Skip to main content

Questions tagged [security-groups]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
14 votes
1 answer
11k views

Difference between security groups (on AWS) and iptables

I'm just setting up a server and wondering if it's necessary to set the firewall twice. For example I've a security group with the following open ports: 80, 443, 22 Now I setup my server with UFW (...
Nepo Znat's user avatar
  • 299
11 votes
2 answers
2k views

What is a secure and user-friendly way to provide only a few users access to web app on Amazon EC2?

Situation We have a web app hosted on Amazon EC2. It's intended to be used only by a few users in a company. How we're dealing with this We share the (Elastic) IP address of the instance with the ...
m01010011's user avatar
  • 211
9 votes
4 answers
3k views

SSH between EC2 instances not permitted

I am setting up a few EC2 instances in a shared AWS account and want to give them access to each other. At the same time I want to prohibit access from other instances in the account. I created a ...
Fer Dah's user avatar
  • 224
8 votes
1 answer
4k views

Managing Security Groups for NTFS Permissions

To start off with, I work for a company that a long time ago when they implemented file shares for each division, they also broke the cardinal rule of NTFS permissions and used explicit permissions ...
takeitback's user avatar
8 votes
1 answer
3k views

Do we need both security groups and server-side firewall in AWS EC2?

EC2 security groups looks awesome, but i am quite new to AWS system, that's why i am asking this question. Do i also need to setup server firewall while having AWS security group? My main point is ...
MomAndDad's user avatar
  • 183
7 votes
4 answers
4k views

Is it safe to allow inbound 0.0.0.0/0 on EC2 security group?

I created an EC2 instance on AWS, and I was assigned a default "security group". I understand that this acts as a virtual firewall for my server. I had trouble connecting into this EC2 ...
Paul Razvan Berg's user avatar
7 votes
3 answers
8k views

AWS Security Group - how to allow Public IP from another Security Group

I have two instances in a VPC distinct security groups, each with their own public IP. I would like instance one to be able to connect to instance two on it's Public IP. I discovered that granting ...
darkl0rd's user avatar
6 votes
2 answers
10k views

python boto3 allow ingress security groups

I am developing a simple python script to add rules to securitygroups, and I am wondering what is the difference between the two methods available within boto3: authorize_security_group_ingress(**...
Tom's user avatar
  • 647
6 votes
1 answer
1k views

Can't ping EC2 instance after enabling ICMP packets [closed]

I followed this guide to allow me to ping my EC2 instance. In my security group I have Custom ICMP Rule - IPv4, Echo Reply, N/A, Anywhere. However it simply doesn't work. If i run ping ec2-X-X-X-X.ap-...
JacksonCounty's user avatar
5 votes
1 answer
1k views

Why EC2 instance continues responding to a ping request after deleting the inbound security group rule?

While playing around with AWS console, I tried the following Launched an EC2 instance (public IP enabled) in the default VPC with the default security group, and default subnet. EC2 launched in the ...
Nishant's user avatar
  • 153
5 votes
1 answer
787 views

EC2 - should security groups be specialized and stacked?

I haven't been able to find any best practices for AWS security groups. I figure there are two approaches I could take, but I'm not sure on if there are any particular drawbacks to either one. ...
ffxsam's user avatar
  • 453
4 votes
2 answers
5k views

Disable password complexity on Windows 2012 R2

I have a Windows Server 2012 R2 that is my domain controller. I want to disable the password complexity rule for a few users only. I have created a group (called Formation) in AD to identify these ...
Philippe's user avatar
  • 155
3 votes
3 answers
5k views

Assign default security group to Elastic Beanstalk instance

I have created a Elastic Beanstalk environment and I have a rails app running which is great. However I am unable to assign is to the default security group. I have added a screenshot to this post ...
user440762's user avatar
3 votes
1 answer
3k views

Apache server on EC2 responds on localhost but not public IP

I set up an AWS EC2 server and then Apache. It works fine. Cloned the AMI and shared it with another account. Spun up an instance on the new account and it seems to work fine. I can SSH to the new ...
agentv's user avatar
  • 1,010
3 votes
2 answers
27k views

Why am I getting "Connection refused"?

I am running a hello-world http server on an ubuntu EC2 instance, let's say, myurl.com. I am unable to curl it from my client: $ curl myurl.com:4296 curl: (7) Failed to connect to ...
Ruby's user avatar
  • 139
3 votes
1 answer
533 views

Windows - Group Policy - Numerous Share Drives w/ Item-Level Targeting

Overview We have been working on getting our numerous sites to map share drives for each user that needs access to their sites. We have no way of standardizing this from within their AD profile as ...
Matrix1701's user avatar
2 votes
2 answers
1k views

Does it makes sense to configure iptables when you have configured AWS EC2 security groups?

