Introduction:
Table of Contents
- A security group is an additional layer that acts as a virtual firewall for our instance.
- This is used to control inbound and outbound traffic.
- We can assign five security groups to each instance.
- For each security group, we can add rules that control the inbound traffic to instances and the same to the outbound traffic.
- There are certain security group rules which control the inbound traffic that is allowed to reach the instances.
- For each rule we have to specify :
- Name which should be of 255 characters, and allowed characters are a-z, A-Z,0-9, spaces and _-:/()#,@[]+=;{}!$*.
- Protocol, Port range, ICMP type, Source, or destination.
Protocols:
These are standard sets of rules that allow data transfer. The most common protocols are 6(TCP), 17(UDP), and (ICMP).
Port ranges: There is range of port numbers for every protocol they allow through these ports. We can mention a single port number or range of port numbers
| Type | Protocol | Port range | Source |
|---|---|---|---|
| SSH | TCP | 22 | <management station IP address/subnet> |
| HTTPS | TCP | 443 | 0.0.0.0/0 |
| Custom TCP Rule | TCP | 1720 | 0.0.0.0/0 |
| Custom TCP Rule | TCP | 5060 | 0.0.0.0/0 |
| Custom TCP Rule | TCP | 5061 | 0.0.0.0/0 |
| Custom TCP Rule | TCP | 8443 | <management station IP address/subnet> |
| Custom TCP Rule | TCP | 33000-49999 | 0.0.0.0/0 |
| Custom UDP Rule * | UDP | 5060 | 0.0.0.0/0 |
| Custom UDP Rule | UDP | 40000-49999 | 0.0.0.0/0 |
| Custom UDP Rule | UDP | 500 | <sg-12345678> |
| Custom UDP Rule | UDP | 1719 | 0.0.0.0/0 |
| Custom Protocol | ESP (50) | All | <sg-12345678> |
| All ICMP | ICMP | All | <management station IP address/subnet> |
Outbound rules
| Type | Protocol | Port range | Source |
|---|---|---|---|
| All traffic | Open All | All | 0.0.0.0/0 |
- As mentioned in the table above the Protocols have arranged port numbers.
- There are different protocols for different uses they will be used accordingly.
- SSH: Secure Shell is a network protocol, this is used to secure the remote login from one computer to another. This helps for strong authentication and it protects communications with strong encryption as security. It uses the port range of 22. It is a type of rule which goes under TCP protocol.
- HTTPS and HTTP: Hypertext Transfer Protocol Secure and HTTP come under TCP protocol these are used for the transfer of data over the web. It helps in transmitting the web page data. The port range is 443.
- Custom TCP rule: This helps us add any TCP Port. These help to add any connection-oriented port. The ports ranges of custom TCP rule are 1720,5060,5061,8443,33000-49999. We can select any port to get custom TCP.
- Custom UDP rule: User datagram protocol helps in the exchange of messages between the two devices in a network. This rule helps in acquiring any UDP port. The port range for UDP are 5060,40000-49999,500,1719.
- ICMP: Internet control message protocol is used to check whether the data is reaching or not. It acquires all port ranges.
Conclusions:
As described above there are many more rules with different protocols and different port ranges. It helps in giving permissions and is used for additional security.