1. Security Group :
Security group like a virtual firewall. It has inbound and outbound security rules in which all inbound traffic is blocked by default in private on AWS EC2. It does not allow particular protocol no one will able to access our instances using this protocol you can stop traffic by using that rule by default everything that is denied. There are various multiple security groups on EC2 instances.we can not block a specific IP address using that security group but using the network access list. In which we edit any rule a security group with faster effect.
2. Network Access Control List (Network ACL) :
Network ACL is a modifiable default network. It allows all the inbound or outbound IPv4 traffic and here we create a type of custom network all or each custom network ACL denies all inbound and outbound traffic. This network is the stateless and separate inbound and outbound rule with a default limit of 20 for both rules and starting with the lowest numbered rule. In which all subnet in VPC must be combined with network ACL one subnet -one network ACL at a time. It supports rules and deny rules and operate the subnet level.
Difference between Security Group and Network ACL :
|Security Group||Network Access Control List|
|In security group, we operates at instance level.||In network ACL, we operate sub net level.|
|It support only allow rules.||It support allow rules and deny rules.|
|It is stateful, when we create an inbound or an outbond rule.||It is stateless, it return traffic must be allowed explicitly.|
|We can block specific IP address using SGs.||We can block specific IP Address using NACL.|
|All rules are evaluted before deciding to permit trffic.||Rules are processed in number order when deciding wheather allow traffic.|
|It start with instance launch confriguation.||In which we assigned to subnet for all instance.|
|It applies when someone specifies security group when launching the instance and it assoicates with security group.||They do not depend on user it automatically apply all instances with subnet.|
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.
- Difference between Network Security and Cyber Security
- Difference between Information Security and Network Security
- Difference between AWS Cloudwatch and AWS Cloudtrail
- Difference between Cyber Security and Information Security
- Access-Lists (ACL)
- VLAN ACL (VACL)
- How Security System Should Evolve to Handle Cyber Security Threats and Vulnerabilities?
- Difference between Storage Area Network (SAN) and Network Attached Storage (NAS)
- Difference between Next Generation Network and Traditional Network
- Difference between Software Defined Network and Traditional Network
- Difference Between Google Cloud and AWS
- Difference between AWS and Heroku
- Cryptography and Network Security Principles
- Port Security in Computer Network
- Network Security
- Voice Biometric Technique in Network Security
- A Model for Network Security
- Protection Methods for Network Security
- Pivoting - Moving Inside a Network (Cyber Security)
- Differences between Wireless Adhoc Network and Wireless Sensor Network
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.