RedLock is now a part of Palo Alto Networks - READ MORE
RedTalk Ep 3: Network ACLs
< Back

RedTalk: Network ACLs Behave Differently Amongst Public Cloud Providers

by   |   06.07.18, 6:00 AM

The Issue: Network ACLs Behave Differently Amongst Public Cloud Providers

Not all firewalls are created equal. Some are generous... some are not...and not all firewall controls amongst the public cloud providers behave the same way.

Every cloud service provider - AWS, Microsoft Azure, and Google Cloud Platform (GCP) - provides native firewall capabilities. When a firewall ACL has been modified, what happens to the existing connections?

RedLock’s CSI Team observed that rule updates made to AWS ACLs are dynamically applied to new and existing connections. In Azure and GCP, however, rule updates made to the ACLs are not dynamically applied to existing connections. This means that if for some reason (malicious or not), an ACL rule allows an unintended open connection, existing connections that have already been established will not be dynamically terminated when corrected rules are applied.

The Mitigation: How to Enforce Updated ACLs in Azure and GCP

To mitigate this issue, we recommend that administrators terminate existing connections impacted by the bad ACL rules, by restarting the service or applications.

 

See RedLock Cloud 360 platform in Action

RedLock | Demo Request

Get a demo to see how RedLock can help you with:

  • Compliance assurance
  • Security governance
  • SOC enablement

Request a Demo


Related Posts