Skip to content
CYBERSECURITY BLOGGER

CYBERSECURITY BLOGGER

Your knowledge source

  • Cybersecurity tools
  • Threat Management
  • Compliance
  • Digital Forensics
  • Write for us
    • New Story
    • Post List
  • About us
    • Contact Us
    • Privacy Policy
  • Toggle search form
How protect small and medium businesses from cyber threats? Threat management
HIPAA Compliance and SIEM: Meeting Standards in 2020 Compliance
Is your computer secure enough? 4 reasons why cybersecurity is important. Threat management
Cyber Threat Hunting for Organizations. Threat management
Know These Key Terms In Unified Threat Management (UTM) Threat management

How do AWS Security Groups work?

Posted on January 4, 2022February 26, 2022 By Giusel Gonzalez

AWS Security Groups are essential components that help you secure your resources on Amazon Virtual Private Cloud (Amazon VPC). With Security Groups, you can restrict which types of traffic can enter your resources, including specific ports, source IP ranges, or even protocols.

Next, you will learn quickly how AWS Security Groups work with their default inbound and outbound rules.

Table of Contents

  • What are AWS Security Groups?
  • How do AWS Security Groups work?
  • AWS Security Group default rules
  • AWS Security Group rules 
  • Difference between AWS Security Groups and Network ACLs
  • Conclusions

What are AWS Security Groups?

AWS Security Groups in the Amazon Virtual Private Cloud

AWS Security Groups operate as virtual firewalls controlling incoming and outgoing traffic between Amazon EC2 Instances through inbound and outbound rules. 

How do AWS Security Groups work?

When you create an Amazon account to configure your VPC, automatically, it comes with multiple default Subnets and a default Security Group.

Workflow of AWS Security Groups in the VPC

AWS Security Groups are designed to protect EC2 instances through inbound and outbound traffic rules. In essence, Security Groups are the first line of defense that works at the instance level. This means that each instance that you assign to a Security Group will be subject to the security group rules associated. 

 It’s important to highlight that an instance in a subnet in your VPC can be assigned up to five different Security Groups. If at the time of launching an instance in your VPC, you do not select the group or groups associated with the instance, it will be linked to the default Security Group. 

You can use the command-line (AWS Tools for Windows PowerShell/AWS CLI) or Amazon EC2 console to create a specific new Security Group.

Cybersecurity Blogger advises creating a new AWS Security Group based on interest-specific rules. In this way, the traffic rules launched automatically for a default security group won’t be affected. However, keep in mind that you can use or modify the default Security Group rules, but you cannot remove the default group. 

AWS Security Group default rules

A default Security Group also has assigned default rules:  

  1. Default inbound rule.
  2. Default outbound rules. 

The unique default inbound rule allows the Security Group to accept inbound traffic from all network protocols and ports (network interfaces). Also, it allows the inbound traffic between the instances assigned to the same security group. Therefore, the traffic out to the Internet is accepted by default only if the Security Group is associated with a default VPC.    

The default outbound rule allows whole outbound traffic for all IPv4 through all protocols and port ranges. Similarly exist another default rule with the same permission for all IPv6. However, the last default rule is automatically added if you create a VPC with an IPv6 CIDR block or associate an IPv6 CIDR block with your existing VPC. 

In turn, if you create a new Security Group, it will have a unique outbound rule that allows all traffic to leave the instances. You must add rules to enable any inbound traffic or restrict the outbound traffic.

AWS Security Group rules 

Each Security Group, based on its purpose, will require inbound and outbound traffic rules to allow communication of the instances. Basically, the rules represent a whitelist of permissive inbound and outbound traffic, which means you cannot add rules to deny traffic. 

Inbound rules define the incoming traffic an AWS Security Group allows to its associated instances. Outbound rules define the allowed traffic that leaves the EC2 machines associated with the Security Group.

You can add inbound and outbound rules in the AWS Security Groups specifying the following components:

  • Protocol: Network Protocols such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
  • Port range:  A particular port or a port range to allow traffic.
  • Source (only for inbound rules):  The source traffic can be a specific IP, IP range, or other security groups that will be allowed access.
  • Destination (only for outbound rules): Similar to the inbound rules for source. However, it refers to a destination the security group allows outgoing traffic.  

Security Groups have as a particular feature that they are stateful. If you send a request (outbound traffic) from your instance, the response traffic (inbound traffic) will be allowed regardless of the inbound rules and vice versa.

Be careful when launching an instance associated with different Security Groups. Remember that instances attach all rules coming from their associated groups. In consequence, it can affect access to the instance. 

Difference between AWS Security Groups and Network ACLs

Network Access Control Lists (NACLs) acts as a firewall that controls traffic in and out of one or more subnets. Therefore, a Network ACL operates at the subnet level, and a Security Group acts at the instance level. When security groups ‘ rules are too permissive, they are an optional additional security layer to your VPC. 

