Configuring AWS security groups for Virtual Network Sensor

Procedure

1. On the AWS Management Console, go to the EC2 dashboard.
2. In the top navigation bar, select the Region where you plan to deploy your instance.

   Note The region can be set to any region you require the Virtual Network Sensor to be deployed. If you are unsure which region to select, use the default region for your AWS account.

3. Go to Network & Security → Security Groups.
4. To create the data port rules, click Create security group.
5. Configure the Basic details.
   1. Specify a unique name.
      Trend Micro recommends using easy to identify rule name such as VirtualNetworkSensor_DataPort
   2. Type a description of the ruleset.
   3. Select the VPC to save the security group.
6. Configure the Inbound rules.
   1. Click Add rule.
   2. Configure the new rule.
      • Type: Select All traffic.
      • Source: Trend Micro recommends setting the source to custom and setting the IP to 0.0.0.0/0 to allow the Virtual Network Sensor to scan all traffic.
        Allowing all traffic to the data port provides the Virtual Network Sensor with maximum visibility into your security environment.
7. Make sure Outbound rules is set to the default to accept all traffic.

   Note Trend Micro recommends using default settings for outbound port rules. Setting additional outbound rules might affect the ability of the Virtual Network Sensor to scan all traffic.

8. Assign tags to your rule.

   Tip Adding tags helps with managing objects like security rules by providing a way to track ownership or locate resources associated with deployed instances.

9. Click Create security group.
   The security group is created and opens the details page for the newly created security group.
10. Go to Network & Security → Security Groups.
11. To create the management port rules, click Create security group.
12. Configure the Basic details.
    1. Specify a unique name.
       Trend Micro recommends using easy to identify rule name such as VirtualNetworkSensor_ManagementPort
    2. Type a description of the ruleset.
    3. Select the VPC to save the security group.
13. Configure the Inbound rules.
    1. Click Add rule to create a new rule.
    2. Configure the following rules.

       Type	Protocol	Port Range	Source Type	Source	Purpose
       SSH	TCP	22	Recommended: Custom	Specify an IP address in CIDR notation or select a security group which is allowed to access the Virtual Network Sensor. See note	For accessing the Virtual Network Sensor CLISH console
       HTTP	TCP	80	Recommended: Custom	Specify an IP address in CIDR notation or select a security group which is allowed to access the Virtual Network Sensor. See note	Debug log export
       Custom UDP	UDP	4789	Recommended: Custom	Specify the IP address in CIDR notation of your mirror source or NLB. See note	For VXLAN traffic required by the AWS traffic mirror
       Custom TCP	TCP	14789	Recommended: Custom	Specify the IP address in CIDR notation of your NLB. See note	For answering NLB health check

       Note Source type controls which IP addresses are allowed to connect to the Virtual Network Sensor. Trend Micro suggests setting Source type to Custom, then specifying Source IP addresses or security groups. See the AWS help for more information about assigning IP addresses and security groups.

14. Make sure Outbound rules is set to the default to accept all traffic.

    Note Trend Micro recommends using default settings for outbound port rules. Setting additional outbound rules may affect the ability of the Virtual Network Sensor to connect to Network Inventory.

15. Assign tags to your rule.
16. Click Create security group.
    The security group is created and opens the details page for the newly created security group.

    Your environment should now be ready to launch the Virtual Network Sensor instance.