Welcome to the Securing a Cloud Solution - Part 1 Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.
In this module, you will complete the following exercises:
- Exercise 1 - Defining Security Groups for OpenStack Instances
After completing this lab, you will be able to:
- Create a security group for an instance and add a required rule to it
The following exam objectives are covered in this lab:
CV0-002 1.9 Given a scenario, apply elements required to extend the infrastructure into a given cloud solution
CV0-002 2.1 Given a scenario, apply security configurations and compliance controls to meet given cloud infrastructure requirements
- CV0-002 2.1.B Apply security standards for the selected platform
- CV0-002 2.1.H Appropriate configuration for the applicable platform as it applies to compute
- CV0-002 2.1.H.I Disabling unneeded ports and services
CV0-002 2.2.A Given a scenario, apply the appropriate ACL to the target objects to meet access requirements according to a security template
- CV0-002 2.2.A.II.c System
- CV0-002 2.2.A.II.c.ii Networks
It will take approximately 30 minutes to complete this lab.
Exercise 1 - Defining Security Groups for OpenStack Instances
Security for a cloud configuration cannot be over-emphasized. Defining and implementing access rules is a common and effective method of ensuring authorized and trusted access to the cloud and its resources.
Access rules for a similar service can be combined together into a security group.
When you launch an instance of OpenStack, you can create new security groups or assign one or more existing security groups to it. If you do not create/assign security group(s) to the instance created, new instances are automatically assigned to the default security group.
OpenStack provides security groups for both hosts and the network to add defense in depth for the virtual machines in each instance that are created. These are similar to firewalls on a host, as they allow or deny incoming traffic based on the following port, protocol, and address. However, in an OpenStack instance, security group rules are applied to incoming traffic only, while host-based firewall rules can be applied to both incoming as well as outgoing traffic.
Setting up the security rules and groups can cause that legitimate traffic can be denied. Therefore, it is recommended that security groups are configured correctly for the networking being used.
In this exercise, you will create a security group to allowSSH access and a security group to allowHTTPandHTTPS access..
After completing this exercise, you will be able to:
- Create a security group for an instance and add a required rule to it.
See the full benefits of our immersive learning experience with interactive courses and guided career paths.