Security Groups

Get to know Security Groups

Security Groups is a potent tool created to manage network access to AWS Cloud resources, especially EC2 instances, thereby enforcing network security in the L3/4 layer but for EC2 interfaces.

Basic knowledge

Basic things we should know when conducting configuration:

• By default, there will be two rules: inbound and outbound.
• By default, there will not be any inbound rules that allow access in the incoming direction.
• It is not possible to create a rule with a negation rule.
• When associated with an EC2 instance will act as a Host-based Firewall.
• One EC2 instance can be associated with up to 5 Security Groups.
• Cannot link to a VPC or VPC Subnet.
• For regulation, the source can be:
  • IP Address
  • VPC Subnets CIDR
  • Security Group ID
• Multiple EC2 instances can be linked.

Content

• Basic knowledge
• Create Security Group
• Best Practices
• Enable AWS Config Service

Create Security Group

1. Go to the Amazon EC2 console.
2. In the left-hand navigation bar, select Security Groups.

3. Select the Create security group button.

4. In the Basic details section, we need to enter a name, and description and select VPC.

5. In the Inbound rules section, click the Add rule button to proceed further as follows:

6. In the Onbound rules section, we will keep the default.

7. In the Tags section, click the Add new tag button to add specific Tags.
8. Click the Create security group button to initialize.

Best Practices

AWS recommends several standards as we proceed to use Security Groups. Securing these standards in a large system as well as multiple environments on the AWS Cloud is always a challenge, as new application deployments become faster and more frequent.

1. Delete unused security groups

If a large number of unused security groups still exist, this can make it difficult for Administrators to manage and find, the configuration process can lead to errors due to some duplicate rules.

2. Limited to Edit

Editing the Security Group is very important, just a small mistake can affect the whole system. Then we proceed to limit through IAM service and only some IAM Roles are allowed to perform editing operations.

3. Track creation and deletion

This has always been one of the most basic criteria for tracking activities related to the creation or deletion of Security Groups.

4. Don’t forget to limit Outbound

We should always limit access to the Outbound side of a Security Group to specific Subnets.

5. Limit the range of Inbound Ports allowed to access

Only Ports required for the operation of an application should be considered open on the Inbound side of a Security Group. With a large number of unnecessary ports open, this can lead to potential vulnerabilities that are easily exploited by exploratory access as well as attacks.

Enable AWS Config Service

Organizations and businesses should urgently address those challenges through automated control and monitoring tasks. With the AWS Config service, we can configure many rules to automate the detection of violations to the current system.

Here are a few steps to a basic Managed Rule configuration.

1. Access the service Config
2. If it is the first time accessing the service, they press the Get Started button.
3. In the Settings section, keep the default configuration as follows:

4. In the Rules section, we see a list of Managed Rules.

5. In the search box, enter restricted-ssh and select the corresponding rule.

6. Conduct initialization.