Protect Outbound Traffic in an AWS Hybrid Environment

Prof Wool: Best Practices for Amazon Web Services Security | Protect Outbound Traffic in an AWS Hybrid Environment Subscribe

Best Practices for Amazon Web Services (AWS) Security: Lesson 2

Outbound traffic rules in AWS Security Groups are, by default, very wide and insecure. In addition, during the set-up process for AWS Security Groups the user is not intuitively guided through a set up process for outbound rules – the user must do this manually. In this lesson, Professor Wool, highlights the limitations and consequences of leaving the default rules in place, and provides recommendations on how to define outbound rules in AWS Security Groups in order to securely control and filter outbound traffic and protect against data leaks.

Learn more about AlgoSec at http://www.algosec.com and read Professor Wool's blog posts at http://blog.algosec.com

View transcript

hello I'm professor wool welcome to our introduction to Amazon security management series in today's lesson we'll provide some tips on how to protect outbound traffic in an AWS environment so you have your cloud environment you're using your AWS estate to process data in your production systems and if you attended the last class you saw that the way to do it is to use the Amazon security groups to provide filtering for the traffic allowed into those servers so just a brief reminder a security group is really a list of rules and it sort of looks like this yeah the protocol report and the source so where the traffic might come from and I said that the destination is always implicitly me it's always the server or the instance on which the security group is associated now this really describes inbound traffic traffic coming from various addresses to disturbers in the Amazon environment what about traffic in the other direction traffic that's outbound you need to protect that as well and we didn't see that that was even possible so it is possible Amazon does provide you with a way to control outbound traffic except that it's not very much visible it's not very prominent and if you want to avoid data leaks and data exfiltration which is really quite important you need to control this outbound traffic and make sure that it is really allowing only the traffic that you really need so as I said by default you don't see these outbound rules you have to edit the security group and select the outbound tab and then you can see the rules protecting and filtering outbound traffic now if you look at the outbound tab you will see that there is no source column instead of the source column there's a destination column and the source of the tool is implicitly me so the outbound rules are always from the instance that the security group is applied to towards other places so that source is always implicitly me now one of the reasons and pitfalls really for why maybe didn't you were not aware that the outbound rules are there is because the default wizard that you used to define a new security group does not bring you to the outbound tab at all you have to select that manually and if you do you will see that by default you get such a rule in every security group you'll get a rule that says any protocol with any port to any destination is allowed this is of course a very insecure rule that you don't want to have so I recommend looking into your security groups anything then looking at the outbound tab and checking that you do not have such a rule if you do is probably a wise idea to delete it and replace it with specific rules that really protect the data and the traffic that you need so you might want an explicit rule allowing dns lookups to the DNS server that you are using you might want an explicit rule for allowing ntp traffic to the network time server that you're using and so on so basically look at the traffic that really emanates from your servers to other places in the internet and allow rules just for that traffic do not have do not use the default rule that Amazon gives you because it's much too wide and insecure so if you want to avoid data exfiltration and data leaks the lesson here is to control outbound traffic and to filter it properly thank you for your attention I hope to see you in a future class

Videos

Prof Wool: Best Practices for Amazon Web Services Security | Protect Outbound Traffic in an AWS Hybrid Environment Subscribe

Related videos

New! How to Manage Dynamic Objects in Cloud Environments

How to Intelligently Select the Security Groups to Modify...

Change Management, Auditing and Compliance in an AWS...

The Right Way to Audit AWS Policies