Questions tagged [security-groups]
The security-groups tag has no usage guidance.
177
questions
14
votes
1
answer
11k
views
Difference between security groups (on AWS) and iptables
I'm just setting up a server and wondering if it's necessary to set the firewall twice. For example I've a security group with the following open ports:
80, 443, 22
Now I setup my server with UFW (...
11
votes
2
answers
2k
views
What is a secure and user-friendly way to provide only a few users access to web app on Amazon EC2?
Situation
We have a web app hosted on Amazon EC2. It's intended to be used only by a few users in a company.
How we're dealing with this
We share the (Elastic) IP address of the instance with the ...
9
votes
4
answers
3k
views
SSH between EC2 instances not permitted
I am setting up a few EC2 instances in a shared AWS account and want to give them access to each other. At the same time I want to prohibit access from other instances in the account.
I created a ...
8
votes
1
answer
4k
views
Managing Security Groups for NTFS Permissions
To start off with, I work for a company that a long time ago when they implemented file shares for each division, they also broke the cardinal rule of NTFS permissions and used explicit permissions ...
8
votes
1
answer
3k
views
Do we need both security groups and server-side firewall in AWS EC2?
EC2 security groups looks awesome, but i am quite new to AWS system, that's why i am asking this question.
Do i also need to setup server firewall while having AWS security group?
My main point is ...
7
votes
4
answers
4k
views
Is it safe to allow inbound 0.0.0.0/0 on EC2 security group?
I created an EC2 instance on AWS, and I was assigned a default "security group". I understand that this acts as a virtual firewall for my server.
I had trouble connecting into this EC2 ...
7
votes
3
answers
8k
views
AWS Security Group - how to allow Public IP from another Security Group
I have two instances in a VPC distinct security groups, each with their own public IP. I would like instance one to be able to connect to instance two on it's Public IP. I discovered that granting ...
6
votes
2
answers
10k
views
python boto3 allow ingress security groups
I am developing a simple python script to add rules to securitygroups, and I am wondering what is the difference between the two methods available within boto3: authorize_security_group_ingress(**...
6
votes
1
answer
1k
views
Can't ping EC2 instance after enabling ICMP packets [closed]
I followed this guide to allow me to ping my EC2 instance. In my security group I have Custom ICMP Rule - IPv4, Echo Reply, N/A, Anywhere.
However it simply doesn't work. If i run ping ec2-X-X-X-X.ap-...
5
votes
1
answer
1k
views
Why EC2 instance continues responding to a ping request after deleting the inbound security group rule?
While playing around with AWS console, I tried the following
Launched an EC2 instance (public IP enabled) in the default VPC with the default security group, and default subnet.
EC2 launched in the ...
5
votes
1
answer
787
views
EC2 - should security groups be specialized and stacked?
I haven't been able to find any best practices for AWS security groups. I figure there are two approaches I could take, but I'm not sure on if there are any particular drawbacks to either one.
...
4
votes
2
answers
5k
views
Disable password complexity on Windows 2012 R2
I have a Windows Server 2012 R2 that is my domain controller. I want to disable the password complexity rule for a few users only.
I have created a group (called Formation) in AD to identify these ...
3
votes
3
answers
5k
views
Assign default security group to Elastic Beanstalk instance
I have created a Elastic Beanstalk environment and I have a rails app running which is great. However I am unable to assign is to the default security group.
I have added a screenshot to this post ...
3
votes
1
answer
3k
views
Apache server on EC2 responds on localhost but not public IP
I set up an AWS EC2 server and then Apache. It works fine.
Cloned the AMI and shared it with another account. Spun up an instance on the new account and it seems to work fine.
I can SSH to the new ...
3
votes
2
answers
27k
views
Why am I getting "Connection refused"?
I am running a hello-world http server on an ubuntu EC2 instance, let's say, myurl.com. I am unable to curl it from my client:
$ curl myurl.com:4296
curl: (7) Failed to connect to ...
3
votes
1
answer
533
views
Windows - Group Policy - Numerous Share Drives w/ Item-Level Targeting
Overview
We have been working on getting our numerous sites to map share drives for each user that needs access to their sites. We have no way of standardizing this from within their AD profile as ...
2
votes
2
answers
1k
views
Does it makes sense to configure iptables when you have configured AWS EC2 security groups?
