#securitygroup — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securitygroup, aggregated by home.social.
-
via @dotnet : Announcing the .NET Security Group
https://ift.tt/V3SJ8gW
#DotNet #SecurityGroup #Microsoft #OpenSource #VulnerabilityManagement #CVE #PatchTuesday #CyberSecurity #SoftwareDevelopment #TechNews #Collaboration #SecurityUpdates #DotNetEcosystem #Trus… -
via @dotnet : Announcing the .NET Security Group
https://ift.tt/V3SJ8gW
#DotNet #SecurityGroup #Microsoft #OpenSource #VulnerabilityManagement #CVE #PatchTuesday #CyberSecurity #SoftwareDevelopment #TechNews #Collaboration #SecurityUpdates #DotNetEcosystem #Trus… -
via @dotnet : Announcing the .NET Security Group
https://ift.tt/V3SJ8gW
#DotNet #SecurityGroup #Microsoft #OpenSource #VulnerabilityManagement #CVE #PatchTuesday #CyberSecurity #SoftwareDevelopment #TechNews #Collaboration #SecurityUpdates #DotNetEcosystem #Trus… -
via @dotnet : Announcing the .NET Security Group
https://ift.tt/V3SJ8gW
#DotNet #SecurityGroup #Microsoft #OpenSource #VulnerabilityManagement #CVE #PatchTuesday #CyberSecurity #SoftwareDevelopment #TechNews #Collaboration #SecurityUpdates #DotNetEcosystem #Trus… -
via @dotnet : Announcing the .NET Security Group
https://ift.tt/V3SJ8gW
#DotNet #SecurityGroup #Microsoft #OpenSource #VulnerabilityManagement #CVE #PatchTuesday #CyberSecurity #SoftwareDevelopment #TechNews #Collaboration #SecurityUpdates #DotNetEcosystem #Trus… -
セキュリティグループの接続のトラブルを解決する (毎回マイ IP が変わる場合のセキュリティグループ設定について)
https://dev.classmethod.jp/articles/connection-ec2-problem-solution-for-security-group-jp/#dev_classmethod #Classmethod_Thailand #Amazon_EC2 #SecurityGroup #AWS
-
[アップデート] セキュリティグループを別の VPC で使えるようになりました
https://dev.classmethod.jp/articles/securitygroup-other-vpc-associate/ -
AWSネットワークリソースの設定変更を Microsoft Teamsで複数ユーザーにメンション通知できるようにしてみた
https://dev.classmethod.jp/articles/sg-change-notify-teams-multi-user-mention-notification/#dev_classmethod #AWS #Amazon_EventBridge #AWS_Lambda #Microsoft_Teams #AWS_CloudFormation #SecurityGroup
-
@dob That's a big scope.
Some things we do to make our lives easier and doesn't cost $$$.
Enable #guardduty and pipe all the alerts into a slack channel (+email as well).
Enable #cloudtrail log everything to an #S3 bucket in another account. #cloudwatch alerts on auth failures (to slack + email (some go to pagerduty #infosec contact).
We also have some alerts on updates when a cidr is added to a #SecurityGroup.Don't use #ssh or #bastion/#JumpHosts use #ssm to run automations on the hosts (package install, service restarts etc) also to get a shell on a box (if needed at all). (you can use #TransitiveTags with #RoleAssumption to give granular access).
Using #ssm for console access also logs the entire session (including someone doingsudo su - rootetc!) into #S3Use #MicroSegmentation within our #vpc. Instances behind an #alb will only accept traffic from the #alb #SecurityGroup etc.. #rds, #elasticache willl only accept traffic from instances in the appropriate #SecurityGroup. (Basically we don't use cidr ingress rules, we use security group ids) (this works across accounts in the same region with peering, but not across regions however).
-
特定ポートを許可したセキュリティグループがNLB/ALBにアタッチされたことを検知するAWS Config カスタム Lambda ルールを作成してみた
https://dev.classmethod.jp/articles/config-custom-rule-nlb-alb-security-group-port/ -
I'm perpetually confused by #aws security groups, which act both as access control rules *and* an identifier for a source of traffic.
For example, you can attach multiple security group to a load balancer, and my understanding is that the result is the union of the permissions.
But when you want to permit traffic from that load balancer to your instance, the load balancer's #SecurityGroup is the "source" for a rule in the instance security group.
But if the load balancer has three groups A, B, and C, are any of them usable as the source? My reading of https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-referencing suggests "yes" -- any resource associated with the source security group can use that rule.
The pictures in the documentation look all nice and neat and hierarchal, when in real life it seems it is always a horrible mess, particularly when you let Kubernetes start creating things for you.I think the thing that is more surprising to me is that the security group view does not give you any way of finding what is in it! You have to go to the "network interfaces" tab and filter by service group there, then look at the descriptions of each to see what it belongs to.
(So the real members of a security group are network interfaces? I'm pretty sure you can set up different ENIs attached to the same instance in different security groups, but that seems glossed over a lot in the UI.)
Frankly, I think this is an incredible muddle and I'm wondering if other cloud providers do better.
-
If you need a quick way to check if an #AWS #SecurityGroup is in use:
SGID=<group-id>
aws ec2 describe-network-interfaces --filters Name=group-id,Values="$SGID" --region us-east-1 | jq '.NetworkInterfaces | length'(make sure you set the correct region)
-
Today I learned, for the hundredth time that if there is a *timeout error* in the #cloud it's always a bloody #SecurityGroup. Always!
...The Security Group didn't allow reaching the DNS server (does that make this an #itsAlwaysDNS issue?).