Newvem Analytics
Newvem Analytics analyzes, reveals, and recommends powerful insights on your AWS Cloud. Start using it for free:
By Signing up you signify that you have read and agree to the Terms of service and Privacy Policy.
Security
Some of Our Clients
Security |
|||
Amazon Web Services (AWS) EC2 security groups are essentially inbound firewalls.
With the correct set-up and use of security groups one can determine what incoming traffic is permitted to access the EC2 instances.
When you create your AWS account, a “default� security group is created in each region, it is recommended to create your own security groups with ingress rules that are specific to your application.
For example, in a three-tier environment, composing of a web tier, application tier and a database tier, it is best practice to restrict network access to your middle and back-end tier machines.
Newvem’s security insights are based on industry standards and best-practices constantly monitoring for security vulnerabilities and advising towards optimal and secure security group use.
Large range of open ports
Newvem will assess your security groups across all regions and alert for misconfigurations in security groups. Newvem will identify unnecessary ports open to the public. For example in your web tier you should only allow access to HTTP (80) and HTTPS (443) for everyone to access the application.
Learn how to reduce the number of open ports
Critical IP ports exposed
Your security group configurations should not allow public access to ports that are considered sensitive or critical, such that accessibility may cause critical damage to your instances, such as ports for administrating machines, databases, etc.
Newvem notifies our customers in these cases, advising to re-configure the security groups according to best practices and by that lock down the servers and their access.
Learn more about critical ports
Ports open to all internal AWS traffic and servers
To allow access between internal servers, it is advices to explicitly allow access from other security groups by name and avoid using an internal IP address which may dynamically change. Newvem monitors and alerts for security groups configured to allow access from a large range of internal AWS IP addresses, by that exposing risk to the application.
Learn more about this recommendation
To receive Newvem cost insights tailored to you, join us (get started for free).
Keywords: aws ec2 security groups, EC2 instances, AWS account, security insights, open ports, aws security groups, IP ports exposed, ports open to all internal AWS traffic and servers, AWS IP addresses.
Some of Our Clients