We are using some Amazon EC2 instances with configured Security Groups (e.g. can SSH only from particular IPs -- sorry I cant post rules). Some time ago I checked iptables and it looked like there ...
nothing-special-here's user avatar
2 votes
2 answers
2k views

Office 365 Exchange Public Folder lost SID assignment to security group folder permissions

We installed a new Exchange 2016 server and migrated all the mailboxes from the Exchange 2010 server to it. Then we migrated all the mailboxes and public folders from MSEX2016 to Office 365, and we ...
Michael Uray's user avatar
2 votes
1 answer
5k views

Whitelist multiple public IPs across security groups in AWS

We have a bunch of 50-odd external (non-AWS) servers that we need to whitelist across many (~50) security groups (vpc). Apart from the constraint on the number of rules, adding and removing entries to/...
galactocalypse's user avatar
2 votes
1 answer
372 views

AWS cli filter not applied

I want to receive some values from an AWS SecurityGroup and am using the following command: aws ec2 describe-security-groups --group-ids $GROUP \ --filters 'Name=ip-permission.from-port,Values=22 ...
Carsten's user avatar
  • 123
2 votes
1 answer
1k views

securely connect jenkins and github

we have a Jenkins server running on an ec2 instance. The security groups are very restricted in this server, they only allow traffic from the company office, and the slave nodes. we want to setup ...
Simon Ernesto Cardenas Zarate's user avatar
2 votes
1 answer
67 views

AWS security rules bug?

I'm trying to put online a website with HTTPS. I have double checked AWS Security Groups, and everything looks fine. I'm running on Node.JS, and this is the app script, so I'm pretty sure it's ...
Sandro Wiggers's user avatar
2 votes
1 answer
86 views

Seemingly duplicate logins in local groups

I can’t figure this one out, and it’s vague enough that I can’t determine the appropriate search terms to research it. Apologies if this is frequently asked! On many servers on our domain, when I ...
Philip Kelley's user avatar
2 votes
2 answers
2k views

Source CIDR/IP/Security group setup in Security Groups Inbound Rules

I want to set up security group for an ec2 instance(Linux). There are services running on it like mem cached, python, dhclient, nodejs etc. How do i know which IP/CIDR-block should my server be ...
Aso'K's user avatar
  • 21
2 votes
1 answer
60 views

Is there a way to name Security Group Sources in the AWS Console?

The title kind of says it all but what I want to know is if there is any way to label/name inbound security group sources in the AWS console. i.e.: We have quite a bit of these rows in our security ...
julianwyz's user avatar
  • 123
2 votes
2 answers
2k views

AWS security group cross regions

I am trying to set a security group A to allow SSH access from security group B in a different region. I don't have much experience with networking in general and AWS networking. Followed the ...
Elad Weiss's user avatar
2 votes
1 answer
7k views

How to allow connection between ec2 instances in different regions?

I have 10 instances with a security group in Oregon and another 10 in Virginia. How to add edit security group(rules) to allow traffic between them??
Siddharth's user avatar
2 votes
1 answer
2k views

Connecting OpenVPN client over Peering Connection to different VPC AWS

I am trying to connect the VPN client to VPC different than VPN server belongs to. That's my setup: Network diagram However I can't manage the VPN client 10.8.0.6 to be able to reach the instance in ...
Tom Raganowicz's user avatar
2 votes
1 answer
2k views

Resetting Windows' File Security Permissions

I'm trying to find the correct commands to reset each of my hard drives permissions to remove all of the incorrect, outdated groups/usernames that have built up on folders over time and reset the ...
Ryflex's user avatar
  • 139
2 votes
1 answer
3k views

Dynamic Mail Enabled Security Groups are being converted to Dynamic Distribution Lists

Problem: the dynamic mail-enabled security groups (DMESG) I create in EAC are being automatically converted to Dynamic distribution lists (DDL) instead. Use Case: I am attempting to give membership ...
Mikey Mike's user avatar
2 votes
2 answers
891 views

Add domain users to a group of security groups via group policy

Is there a way to add domain users to a collection of security groups via group policy? We have some SSO groups that all employees share. Instead of tech support person having to manually add new user ...
KMote's user avatar
  • 21
2 votes
0 answers
75 views

Windows Domain Group Membership Not Promulgating Fully to Workstation

Perhaps I should ask 2 or three questions but since these are all related, here they are: Situation: Multiple Windows 2019 Standard DCs synchronized. Windows 10 Pro workstations joined to the domain....
fred's user avatar
  • 21
2 votes
0 answers
233 views

AWS EC2 : IAM policy to allow inbound SecurityGroup with PORT Range

I want to allow the access to specific ec2 security group to one of the developer. For that I know that we can use something like this : { "Version": "2012-10-17", "Statement": [ { ...
RKT's user avatar
  • 21
2 votes
1 answer
2k views

