Skip to main content
Contact Support

New to Micron21 Knowledge Hub? Register for an account

Reset Password

What are Security Groups in mCloud - Knowledgebase / mCloud - Micron21 Knowledge Hub

What are Security Groups in mCloud

Authors list
  • Last updated: Jan 17, 2025 by Micron21

Security groups are sets of IP filter rules that are applied to all project instances, they are used to define networking access to the instance. These are applied to all traffic to an instance EXCEPT for traffic on the same subnet, which is allowed by default.

Default Security Group

Each mCloud project has its own Default Security Group. As it is created, it has the following rules:

  • IPv4 ALLOW all OUT

  • IPv6 ALLOW all OUT

  • IPv4 ALLOW all IN FROM members of the default security group

  • IPv6 ALLOW all IN FROM members of the default security group

  • DENY all (implicit)

All instances that are a member of this default security group will have full access to other instances that it can route to, so long as the other instance is also a member of this group.

You can add and delete rules from this group, but keep in mind any changes will apply to all members of the default group that already exist and will be created in the future.

Security Group Considerations for Internet-facing Servers

When creating security groups and rules for Internet-facing servers, the industry-standard approach is that only necessary services should be exposed to the Internet. Any sensitive services should be secured behind whitelisting.

An example ruleset for a Webserver would look something like this:

  • SecG1.png

  • A ruleset such as this can be locked down even further, by allowing outbound traffic to only required locations/services



Helpful Unhelpful
Author
Vincent (Vinnie) Curle
Creation date
Jan 14, 2025
Last update
Jan 17, 2025
Publish date
Jan 17, 2025