P
P
Pasechnik Kuzmich2017-10-24 07:49:44
Amazon Web Services
Pasechnik Kuzmich, 2017-10-24 07:49:44

Are security groups reliable enough?

I'm setting up servers on AWS. I wondered if it's worth configuring their firewalls if they are already covered by the rules of security groups? Who does what? Share your experience.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
E
Eugene, 2017-10-24
@Hivemaster

If there are doubts about security, then you need to configure an additional level :D
AWS provides two levels of security in the VPC:
Network ACL and Security Groups
The first serve to restrict access between subnets, the second - between network interfaces in the VPC
Despite the fact that there are quite a few between them the big difference in behavior/usage (described in the table docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC... ) they perform roughly the same function.
As an additional security feature (recommended by AWS in the above article) - your OS's internal firewall can close link-local(169.254.xx) and traffic to the first 4 addresses of your VPC (AWS internal functionality, this traffic is not even tracked using flow logs, not what is controlled).
However, it is recommended that the firewall inside the instance be configured according to your rules.
There is never enough security, and in order for the rules on all security layers to comply, use IAAC.
Oh yes, the answer to the question: Reliable enough.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question