Limit public access to AWS ECS Fargate Service

I have a service on AWS ECS deployed using Fargate. This service uses a Network Load Balancer (NLB) to allow an Elastic IP to be associated with the service. This is not an http service and is using ...
Brett Tofel's user avatar
2 votes
2 answers
273 views

System Account Access Token missing groups

I'm experiencing a weird phenomena regarding Windows SYSTEM Account. Looking at these three different ways to start a process as SYSTEM: Sysinternals PSExec Task Scheduler GPO Startup Script. ...
CounterClockWise's user avatar
2 votes
0 answers
877 views

Exchange online security groups without email

We're trying to create user groups in Exchange Online in order to group users when applying permissions to specific folder on shared mailboxes. We don't want to mail-enable those groups, but I don't ...
pedropais's user avatar
2 votes
1 answer
3k views

Network problems when I create Beanstalk environments from an AMI

I'm using AWS elastic beanstalk web interface to create an environment based on an existing AMI that has our application deployed on it. The environment gets created, the app is accessible via the ...
SaryA's user avatar
  • 21
2 votes
4 answers
112 views

Windows server 2012 Active Directory Groups

Have a quick question. I work in a large company and i've always been told that if a users needs let's say access his emails on the phone he has to be member of a specific group (apart from ...
Yourdaman's user avatar
1 vote
2 answers
3k views

Get SID for each member of a local group

On an Active Directory domain member running Windows 7 I have a local group. It has users and other groups as members: How can I obtain the SID for each member of this local group? I'm aware of the ...
I say Reinstate Monica's user avatar
1 vote
1 answer
602 views

AWS EC2 access attempts on blocked ports

I have recently installed OSSEC on a RHEL 8 server being hosted on AWS EC2. Since then I have been receiving brute force attempts and other attempts on ports that are not open in my security group. ...
James's user avatar
  • 113
1 vote
2 answers
1k views

Whitelist both IPv4 and IPv6 in AWS Security Group

I am setting up an SFTP server, I want to white list all the IPs in the Security Group so people can connect to it from anywhere. At the moment I am adding 2 rules to the Inbound rules, one rule for ...
Hooman Bahreini's user avatar
1 vote
1 answer
533 views

Why don't Windows domain machines periodically query security group membership, like other things? [closed]

When I was in lower tier support (and sometimes still), one of the most annoying sequences of events was a request for new file permissions >> add user to security group and specify in the reply ...
WakeDemons3's user avatar
1 vote
1 answer
5k views

pass an existing VPC ( or Subnet/Security group) as a parameter to the template using the Ref built-in?

I am trying to find a way to set default VPCs, Subnets and Security Groups in the Cluster.template JSON file. Is there a way to pass an existing VPC ( or Subnet/Security group) as a parameter to the ...
Varda Elentári's user avatar
1 vote
2 answers
88 views

GPO Security Filtering Using Groups

A GPO was setup with filtering applied to a single group containing computer objects. Is a restart mandatory for all the computer objects listed in the "New Group" for GPO to be applied on them? or is ...
Darktux's user avatar
  • 847
1 vote
3 answers
818 views

How can I easily manage constantly changing public IP addresses in my many security groups

Our development environment is hosted on AWS, and is accessed by dozens of people. As people join and leave the project, or work from alternate (often temporary) locations, I find myself constantly ...
Jeromy French's user avatar
1 vote
2 answers
3k views

Link a GPO to an OU or security group, Who will win?

Here's the scenario: A GPO is linked to an OU to enable, for example, UAC setting. However, since there are certain systems that require UAC to be disabled, there is a GPO that disables these settings....
Tom's user avatar
  • 11
1 vote
1 answer
2k views

Should AWS Security groups allow internet traffic?

Ok, so I created a default Elastic Beanstalk Application and getting this reported as High Risk, and happens on all Regions that are connected to the VPC Network (which is not a public IP, only the ...
Solomon Closson's user avatar
1 vote
1 answer
403 views

Will a domain controller in the domain that a group is defined contain all member information?

Let's say I have a forest setup with many domains. If I were to pick an arbitrary security group from any of the domains, what is the best way to find ALL user members of that group, including user ...
Hmmmmm's user avatar
  • 113
1 vote
2 answers
245 views

How to prevent user from disabling the Mcafee

How can I prevent user from disabling the Mcafee VirusScan Enterprise 8.8? Is there any Registry or Local Group Policy that I could do it?
xxestter's user avatar
  • 131
1 vote
1 answer
475 views

Blocking all outbound traffic except API response - AWS Security Groups

I've got a web app (App 1) and am setting up an API endpoint. I will send a request to that endpoint from App 2. App 1 and App 2 are in the same VPC. I'd like for App 1 to allow NO outbound traffic ...
bones225's user avatar
  • 133