About configuring AWS security groups
An AWS Security Group is a virtual firewall that controls inbound and outbound traffic for one or more EC2 instances. When you launch an EC2 instance, you associate one or more security groups with the instance. You add inbound and outbound rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time. The new rules are automatically applied to all instances that are associated with the security group. AWS checks the security group rules before it allows traffic to or from the EC2 instance.
Symantec recommends that you harden each AWS Security Group to which the detection server belongs. This hardening results in minimal open ports. We also recommend that you safe list the source IP to at least the third octet, for example:
x.x.x.0/24
.Figure 1 shows an example AWS Security Group with inbound rules. Notice that only the necessary ports are opened, and the IP addresses are limited to the third octet.
Example AWS Security Group configuration for a detection server: Inbound Rules
