Network ACL's Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

36 minutes
Video Transcription
Hello, everybody. And welcome back, as you could see, were in the AWS management Consul. I'm gonna go ahead and head over to VP sees and when you're looking for network A C. L's on the settings, the change for your a c l's they will be sitting within the biggest e dashboard you could head under here on your security
goto network A seals.
And remember, I talked about how when he set up an account, you get a default TPC and you also get a default network A seal. Well, this is what I'm talking about. If I go over here to your VP, sees you're going to see I have my vpc and under default says yes,
know where j. C. L is also associated with That is also says defaults. It says yes, there. And when I was talking about in the slides with the inbound and outbound rules, I was talking about this right here, all traffic, all particles, Allport ranges. All destinations are allowed on my m bound
and my heart pounds. I know that is just so that in reverse. But you know what I mean. It is allowed across the board And in order for you to change this, what you have to do is you have to change the rule number or you have to edit inbound rules, maybe admit and our rules. And what this rule number does is since your
rules by priority. So
the lower the number, the higher their priority. This one's obviously set 200. So just to simplify if I were to set a new rule to 99 I said, deny all protocols, denial port ranges and deny from everywhere and set tonight here, then
it would overrule this
ruling right here
on. You can edit that by adding a new rule saying, 99 I want all actually, let's do all traffic,
all traffic,
all protocols, everything
And as you can see a sense, it is the higher priority, and it's going to deny everything and overrule this one. If I were to, uh, let's say, edit the rule and assisting on traffic, I say I want to block sshh
and I want to block it from everywhere in the world's I can save it. And now what it's gonna do is this going to allow all traffic from everywhere except for estate. She just won't allow SS age from anywhere. You can change
the inbound and outbound rules right here. That's simply and every single easy to instance that's attached to this network. A CEO which these air things you change when you're you set into place. When you're setting up your VP sees and when you're deploying, you're easy to insist is you get to choose which ABC you want to stick him into, um, these security settings air going to control that
from the gecko, and and it's super simple. As you can see, I can change it for imbalance can change for outbound. And, uh, yeah, Amazon takes care of the rest of it for you. So hopefully that was helpful. Um, if you have any questions, feel free to reach out to me. All right, I'll talk to you later.
All right. I'll see in the next lecture
Up Next