The course is part of this learning path
This course covers a few strategies for isolating your EC2 instances in response to a security event and explores the pros and cons of those strategies.
Learning Objectives
- Learn how to isolate an EC2 instance's network communication with various levels of granularity
- Understand the positives and negatives associated with each technique
Intended Audience
I would recommend this course for any solutions architects, developers, system administrators, and network administrators who are responsible for the security of their architectures.
Prerequisites
To get the most out of this course, you should have a decent understanding of cloud computing and cloud architectures, specifically with Amazon Web Services. You should know about VPC, Security groups, NACLS, and all the basic level networking concepts for AWS. It would be helpful if you had some background in IT or network security, but it's not required.
If you find yourself in need of isolating an EC2 instance it is important to have a plan going in. As we have discussed through this course, It is not necessarily an easy task to stop all communication to a compromised instance. There are a number of gotchas that could get you into trouble if you were not aware of how network communication truly works.
For example, security groups might seem fairly transparent and easy to stop network traffic with, however, dealing with both tracked and untracked connections incorrectly will leave any existing connections running on the affected instance. This vulnerability could leave attackers with an open door to a system you thought was isolated - giving them even more time to deal damage and steal information.
The level of isolation you use will also affect greater and greater amounts of your architecture as you work your way up the network chain. Although simpler than using a security group, isolating your instances at the NACL level will leave all instances within the subnet equally isolated even though they might not be affected in the same way.
If you are running production workloads on those instances that get isolated via this NACL collateral damage, you will of course worsen the experience for any customers who might have been using those servers to begin with. This might be the right course of action, however, so you will need to weigh the positives and negatives for this solution. I recommend doing that kind of soul searching ahead of time, and have your answers already written down in a playbook to speed up your decision-making.
Overall isolation of your EC2 instances is fairly easy to accomplish once you know what you need to do. It will give you some amount of relief and provide valuable time for your security teams to figure out how to deal with the problem both now and in the future. Isolation is but one part of a robust incident response strategy, but I think you can see how valuable this one piece is.
That's all I have for you in this lecture. My name is Will Meadows and I'd like to thank you for spending your time here learning about isolating your EC2 instances. If you have any feedback, positive or negative, please contact us at support@cloudacademy.com, your feedback is greatly appreciated, thank you!
William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.