Security measures for your EC2 Instances during an attack

Answer - A.

Since the default rules of the NACL is to allow all traffic , the best option first would be to delete the default rule from the NACL to block all traffic.

An example of the command is shown below.

aws ec2 delete-network-acl-entry --network-acl-id acl-5fb85d36 --ingress --rule-number 100

For more information on the command , please visit the below URL:

None of the options mentioned seem appropriate for mitigating an ongoing attack on EC2 instances.

Network Access Control Lists (NACLs) are stateless and act as a firewall for controlling inbound and outbound traffic at the subnet level. They operate on the 5-tuple rule, which means that traffic is allowed or denied based on source and destination IP address, source and destination port, and protocol type.

If an attack is ongoing on EC2 instances in a subnet, there are a few steps that you should take before thinking about modifying the NACLs:

1. Identify the nature and extent of the attack.
2. Stop the attack by taking the necessary steps, such as blocking the attacker's IP address, shutting down the affected instances, or applying patches to the vulnerable software.
3. Determine the root cause of the attack and take corrective measures to prevent similar attacks in the future.

Only after the attack is contained and the root cause is determined, should you think about modifying the NACLs, if needed, to prevent similar attacks in the future.

In general, the commands listed are used for modifying the rules of the NACLs:

• aws ec2 delete-network-acl-entry: This command is used to delete a specific rule from a NACL.
• aws ec2 create-network-acl-entry: This command is used to add a new rule to a NACL.
• aws ec2 rename-network-acl-entry: This command is used to rename an existing rule in a NACL.
• aws ec2 change-network-acl-entry: This command is used to modify an existing rule in a NACL.

None of these commands are appropriate for mitigating an ongoing attack on EC2 instances.