A Network ACL is a more advanced security mechanism that recognizes both allows rules and denies rules. 

Unlike AWS Security Groups, Network ACLs are stateless, which means the return traffic must be explicitly allowed by inbound rules. 

You must understand that Network ACLs analyze all the rules in ascending order to decide if the traffic is allowed. In other words, an accept or deny rule can be executed for that traffic according to the priority order. On the other hand, security groups evaluate all the rules before deciding whether to allow traffic or not. 

The users associate the AWS Security groups with the EC2 instances at launch or after creating them. Instead, ACLs are automatically applied to all instances in the subnets associated with ACLs.

Conclusions

The only way to protect your Amazon EC2 Instances from unauthorized access is to understand how AWS Security Groups work. Implementing best practices will help you manage inbound and outbound traffic that flows to and from your instances through restrictive rules.

Threat management

Post navigation

Previous Post: How protect small and medium businesses from cyber threats?

More Related Articles

How to Stop and Prevent DDoS Attack to protect companies? Threat management
What is a cyber-attack? Top 10 common types of cyber-attacks Threat management
Threat Intelligence Sharing as an Effective Cyber Security Strategy Threat management
Cyber Threat Hunting for Organizations. Threat management
How protect small and medium businesses from cyber threats? Threat management
Why do companies need to hire white hat hackers? Compliance
Log in
How do AWS Security Groups work?
  • Threat management

How do AWS Security Groups work?

By Giusel Gonzalez / January 4, 2022
AWS Security Groups are essential components that help you secure your resources on Amazon Virtual Private Cloud (Amazon VPC). With...
Read More
How protect small and medium businesses from cyber threats?
  • Threat management

How protect small and medium businesses from cyber threats?

By Giusel Gonzalez / December 20, 2021
Cyber security is a massive issue for small and medium-sized businesses, and a lack of knowledge worsens its process. According...
Read More
Top cybersecurity tools to prevent cyber attacks.
  • Cybersecurity tools
  • Threat management

Top cybersecurity tools to prevent cyber attacks.

By Giusel Gonzalez / December 20, 2021
Top cybersecurity tools to prevent cyber attacks in organizations: Free SIEM tools UTMStack UTMStack is a free Next-Gen SIEM and compliance...
Read More
Complete Guide to FISMA Compliance
  • Compliance

Complete Guide to FISMA Compliance

By ricardovb92 / October 2, 2021
Getting compliant can be a complicated process, and while compliance products like UTMStack are a great help, it’s always good...
Read More
Traditional SIEM and Next-Gen SIEM
  • Cybersecurity tools

Traditional SIEM and Next-Gen SIEM

By Divine Goddesses / September 29, 2021
Traditional SIEM vs. Next-Gen SIEM SIEM tools revolutionized the world of computing in 2005 when facilitating IT professionals work in businesses' systems...
Read More
Why do companies need to hire white hat hackers?
  • Compliance
  • Threat management

Why do companies need to hire white hat hackers?

By Delphina Brown / September 29, 2021
Ethical hacking is a perfect ability to help companies keep their assets safe. Hackers white hat use it to detect...
Read More
Top cyber security threats that can damage your company.
  • Threat management

Top cyber security threats that can damage your company.

By Felicia / September 8, 2021
Security breaches are every day in the cyber news, and without proper security controls in place, your company could be...
Read More
What is HIDS? A guide about the best HIDS tools.
  • Cybersecurity tools

What is HIDS? A guide about the best HIDS tools.

By Delphina Brown / September 8, 2021
What is HIDS in Cybersecurity? A  Host-based Intrusion Detection System (HIDS) is software that detects malicious behavior on the host. Also, it...
Read More
Best SIEM tools for 2021, according to their features and prices.
  • Cybersecurity tools

Best SIEM tools for 2021, according to their features and prices.

By Divine Goddesses / September 8, 2021
Before knowing the best SIEM tools for 2021 is necessary to define some basic concepts that clarify the election. What is SIEM?...
Read More
Computer Inventory Management – Tracking Your Hardware and Software
  • Threat management

Computer Inventory Management – Tracking Your Hardware and Software

By ricardovb92 / September 8, 2021
Just a few years ago, most companies had at most a single computer in their inventory. That computer was running...
Read More

Categories

  • Compliance
  • Cybersecurity tools
  • Digital Forensics
  • Threat management
  1. Jessica Ow on Top cybersecurity tools to prevent cyber attacks.

    Excellent article! Thanks

Log in

Copyright © 2023 CYBERSECURITY BLOGGER.

Powered by PressBook Blog WordPress theme