AWS Network Security Notes
Intro security Layers: Routing NACL (Network Access Control Lists) security Groups Host based Firewall, IDS and IPS Routing security no support for " edge to edge routing "  NACL (Network Aecess control list) Applied to subnet as whole stateless (Don't remeber TCP sessions) As a result must specify ingress and egress rules When you create a vpc, Aws will create a default NALC allow all * Allow or Deny specify - Protocol (Tcp, UDP) - source destination IP Range - source destination PORT range (Eg: Ingress 80 and 22 VPN Egress 1024- 65535) Security Groups Applied to the instance. statefull therefore can specify ingress and egress rules: but not need to specify both. security Groups. all outbound ⇒ allowed, inbound ⇒ deny therefore only allow rules, no deny specify: - protocol (TCP, UD.P) . - Source IP and Port range for ingress - Destination EP and Port rang only for engress When VPC is created, default security group is cre...