We are using some Amazon EC2 instances with configured Security Groups (e.g. can SSH only from particular IPs -- sorry I cant post rules).
Some time ago I checked iptables and it looked like there ...
2
votes
2
answers
2k
views
Office 365 Exchange Public Folder lost SID assignment to security group folder permissions
We installed a new Exchange 2016 server and migrated all the mailboxes from the Exchange 2010 server to it.
Then we migrated all the mailboxes and public folders from MSEX2016 to Office 365, and we ...
2
votes
1
answer
5k
views
Whitelist multiple public IPs across security groups in AWS
We have a bunch of 50-odd external (non-AWS) servers that we need to whitelist across many (~50) security groups (vpc). Apart from the constraint on the number of rules, adding and removing entries to/...
2
votes
1
answer
372
views
AWS cli filter not applied
I want to receive some values from an AWS SecurityGroup and am using the following command:
aws ec2 describe-security-groups --group-ids $GROUP \
--filters 'Name=ip-permission.from-port,Values=22 ...
2
votes
1
answer
1k
views
securely connect jenkins and github
we have a Jenkins server running on an ec2 instance. The security groups are very restricted in this server, they only allow traffic from the company office, and the slave nodes. we want to setup ...
2
votes
1
answer
67
views
AWS security rules bug?
I'm trying to put online a website with HTTPS. I have double checked AWS Security Groups, and everything looks fine.
I'm running on Node.JS, and this is the app script, so I'm pretty sure it's ...
2
votes
1
answer
86
views
Seemingly duplicate logins in local groups
I can’t figure this one out, and it’s vague enough that I can’t determine the appropriate search terms to research it. Apologies if this is frequently asked!
On many servers on our domain, when I ...
2
votes
2
answers
2k
views
Source CIDR/IP/Security group setup in Security Groups Inbound Rules
I want to set up security group for an ec2 instance(Linux). There are services running on it like mem cached, python, dhclient, nodejs etc. How do i know which IP/CIDR-block should my server be ...
2
votes
1
answer
60
views
Is there a way to name Security Group Sources in the AWS Console?
The title kind of says it all but what I want to know is if there is any way to label/name inbound security group sources in the AWS console. i.e.:
We have quite a bit of these rows in our security ...
2
votes
2
answers
2k
views
AWS security group cross regions
I am trying to set a security group A to allow SSH access from security group B in a different region. I don't have much experience with networking in general and AWS networking.
Followed the ...
2
votes
1
answer
7k
views
How to allow connection between ec2 instances in different regions?
I have 10 instances with a security group in Oregon and another 10 in Virginia.
How to add edit security group(rules) to allow traffic between them??
2
votes
1
answer
2k
views
Connecting OpenVPN client over Peering Connection to different VPC AWS
I am trying to connect the VPN client to VPC different than VPN server belongs to. That's my setup: Network diagram
However I can't manage the VPN client 10.8.0.6 to be able to reach the instance in ...
2
votes
1
answer
2k
views
Resetting Windows' File Security Permissions
I'm trying to find the correct commands to reset each of my hard drives permissions to remove all of the incorrect, outdated groups/usernames that have built up on folders over time and reset the ...
2
votes
1
answer
3k
views
Dynamic Mail Enabled Security Groups are being converted to Dynamic Distribution Lists
Problem: the dynamic mail-enabled security groups (DMESG) I create in EAC are being automatically converted to Dynamic distribution lists (DDL) instead.
Use Case: I am attempting to give membership ...
2
votes
2
answers
891
views
Add domain users to a group of security groups via group policy
Is there a way to add domain users to a collection of security groups via group policy? We have some SSO groups that all employees share. Instead of tech support person having to manually add new user ...
2
votes
0
answers
75
views
Windows Domain Group Membership Not Promulgating Fully to Workstation
Perhaps I should ask 2 or three questions but since these are all related, here they are:
Situation: Multiple Windows 2019 Standard DCs synchronized. Windows 10 Pro workstations joined to the domain....
2
votes
0
answers
233
views
AWS EC2 : IAM policy to allow inbound SecurityGroup with PORT Range
I want to allow the access to specific ec2 security group to one of the developer. For that I know that we can use something like this :
{
"Version": "2012-10-17",
"Statement": [
{
...
