Security Policy Management with
Professor Wool

Best Practices for Amazon Web Services Security

Best Practices for Amazon Web Services (AWS) Security is a whiteboard-style series of lessons that examine the challenges of and provide technical tips for managing security across hybrid data centers utilizing the AWS IaaS platform.

Lesson 1

The Fundamentals of AWS Security Groups

In this lesson Professor Wool provides an overview of Amazon Web Services (AWS) Security Groups and highlights some of the differences between Security Groups and traditional firewalls. The lesson continues by explaining some of the unique features of AWS and the challenges and benefits of being able to apply multiple Security Groups to a single instance.

Lesson 2

Protect Outbound Traffic in an AWS Hybrid Environment

Outbound traffic rules in AWS Security Groups are, by default, very wide and insecure. In addition, during the set-up process for AWS Security Groups the user is not intuitively guided through a set up process for outbound rules – the user must do this manually. In this lesson, Professor Wool, highlights the limitations and consequences of leaving the default rules in place, and provides recommendations on how to define outbound rules in AWS Security Groups in order to securely control and filter outbound traffic and protect against data leaks.

Lesson 3

Change Management, Auditing and Compliance in an AWS Hybrid Environment

Once you start using AWS for production applications, auditing and compliance considerations come into play, especially if these applications are processing data that is subject to regulations such as PCI, HIPAA, SOX etc. In this lesson, Professor Wool reviews AWS’s own auditing tools, CloudWatch and CloudTrail, which are useful for cloud-based applications. However if you are running a hybrid data center, you will likely need to augment these tools with solutions that can provide reporting, visibility and change monitoring across the entire environment. Professor Wool provides some recommendations for key features and functionally you’ll need to ensure compliance, and tips on what the auditors are looking for.

Lesson 4

Using AWS Network ACLs for Enhanced Traffic Filtering

In this lesson Professor Wool examines the differences between Amazon's Security Groups and Network Access Control Lists (NACLs), and provides some tips and tricks on how to use them together for the most effective and flexible traffic filtering for your enterprise.

Lesson 5

Combining Security Groups and Network ACLs to Bypass AWS Capacity Limitations

AWS security is very flexible and granular, however it has some limitations in terms of the number of rules you can have in a NACL and security group. In this lesson Professor Wool explains how to combine security groups and NACLs filtering capabilities in order to bypass these capacity limitations and achieve the granular filtering needed to secure enterprise organizations.

Lesson 6

The Right Way to Audit AWS Policies

In this whiteboard video lesson Professor Wool provides best practices for performing security audits across your AWS estate.

Lesson 7

How to Intelligently Select the Security Groups to Modify When Managing Changes in your AWS

Lesson 8

How to Manage Dynamic Objects in Cloud Environments

Learn more about AlgoSec at and read Professor Wool's blog posts at

Have a Question for Professor Wool?