
AWS Models |
AWS Runtime |
AWS License Manager |
AWS Lightsail |
AWS Macie2 |
AWS Macie |
AWS Machine Learning |
AWS Managed Blockchain |
AWS Metering |
AWS Mturk |
AWS Kafka |
AWS Media Connect |
AWS Media Convert |
AWS Media Package |
AWS Media Store |
AWS Media Tailor |
AWS MGH |
AWS MQ |
AWS Network Firewall |
AWS Network Manager |
AWS Opsworks |
AWS Organizations |
AWS Outposts |
AWS Pinpoint |
AWS SMS Voice |
AWS Polly |
AWS Qldb |
AWS Quicksight |
AWS Ram |
AWS Redshift |
AWS Rekognition |
AWS Pi |
AWS Resource Groups |
AWS Tagging |
AWS Robomaker |
AWS Route53 |
AWS Route53 Domains |
AWS Route53 Resolver |
AWS Sagemaker |
AWS Secrets Manager |
AWS Security Hub |
AWS STS |
AWS SMS |
AWS Service Quotas |
AWS Serverless Repo |
AWS Service Catalog |
AWS Shield |
AWS SNS |
AWS SQS |
AWS Queue |
AWS SWF |
AWS SDB |
AWS SSO |
AWS Identity Store |
AWS Snowball |
AWS States |
AWS Storage Gateway |
AWS Support |
AWS SSM |
AWS Textract |
AWS Transcribe |
AWS Transfer |
AWS Translate |
AWS WAFv2 |
AWS WAF |
AWS Workdocs |
AWS Workspaces |
AWS X Ray |
AWS Elastic Load Balancing |
AWS Messaging |