Add new rules to security group LAbSecGrp

Collect the IP address of GuacUbn inbound keep

HTTP & HTTPS ::/0 & 0.0.0.0/0 (allow all web traffic to ipv4 and ipv6) inbound change Allow (only GuacUbn IP address to SSH & RDP) Allow All from custom "my IP" outbound keep

Test

• ONLY IF you configured TOTP
• In Q&A send instructor IP address of your test Guac server

Copy security group ( new name GuacSecGrp)

Set rules HTTP & HTTPS to custom "myIP"

• this is bad in real world - Why?

Move Guac server to new group

• In Q&A send instructor IP address of your test Guac server - type Restest

Firewall lab to add geo filtering

• We do in class / You can test dean's firewall
• original lab is here
• https://aws.amazon.com/blogs/security/hands-on-walkthrough-of-the-aws-network-firewall-flexible-rules-engine/
• From time of upload to completing creation is a 5 minute wait

wrong step info:

1. AT "To view the firewall’s alert logs"
2. select Log | Log insights ( NOT select Insights)

new rules for GeoIP blocking

1. for testing use https://geotargetly.com/geo-browse
2. Copy the FQDN of your test site (from Make network connections to the web server) into the web page and choose United Kingdom from list of locations
3. As long as you are not in Great Britain this will work
4. Go back to step 6 and add another rule to staefulrulegroup

drop tcp any any -> any any (msg:"GeoIP is GB, UK"; geoip:any,GB; sid:55555555; rev:1;)

5. on Geotargetly site click GO again
6. you can build your own rules using same as above with 2 letter country codes and http://www.geonames.org/countries/

new DNS rules for blocking

for details https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.html if you can ping the test server and get resolve of 1.2.3.4 you have access to a BAD test server

1. Open EC2 webserver console and ping controldomain1.botnetlist.firewall.route53resolver.us-east-1.amazonaws.com
2. Go to VPC Dashboard | DNS firewall rules | Rules group
3. Add new rule group | name = Naughty list | Add new rule group
4. In Naughty list click Add rule
5. Name each Naughty #, where you increment name by one
6. Add AWS managed domain list, choose each from list
7. Action BLOCK | add rule
8. Repeat for all 4 lists
9. From the main rules group listing for Naughty list | choose the associate, VPCs tab below
10. on left click associate VPC | Choose your Firewall VPC from drop down
11. repeat ping from above

you must delete your stack for next lab to work