Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

The Wide-Open Security Group

Max room.

Learn how to ensure your Security Groups are well-scoped.

medium

45 min

0

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

In this room, you will explore a common misconfiguration involving Security Groups. Let's dive in.

Here is a common scenario: a developer builds a web application on and needs a web server, access for management, and a MySQL database. As it happens, most of the time, the eager cloud admin creates a single security group, opening the needed ports to the entire internet. The web app works, so nobody revisited the setup.

Learning Objectives

  • Identify overly permissive rules in SG
  • Remove and replace SG rules with scoped, least-privilege alternatives
  • Use SG2SG references for inter-tier communication
  • Understand a multi-tier SG strategy to separate public/private access

Prerequisites

Answer the questions below

Let us prevent an apocalypse.