Security Policy configuration

  • Basic Information.

Security groups are nothing more than firewall rules that protect our instances. It is recommended to limit traffic to open ports to specific IP addresses. Opening a port to 0.0.0.0/0 will allow all PCSS employees to access such a port.

From the position of security groups, we can freely control outgoing traffic. As for incoming traffic, we can typically manage services that operate on ports 80, 443, 22, 3389, 8080.

If we need to unlock incoming traffic for other services/ports, it is necessary to create a ServiceDesk ticket https://support.pcss.pl/servicedesk/customer/portal/5/create/147?q=firew&q_time=1685522254743

After the ticket is completed, an appropriate exception must be added in the security group for the instance.

  • Adding a Group

By default, there is 1 available security group: default, which only allows outgoing traffic from the instance. This group can be modified, but a better solution is to define new groups with selected protocols.

To add a new group, you need to:

  1. In the WWW panel, select Access and Security from the menu on the left side.
  2. Click 'Create Security Group'.
  3. Provide a name and description (for example, Simple-SSH).
  4. Confirm the entered data.
  5. The new group Simple-SSH appears on the list. For it, select the option Manage Rules from the menu.
  6. Click on the Add Rule button.
  7. On the new screen, you can create your own rule or choose from a list of predefined ones. Choose SSH.
  8. In the CIDR field, limit traffic to a single host or subnet.
  9. Confirm your choice.

New-sec-0.png

In a similar way, we can unlock other protocols. It is also possible to create one group for a specific instance with several unlocked ports.

  • Using a Group

Security groups are specified when creating a new virtual machine instance. If we have defined new groups, they will be displayed in the Access and Security tab when setting up a new instance:

New-sec-1.png

A new instance can use multiple groups simultaneously.

If you want to add a group to an existing instance, simply select Modify Security Groups from the instance menu, and on the displayed screen, click + next to the new group:

New-sec-2.png