CSF firewall in EC2

Question

I am a developer who has very limited knowledge of server administration; I learn as I go and mainly deal with web servers.

Is a firewall like CSF needed on something like EC2 given that AWS already provides a basic firewall?

score 2 · Answer 1 · answered May 08 '17 at 02:54

2

Research the concept of defense in depth.

Is this needed? Maybe not. But it's sure nice to have two levels of firewall to rely on in case you accidentally mess up your security groups at some point.

As a rule, I always use network-level firewalls and host firewalls on all of my systems, regardless of where they're deployed. I recommend others do the same. There's very little additional overhead in maintenance, performance, etc.

answered May 08 '17 at 02:54

EEAA

108,414
18
172
242

1

On AWS the Network ACL is a network based firewall, security groups are a firewall that run on the hypervisor. Adding a software firewall running on the host could be seen as third level. Add to that you can use a WAF / CDN which can give you four levels of protection. – Tim Jul 18 '17 at 21:47

CSF firewall in EC2

1 Answers1