Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Amazon EC2 - Security Group Settings

Posted on 2014-04-12
8
Medium Priority
?
332 Views
Last Modified: 2014-04-12
I've already modified security settings on my EC2 instance and have gotten what I wanted from doing that (ability to ping and ability to reach the instance via my browser) but I've probably opened the security settings to broadly and compromised security of the instance. I've attached screen shots of the settings, can you help with this?
EC2-Security-Settings.docx
0
Comment
Question by:cbridgman
  • 4
  • 4
8 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39996518
For starters I'd definitely remove the All TCP ports inbound rule ... That's very unsafe!
0
 

Author Comment

by:cbridgman
ID: 39996526
The reason that I put the TCP ports thing in there is that I have installed websphere on the server and deployed a web-based application on it. Now that it is there, I need to be able to access that application's user interface through a browser from any PC I'm on. Before adding the ALL TCP entry, I was unable to do that. Once I added it, I was able to access the application via a browser.

Is there another or better way to do that?
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39996529
Yeah ... There should be, find out which ports websphere is using and the other applications, maybe you can use netstat to find out which ports are open when you're using the application?

in a command window type "netstat -an" for example ...

For the record, these are all the ports websphere is using apparently: http://publib.boulder.ibm.com/infocenter/wsdoc400/v6r0/index.jsp?topic=/com.ibm.websphere.iseries.doc/info/ae/ae/adrportbase.htm

I'd start with configuring these instead of the all TCP ports.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:cbridgman
ID: 39996530
Okay, I will give that a try. I really am a novice at this kind of stuff so your assistance is really appreciated. I will let you know how that goes.
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 2000 total points
ID: 39996534
No problem, I'm still here for a little while ... We all have to learn, I'm still learning every day ;)
0
 

Author Comment

by:cbridgman
ID: 39996700
RDP solution works like a charm.

Thanks for the expert help.
0
 

Author Comment

by:cbridgman
ID: 39996701
I closed down the ports that are available to TCP and all is working fine.

Again, thanks for the expert help.
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39996721
Ok, glad to hear it!! Thanks!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question