Securing AWS Security Groups: Restricting Egress Rules

Good afternoon! Today's article demonstrates a surprisingly easy way to tighten the network-layer permissions in an AWS VPC. (If you're in AWS but you're not in a VPC: 😡) Security Groups have ingress and egress rules (also called inbound and outbound rules). In most SGs, the egress rules allow all traffic to everywhere. You've probably seen … Continue reading Securing AWS Security Groups: Restricting Egress Rules

AWS Security Groups: Stateful Statelessness

Hello! Recently, I rediscovered a fiddly networking detail: although ICMP's ping is stateless, AWS security groups will pass return ping traffic even when only one direction is defined in their rules. I wanted to see this in action, so I built a lab. If you just asked, "Wat❓", keep reading. Skip to the next section if … Continue reading AWS Security Groups: Stateful Statelessness