Cloud Security Handbook for Architects: Practical Strategies and Solutions for Architecting Enterprise Cloud Security Using SECaaS and DevSecOps by Mishra Ashish;

Author:Mishra, Ashish; [Mishra, Ashish]
Language: eng
Format: epub
Publisher: Orange Education PVT Ltd
Published: 2023-04-15T00:00:00+00:00

Security groups

Why would we require additional IP whitelists at this time when we already have perimeter and firewall rules? The reason for this is that it’s likely that our attacker gained a thin foothold within one of our subnets, putting her inaccessible to our current subnet controls. Her attempts to travel elsewhere within our program, including by hitting our administrative ports, would like to be stopped or detected. We’ll employ per-system firewalls to achieve this.

Even though your operating system’s local firewalls can undoubtedly be used, most cloud providers offer a way for the cloud architecture to filter traffic entering your virtual system before your operating system even notices it. Security groups are another name for this feature.

Similar to the on-premise firewall setup, you should set up your security groups to only permit traffic on the ports required for that kind of system. Allow only traffic on the application server port, for instance, when using an application server. Additionally, limit administrative access ports, such as SSH, to specific IP addresses that you know you will use for administration tasks, like your bastion host or company’s IP range. For the majority of implementations, you have the option of allowing traffic from any instance that has a different security group specified in addition to specifying a specific IP source.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.