8_Securing Your AWS Network Environment

Flashcards about securing network resources in Amazon VPC.

What is a key security design principle for securing network resources?

Apply security at all layers, including network ACLs and security groups.

What part of the network environment do Network ACLs and Security Groups protect?

Network ACLs protect subnets, while security groups protect instances within the VPC.

What are security groups in terms of firewalls?

Stateful firewalls that allow outbound responses if an inbound request is allowed.

What are the default inbound and outbound rules for a default security group in a VPC?

No inbound traffic is allowed, and all outbound traffic is allowed by default.

What type of rules can be created with security groups?

Only allow rules can be created.

What is the state of Network ACLs?

Stateless, meaning they evaluate every inbound and outbound request independently.

What types of rules can be created using Network ACLs?

Rules can either allow or deny traffic.

How are Network ACL rules evaluated?

Evaluated from lowest to highest until a match is found.

What are the characteristics of the default Network ACL?

Allows all inbound and outbound traffic by default, but includes an asterisk rule that denies all traffic as the final rule.

What is AWS Network Firewall?

A stateful managed network firewall for Amazon VPC with intrusion detection and prevention.