2
votes
1
answer
2k
views
Limit public access to AWS ECS Fargate Service
I have a service on AWS ECS deployed using Fargate.
This service uses a Network Load Balancer (NLB) to allow an Elastic IP to be associated with the service.
This is not an http service and is using ...
2
votes
2
answers
273
views
System Account Access Token missing groups
I'm experiencing a weird phenomena regarding Windows SYSTEM Account. Looking at these three different ways to start a process as SYSTEM:
Sysinternals PSExec
Task Scheduler
GPO Startup Script.
...
2
votes
0
answers
877
views
Exchange online security groups without email
We're trying to create user groups in Exchange Online in order to group users when applying permissions to specific folder on shared mailboxes.
We don't want to mail-enable those groups, but I don't ...
2
votes
1
answer
3k
views
Network problems when I create Beanstalk environments from an AMI
I'm using AWS elastic beanstalk web interface to create an environment based on an existing AMI that has our application deployed on it.
The environment gets created, the app is accessible via the ...
2
votes
4
answers
112
views
Windows server 2012 Active Directory Groups
Have a quick question.
I work in a large company and i've always been told that if a users needs let's say access his emails on the phone he has to be member of a specific group (apart from ...
1
vote
2
answers
3k
views
Get SID for each member of a local group
On an Active Directory domain member running Windows 7 I have a local group. It has users and other groups as members:
How can I obtain the SID for each member of this local group? I'm aware of the ...
1
vote
1
answer
602
views
AWS EC2 access attempts on blocked ports
I have recently installed OSSEC on a RHEL 8 server being hosted on AWS EC2. Since then I have been receiving brute force attempts and other attempts on ports that are not open in my security group.
...
1
vote
2
answers
1k
views
Whitelist both IPv4 and IPv6 in AWS Security Group
I am setting up an SFTP server, I want to white list all the IPs in the Security Group so people can connect to it from anywhere.
At the moment I am adding 2 rules to the Inbound rules, one rule for ...
1
vote
1
answer
533
views
Why don't Windows domain machines periodically query security group membership, like other things? [closed]
When I was in lower tier support (and sometimes still), one of the most annoying sequences of events was a request for new file permissions >> add user to security group and specify in the reply ...
1
vote
1
answer
5k
views
pass an existing VPC ( or Subnet/Security group) as a parameter to the template using the Ref built-in?
I am trying to find a way to set default VPCs, Subnets and Security Groups in the Cluster.template JSON file.
Is there a way to pass an existing VPC ( or Subnet/Security group) as a parameter to the ...
1
vote
2
answers
88
views
GPO Security Filtering Using Groups
A GPO was setup with filtering applied to a single group containing computer objects. Is a restart mandatory for all the computer objects listed in the "New Group" for GPO to be applied on them? or is ...
1
vote
3
answers
818
views
How can I easily manage constantly changing public IP addresses in my many security groups
Our development environment is hosted on AWS, and is accessed by dozens of people. As people join and leave the project, or work from alternate (often temporary) locations, I find myself constantly ...
1
vote
2
answers
3k
views
Link a GPO to an OU or security group, Who will win?
Here's the scenario:
A GPO is linked to an OU to enable, for example, UAC setting.
However, since there are certain systems that require UAC to be disabled, there is a GPO that disables these settings....
1
vote
1
answer
2k
views
Should AWS Security groups allow internet traffic?
Ok, so I created a default Elastic Beanstalk Application and getting this reported as High Risk, and happens on all Regions that are connected to the VPC Network (which is not a public IP, only the ...
1
vote
1
answer
403
views
Will a domain controller in the domain that a group is defined contain all member information?
Let's say I have a forest setup with many domains. If I were to pick an arbitrary security group from any of the domains, what is the best way to find ALL user members of that group, including user ...
1
vote
2
answers
245
views
How to prevent user from disabling the Mcafee
How can I prevent user from disabling the Mcafee VirusScan Enterprise 8.8? Is there any Registry or Local Group Policy that I could do it?
1
vote
1
answer
475
views
Blocking all outbound traffic except API response - AWS Security Groups
I've got a web app (App 1) and am setting up an API endpoint. I will send a request to that endpoint from App 2. App 1 and App 2 are in the same VPC.
I'd like for App 1 to allow NO outbound traffic ...