Introduction

Security incidents like data breaches and intrusions can have serious consequences, ranging from financial losses to reputational damage. In modern enterprise environments, it’s crucial to detect suspicious activities promptly and respond before they escalate. Our project, Security Alert System, addresses this challenge by providing a centralized mechanism to monitor login attempts, identify potential threats, and send alerts to administrators in real time.

Team

Our EagleEye project was conceptualized, designed, and implemented by a dedicated group of graduate students from NYU:

  • Dhanraj Chavan
  • Disha Sheshappa
  • Monica Parmar
  • Ram Ramanathan

We collaborated on all phases of the project—from planning and architecture design to hands-on coding, testing, and deployment. Each member brought unique expertise and insights, ensuring a robust, reliable solution.

Problem Statement

Enterprises often lack a streamlined way to monitor security threats across multiple platforms. Without automation, administrators must comb through logs or rely on manual analysis, risking delayed or missed alerts. Attackers can exploit these gaps, resulting in compromised systems, data theft, and non-compliance with regulations.

Key issues:

  • Absence of a centralized, automated alert system for immediate threat detection.
  • Delayed remediation due to manual monitoring.
  • Challenges in identifying and prioritizing critical alerts in real time.

AWS Design

Our Security Alert System leverages AWS Serverless Services to detect intrusions and send out immediate notifications. Here’s a high-level overview:

Design

1. Amazon S3

  • Hosts a static login page.
  • User credentials (username and password) are entered here.

2. Amazon API Gateway

  • Serves as the entry point for all incoming requests.
  • Forwards user credentials and login requests to a Lambda function.

3. AWS Lambda

  • Processes user input to detect any suspicious activity (e.g., potential injection strings).
  • Encrypts passwords with SHA-256 for added security.
  • Triggers an email notification through Amazon SNS if it detects any anomaly.

4. Amazon DynamoDB

  • Stores login and alert data.
  • Holds encrypted credentials and tracks suspicious login attempts.

5. Amazon SNS (Simple Notification Service)

  • Dispatches email alerts to administrators when the system detects suspicious activity.
  • Ensures real-time notifications to the security team.

This serverless architecture minimizes operational overhead and scales effortlessly without requiring manual provisioning or management of underlying infrastructure.

Encountered Issues & Solutions

Issue 1: Viewing the Static Login Page (HTTP 405 Error)

  • Problem: After uploading the static site to Amazon S3, the login page returned a 405 error.
  • Solution: We updated the S3 bucket’s public access and ACL settings.
  • Steps:
    • Disabled “Block Public Access” settings on the bucket.
    • Enabled ACLs (Access Control Lists) to make the page publicly accessible.
    • Verified that the bucket policy allowed public reads.

Issue 2: Inability to Communicate Between Lambda, API Gateway, and S3

  • Problem: The separate components (S3, Lambda, API Gateway) weren’t interacting correctly, leading to CORS (Cross-Origin Resource Sharing) errors.
  • Solution: Configured CORS rules appropriately.
  • Steps:
    • Added the API endpoint in the S3 CORS configuration.
    • Enabled CORS in API Gateway under Resources > Resource Details > Enable CORS to permit the correct request methods and headers.

Issue #3: Failed Email Notifications via Amazon SNS

  • Problem: Emails were not being sent from the Lambda function even though SNS was set up.
  • Solution: Correctly specified the SNS Topic ARN in the Lambda function’s code.
  • Steps:
  • Included the topic_arn property in Lambda’s environment variables.
  • Verified IAM permissions allowing Lambda to publish messages to the SNS topic.

Final Outcome

By integrating these AWS services and resolving the issues, the project now functions as intended:

  • Real-time Alerts: Administrators are immediately informed via email if the system flags suspicious user input.
  • Encrypted Data: Passwords are hashed using SHA-256, ensuring better data security in transit and at rest.
  • Scalable Serverless Architecture: The entire system automatically scales with user demand, eliminating the need for manual infrastructure management.
  • Improved Security Posture: Automated detection accelerates the threat response, reducing the window attackers have to exploit vulnerabilities.

Why This Solution?

  • Serverless and Real-Time: AWS Lambda, API Gateway, and SNS work together to enable real-time detection and response without provisioning servers.
  • Robust Security Framework: AWS Identity and Access Management (IAM) policies, roles, and permissions manage access to resources, and data is encrypted both at rest and in transit.
  • Ease of Integration: Scaling and adding new features (e.g., intrusion detection for other attack types) are straightforward in a serverless environment.

Lessons Learned & Future Work

  • SQL Injection Detection: Adding code to parse and filter out dangerous SQL input can strengthen protection.
  • Brute Force Prevention: Rate-limiting or temporarily locking accounts after repeated failed attempts can mitigate brute force attacks.
  • Dashboard & Analytics: An admin dashboard could provide real-time security intelligence, trending data, and an audit trail for suspicious activities.
  • Additional Notification Channels: Beyond email, adding SMS or push notifications can further improve responsiveness.
  • Multi-Factor Authentication (MFA/2FA): Implementing MFA would add an extra layer of protection on the login page.