In server management, creating a new security group is an important operation. It helps control the network access rights of the server and ensure the security of the server. The following are detailed steps and related instructions:

　　How to set up a security group for a new server to ensure network security?

　　Determine the security group policy planning

　　Analyze the purpose of the server

　　Clarify the main function of the server, such as whether it is used for a web server, database server, file storage server or other specific applications. Different purposes may require different network access rules.

　　If it is a web server, it is usually necessary to allow external users to access specific ports (such as port 80 for HTTP services).

　　Consider security requirements

　　Determine the security level based on the importance and sensitivity of the server. For servers containing sensitive data, stricter access control may be required.

　　For servers that store company financial data, access may only be allowed to a specific IP address range.

　　Select a cloud service provider platform and log in to the console

　　Common cloud service providers

　　There are many well-known cloud service providers on the market, such as Alibaba Cloud, Tencent Cloud, Huawei Cloud, etc. The console interface and operation methods of different providers may be slightly different, but the basic process is similar.

　　Take Alibaba Cloud as an example. Open the browser, enter the official website address of Alibaba Cloud, and log in to the Alibaba Cloud console with your account and password.

　　Enter the security group management page

　　Find the relevant entrance of the security group

　　In the cloud service provider's console, navigate to the relevant page of security group management, which can usually be found in the network-related menu options.

　　In the Alibaba Cloud console, click the "Network" menu, then select "VPC", and you can find the "Security Group" option in the left column.

　　How to set up a security group for a newly created server to ensure network security?

　　Create a new security group

　　Click the Create button

　　In the security group management page, there is usually a "Create Security Group" or similar button. Click this button to start creating a new security group.

　　Fill in basic information

　　Security group name: Name the newly created security group. It is recommended to use a descriptive name for subsequent identification and management. It can be named according to the purpose of the server or the project it belongs to, such as "Web Server Security Group".

　　Security group description: Briefly describe the purpose or related information of the security group. This part can help you and other administrators better understand the role of the security group.

　　Select region and availability zone: Select according to the region and availability zone where the server is located. The selection of region and availability zone will affect the access speed and reliability of the server. You should select the same settings as the region and availability zone where the server is located.

　　Configure security group rules

　　Inbound rules (allow external access)

　　Specify protocol type: Common protocol types include TCP, UDP, and ICMP. Select the appropriate protocol type according to the actual needs of the server. For Web servers, TCP protocol is usually required.

　　Set port range: Specify the port range allowed for access. It can be a specific port number or a port range. For HTTP services of Web servers, port 80 usually needs to be opened; for FTP services, ports 20 and 21 may need to be opened.

　　Configure source address: The source address refers to the external IP address or IP address segment that is allowed to access the port. You can select "0.0.0.0/0" to allow all external IP addresses to access, or specify a specific IP address or IP address segment. If only the company's internal network is allowed to access the server, you can specify the IP address segment of the company's internal network.

　　Add rule example: Suppose you want to create a rule that allows all external IP addresses to access port 80 through the TCP protocol. The specific settings are as follows: select "TCP" for the protocol type, fill in "80/80" for the port range, and select "0.0.0.0/0" for the source address.

　　Outbound rules (limiting server external access)

　　How to set up a security group for a newly created server to ensure network security?

　　The configuration of outbound rules is similar to that of inbound rules, but is mainly used to control the network connections initiated by the server to the outside. In general, in order to ensure the security of the server, it is recommended to restrict the outbound access of the server to a certain extent, allowing the server to access only specific domain names or IP addresses to prevent the server from being maliciously used as an attack springboard.

　　Save and apply security group settings

　　Check rule configuration

　　After completing the configuration of the security group rules, carefully check the settings to ensure that the rules meet the expected security requirements, especially pay attention to the accuracy of key information such as port range, source address, and destination address.

　　Save and Apply

　　After confirmation, click the "Save" or "Apply" button to save and apply the newly created security group to the specified server instance. In Alibaba Cloud, after creating a security group, you also need to add the server instance to the security group to make the security group rules effective.

　　Verify whether the security group settings are effective

　　Check the server network connection

　　Log in to the server instance through remote connection or other means, try to access the server's specified port and service from the outside, and check whether it can be accessed normally. If it can be accessed normally, it means that the security group settings have taken effect.

　　For Web servers, you can enter the server's IP address or domain name in the browser to see if the website page can be opened normally.

　　View security group logs (optional)

　　Some cloud service providers also provide security group log functions, which can view the matching status of security group rules and network traffic information. By viewing the logs, you can further understand the operation of the security group and promptly discover and solve potential security problems.