Home Security & Health Security Audit Why you should assign Security Groups to your AWS VPC?

Why you should assign Security Groups to your AWS VPC?

-

Cloud security is one of the highest concerns of cloud computing. With the increasing complexity of cloud infrastructure, organizations want their cloud environment to be as secure as possible. AWS VPC is responsible for managing the entire networking aspect of AWS cloud infrastructure. It is necessary to follow certain recommendations provided by Centilytics related to VPC and security groups which will help organizations achieve higher levels of security.

What is AWS VPC?

AWS VPC (Virtual Private Cloud) is a cloud computing service provided by Amazon that allows users to launch their resources such as EC2, RDS instances in a logically isolated section of the cloud called a virtual private cloud. This virtual private cloud or VPC closely resembles a traditional network that users can operate in their own data center. VPC provides users with the benefit of scaling their AWS infrastructure by attaching multiple instances of numerous services with their VPC. VPC allows users to assign IP addresses of their own choice to their resources, unlike the traditional scenario where resources launched outside a VPC are assigned IP addresses by Amazon. VPC provides the facility of selecting which resources will be made public and which resources will be made private. This facilitates user to have much more granular control over the security of their cloud infrastructure.

What is a VPC security group? Why it is crucial for a security group to be attached to a VPC?

A security group for VPC is like a firewall that controls the inbound or outbound (incoming or outgoing) traffic for your instances. As much as five security groups can be assigned to an instance when it is launched in a VPC. Instances launched through VPC can be assigned different combinations of security groups. If no security group is assigned to an instance in VPC, then it is automatically assigned to the default security group of the VPC which allows public access to all the associated resources. Users can add inbound and outbound rules which specify traffic from which hosts or sources is allowed.

This is where the importance of security group comes into the picture. Adding inbound and outbound rules help in enhancing the security of your cloud infrastructure. Therefore, it becomes crucial to ensure that security groups are attached to your VPC.

How does Centilytics assist you?

Centilytics provides a dedicated insight regarding VPC security groups and shows the status of all the security group. The insight specifies whether a security group (other than default) is attached or not. This allows users to take action against their VPC with default security groups and gain full control of the security of their cloud infrastructure.

Insight descriptions

There can be 2 possible scenarios:

Severity Description
OK This indication will be displayed when a security group is attached to a VPC (Virtual Private Cloud).
CRITICAL This indication will be displayed when there is no security group attached to a VPC (Virtual Private Cloud).

 

Description of further columns are as follows:

  1. Account Id: This column Shows the respective account ID of the user’s account.AWS VPC Security Groups-ss5
  1. Account Name: This column shows the corresponding account name to the user’s account.AWS VPC Security Groups-ss6
  1. Security Group Id: This column shows the corresponding unique security group ID of the security group which is used to identify and differentiate among different security groups.AWS VPC Security Groups-ss7
  2. Security Group Name: This column shows the corresponding name of the security group.AWS VPC Security Groups-ss1

Filters applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Region Applying region filter will display data according to the selected region.
Severity Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g.- If the user has tagged some resource by a tag named environment, then selecting it from the resource tags filter will display all the data accordingly.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g.- If the user has tagged some resource by a tag named environment and has given it a value say production (environment: production), then the user will be able to view data of all the resources which are tagged as environment: production.  The user can use the tag value filter only when a tag name has been provided.

 

Compliances covered

Compliance Name Reference No. Link
PCI 1.1.1,1.1.4,1.1.7 https://docs.aws.amazon.com/quickstart/latest/compliance-pci/welcome.html

 

ISO 27001 A.9.1.2, A.13.1.3, A.13.2.1, A.13.2.3, A.14.1.2 https://www.iso.org/standard/54534.html

 

NIST NIST 800-53(CM-3) https://docs.aws.amazon.com/quickstart/latest/compliance-nist/welcome.html

 

Read More:

[1] https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html

[2]https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#VPCSecurityGroups

Read About

Cloud