Certified Security - Specialty

Sign Up Free or Log In to participate!

Suggestion: All demos should use VPN or “my ip address” instead of in security groups

I know I am being a pest about some of my suggestions, but……

Since security is paramount with cloud providers I would suggest that ACG setup a VPN tunnel to VPC’s used in demos, or use the "My IP Address".  Using the worst possible option,, is as you know a terrible idea.  Ryan mentions every time he uses it that it’s a bad idea and never do it — "but this is for demo purposes".  To me, this is not a great way to demo anything in the cloud.  Lead by example…:-)  Please follow best practices throughout your demos.  Doing so would reinforce the security model with your students!!

2 Answers


I agree with you, and I know others have stated the same. I understand that Ryan is doing it for convenience and that he terminates instances immediately after recording lectures. However, after going through VPC Flow Log demonstrations and playing around with them more I was amazed at just how quickly there were probes looking for vulnerabilities and how many of them there were. There’s no such thing as security by obscurity any longer, and I wish that the lectures would incorporate best practices for things like this. Students who are following labs may not know any better, and are more apt to leave instances running for a period of time while trying to learn the material.


Alec Whitehouse

Yeah Guard Duty will log SSH probes within seconds — generally coming from China.

Tom Kringstad

SSH probes is one – what surprised me also was looking at top referrers in my CloudFront logs for a S3 static web site that only has plain vanilla html files, and seeing requests that are probing for WordPress vulnerabilities and other common entry points. I haven’t tried Guard Duty yet – will give it a looksie.

Thanks for the feedback – we’ll take it on board

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?