¶ Network Security and Firewalls in Cloud
Network security in cloud protects cloud resources (VMs, databases, applications) from unauthorized access, attacks, and data breaches by controlling traffic flow and monitoring network activity.
A cloud firewall is a security service that filters incoming and outgoing network traffic based on defined security rules. It acts as a protective barrier between cloud resources and the internet.
- Prevents unauthorized access to servers and applications
- Protects against cyberattacks (DDoS, port scanning, malware)
- Secures sensitive data
- Controls traffic between internal cloud resources
A private network inside the cloud for hosting resources.
Logical network segments inside a virtual network.
Rules that allow or deny traffic based on:
- IP address
- Port number
- Protocol (TCP, UDP, ICMP)
Cloud-based firewalls attached to:
- Virtual machines
- Subnets
- Load balancers
- A request comes from the internet to a cloud server
- Firewall checks the request against security rules
- If rule allows → traffic passes
- If rule denies → traffic is blocked
- Only approved traffic reaches the server
- Network Firewall – Filters traffic at network level
- Application Firewall (WAF) – Protects web applications
- DDoS Protection – Blocks large-scale attack traffic
- Allow only required ports (e.g., 80, 443, 22)
- Restrict access by IP range
- Use private subnets for databases
- Enable logging and monitoring
- Use Web Application Firewall (WAF)
A company hosts a web application on an EC2 server and wants to:
- Allow only web traffic from the internet
- Allow SSH access only from office IP
- Block all other traffic
- Public Subnet:
10.0.1.0/24
- Web server installed (Apache/Nginx)
| Protocol |
Port |
Source IP |
Action |
| TCP |
80 |
0.0.0.0/0 |
Allow |
| TCP |
443 |
0.0.0.0/0 |
Allow |
| TCP |
22 |
Office IP (203.0.113.10/32) |
Allow |
| Protocol |
Port |
Destination |
Action |
| All |
All |
0.0.0.0/0 |
Allow |
Attach the security group to the EC2 instance.
- Users can access the website via HTTP/HTTPS
- Only office network can access SSH
- All other ports are blocked automatically
- Secure web application environment
- Protected server from unauthorized access
- Reduced attack surface
Cloud network security and firewalls:
- Protect cloud infrastructure from cyber threats
- Control traffic using firewall rules
- Secure applications and sensitive data
- Ensure safe and reliable cloud operations