In Amazon web services, security groups work like a virtual firewall, which regulates internal as well as external traffic for service instances. However, unlike traditional firewalls, only security groups permit users to develop permissive standards. They are not rendered with the feature to deny network traffic. This means – if none of the standards are defined for an instance, all internal or external traffic would be blocked. To assist users with the technical knowledge regarding AWS security group best practices, we are present here with today’s CloudCodes post.
Top 17 AWS Security Group Configuration Best Practices
With any of the Amazon web services, it is important to configure AWS security group to achieve security against data breaches or cybercrimes. Readers can refer following best practices to do the same:
- Enable VPC Flow Logging – Virtual private cloud flow logs render deep visibility into the network traffic, which traverses VPCs and could be utilized for the detection of anomalous traffic. Also, this provides insight view during the security workflows. It is one of the network monitoring services offered by Amazon to allow clients to identify security and access problems like too permissive security groups, and warning on anomalous operations like unusual data transfer, rejected connected demands, etc.
- Restrict Use of RDS Instances – When the AWS security group of VPC are linked with a RDS instance permitting unrestricted access, CyberWorld public can create a connection to target’s database. This increases the chances of malicious operations like SQL injections, DoS attacks, brute-force attacks, etc.
- Restrict Use of Redshift Clusters – When a redshift cluster is publicly accessible, hackers on the internet start establishing a connection with the intended databases. This increases the malicious activities’ risk and hence, a big threat for Amazon web services’ customers.
- Discrete Security Groups – Reduce the total number of discrete security groups to decrease the overall chances of misconfigurations that result in account compromise.
- New Unknown Ports – Stop accessing of new unknown ports to be safe from Cyber threats. Permitting unrestricted internal access for new ports can give an opportunity to hackers to perform their planned crime.
- Outbound Access – Stop outbound access from the ports to needed entities only, like particular destinations or ports.
- Remote Desktop – Check that access via 3389 is limited down to necessitated individuals only.
- Postgre SQL – This AWS security group best practice suggest administrators to verify that access via 5432 port is restricted to necessitated entities only.
- Oracle DB – Check that the 1521 port is not allowed for all entities; only required parties are allowed.
- MongoDB – An essential element to index and query data – MongoDB is used for several of causes. As a result, it is important to check that access through 27017 port is only allowed for those who require it.
- MSSQL – Check that the 1433 port number is limited down for particular parties only.
- MySQL – Ensure that the access through 3306 port is limited down for particular individuals only.
- ICMP – Make sure that ICMP i.e., Internet Control Message Protocol is limited down only for few special entities. Unrestricted data accessing can cause data breach incidents because hackers can use ICMP protocol to examine the network vulnerabilities.
- CIFS – Verify that the access via port no. 445 is not allowed for some particular entities. CIFS is a popularly used protocol to share data and communicate over web. Unrestricted access can result in unauthorized data access.
- FTP – File Transfer Protocol, is an essential protocol to perform a secure data transfer on client-server models. In this situation, both internal and external access through 20 / 21 port have to be limited down for needed entities only.
- RPC – Check that the port number 132 access is there only for required entities.
- EC2 – Make sure that the EC2 security groups do not comprises of huge ranges of opened ports. With large ranges of port, vulnerabilities can be leaked. A cybercriminal can make an attempt to scan these ports and address vulnerabilities that are present in hosted apps. This can be done by hackers easily because the huge port ranges are opened.
Time to Bind Up
CloudCodes team of Cyber security experts listed top 17 essential AWS security group best practices that are needed to enforce wide range of security, governance standards, and compliance. This demands for proper concentration while doing security configuration in Amazon account. Administrators have to ensure that they don’t afford doing of any other work when they are implementing these configuration points.