Overview

Introduction

Welcome to the Securing a Cloud Solution - Part 1 Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Defining Security Groups for OpenStack Instances

After completing this lab, you will be able to:

  • Create a security group for an instance and add a required rule to it

Exam Objectives

The following exam objectives are covered in this lab:

CV0-002 1.9 Given a scenario, apply elements required to extend the infrastructure into a given cloud solution

CV0-002 2.1 Given a scenario, apply security configurations and compliance controls to meet given cloud infrastructure requirements

  • CV0-002 2.1.B Apply security standards for the selected platform
  • CV0-002 2.1.H Appropriate configuration for the applicable platform as it applies to compute
  • CV0-002 2.1.H.I Disabling unneeded ports and services

CV0-002 2.2.A Given a scenario, apply the appropriate ACL to the target objects to meet access requirements according to a security template

  • CV0-002 2.2.A.II.c System
  • CV0-002 2.2.A.II.c.ii Networks

Lab Duration

It will take approximately 30 minutes to complete this lab.

Exercise 1 - Defining Security Groups for OpenStack Instances

Security for a cloud configuration cannot be over-emphasized. Defining and implementing access rules is a common and effective method of ensuring authorized and trusted access to the cloud and its resources.

Access rules for a similar service can be combined together into a security group.

When you launch an instance of OpenStack, you can create new security groups or assign one or more existing security groups to it. If you do not create/assign security group(s) to the instance created, new instances are automatically assigned to the default security group.

OpenStack provides security groups for both hosts and the network to add defense in depth for the virtual machines in each instance that are created. These are similar to firewalls on a host, as they allow or deny incoming traffic based on the following port, protocol, and address. However, in an OpenStack instance, security group rules are applied to incoming traffic only, while host-based firewall rules can be applied to both incoming as well as outgoing traffic.

Setting up the security rules and groups can cause that legitimate traffic can be denied. Therefore, it is recommended that security groups are configured correctly for the networking being used.

In this exercise, you will create a security group to allowSSH access and a security group to allowHTTPandHTTPS access..

Learning Outcomes

After completing this exercise, you will be able to:

  • Create a security group for an instance and add a required rule to it.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.