Security Groups Overview

Security Groups are a foundational component of the Bridge platform's network security model. They serve as stateful, virtual firewalls that govern all inbound and outbound network traffic to and from platform resources, including application workloads and infrastructure services.

The primary function of Security Groups is to enforce the principle of least privilege by creating logical network segmentation. This is achieved by defining explicit "allow" rules for traffic flow, while denying all other traffic by default.

Key Functions: Micro-segmentation: Isolating workloads and services into distinct security zones to prevent unauthorized lateral movement between environments.

Controlled Access: Ensuring that services are only exposed to trusted network sources, defined by IP address ranges (CIDR blocks) or other Security Groups.

Egress Control: Regulating outbound connections from internal services to prevent data exfiltration and restrict communication to approved external endpoints.

Integration with F5 Load Balancers Within the Bridge architecture, Security Groups operate as a critical layer of defense in conjunction with F5 BIG-IP traffic management systems. This integration forms a layered security model.

Perimeter Security (F5): The F5 system manages north-south traffic, providing perimeter defense, SSL/TLS termination, web application firewall (WAF) capabilities, and sophisticated load balancing. It is the first line of defense for traffic entering the platform from external networks.

Infrastructure-Level Security (Security Groups): Once traffic is permitted by the F5, Security Groups provide a second, more granular layer of validation. They ensure that the traffic, now internal to the platform, is only allowed to reach its specific destination service on the designated ports.