cloud and local firewall at all (sig consensus?)

[Garrett Holmstrom]

On 2012-12-20 12:49, Matthew Miller wrote:
> On Wed, Dec 12, 2012 at 09:58:04PM -0800, Garrett Holmstrom wrote:
>> EC2 recommends images with *no* default firewall since they use security
>> groups to control traffic, and adding a second, guest-level firewall tends
>> to confuse people.
>
> I'd like to get a group consensus on this. Dennis Gilmore has expressed
> concern about leaving the local firewall off -- having it on may be
> redundant, but it protects against configuration errors or security bugs in
> EC2 itself.
>
> Options for the out-of-the-box config are:
>
>   A) no local firewall (Garrett, do you have a reference to an EC2
>          recommendation for this configuration?)

Not any more.  The only reference to instance-specific firewalls that I 
can find in today's documentation [1] is, "In addition to these 
examples, you can maintain your own firewall on any of your instances. 
This can be useful if you have specific requirements not met by the 
Amazon EC2 distributed firewall."

>   B) firewall allowing ssh in by default (normal Fedora default)
>
>   C) firewall allowing in ssh + http/https (since cloud systems are often
>          web servers)
>
> I'm lightly in favor of C, since I like the concept of defense-in-depth, and
> this seems like a decent compromise. But I really don't have a very strong
> opinion. What are your thoughts?

There seem to be enough people here who are okay with defaulting to dual 
firewalls to narrow it down to B and C.  To be honest, I'd choose B. 
It's Fedora's default, it makes fewer assumptions, and since we're 
already considering an exploit in EC2 itself to be in scope, we might as 
well block off a couple a couple more ports out of the box.

I don't feel incredibly strongly about that, though.  I just think it 
makes more sense.

[1] 
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html

--
Garrett Holmstrom