Which of the following is the best method to quickly and temporarily deny access from the specified IP addresses?

A company hosts multiple applications in their VPC. While monitoring the system, they noticed that multiple port scans are coming in from a specific IP address block that is trying to connect to several AWS resources inside their VPC. The internal security team has requested that all offending IP addresses be denied for the next 24 hours for security purposes.

Which of the following is the best method to quickly and temporarily deny access from the specified IP addresses?
A . Configure the firewall in the operating system of the EC2 instances to deny access from the IP address block.
B . Add a rule in the Security Group of the EC2 instances to deny access from the IP Address block.
C . Modify the Network Access Control List associated with all public subnets in the VPC to deny access from the IP Address block.
D . Create a policy in IAM to deny access from the IP Address block.

Answer: C

Explanation:

To control the traffic coming in and out of your VPC network, you can use the network access control list (ACL). It is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. This is the best solution among other options as you can easily add and remove the restriction in a matter of minutes.

Creating a policy in IAM to deny access from the IP Address block is incorrect as an IAM policy does not control the inbound and outbound traffic of your VPC.

Adding a rule in the Security Group of the EC2 instances to deny access from the IP Address block is incorrect. Although a Security Group acts as a firewall, it will only control both inbound and outbound traffic at the instance level and not on the whole VPC.

Configuring the firewall in the operating system of the EC2 instances to deny access from the IP address

block is incorrect because adding a firewall in the underlying operating system of the EC2 instance is not

enough; the attacker can just connect to other AWS resources since the network access control list still

allows them to do so.

Explanation:

Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

Amazon VPC Overview:

https://www.youtube.com/watch?v=oIDHKeNxvQQ

Check out this Amazon VPC Cheat Sheet:

https://tutorialsdojo.com/amazon-vpc/

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments