CNIT271_Lab3_Fall2023-1

pdf

School

Cornell University *

*We aren’t endorsed by this school

Course

5011

Subject

Information Systems

Date

Oct 30, 2023

Type

pdf

Pages

Uploaded by EarlRiverLapwing18

CNIT 27100 Cybersecurity Fundamentals II, Fall 2023 Lab 3: Cloud Computing Architecture and Security Due Date: Oct 14, 2023, 11:59 pm Objectives : • Investigate and perform hand-on activities on two real-world cloud computing platforms: • Identify security mechanisms (access control mechanisms/models) and gain experience with cloud security tools in these two cloud platforms o Amazon Web Services (AWS) Type: Individual Deliverables : o Lab Report Required: Yes Notes : • You can use your Windows and/or Linux machine to complete this lab assignment. • For any resource that you create in the AWS cloud, make sure to name it based on your groupnumber_resourcename. This ensures to keep your resources separate from other students’ resources. Do not alter other stud ents’ resources in the cloud. Instructions: Task 1. (35 points) Go to the AWS cloud account and login to the AWS Management console - https://aws.amazon.com/ a. The login information is posted on the Brightspace (username and password). Go to Brightspace, in Lab3 assignment. This will give you access to the AWS cloud console – Dashboard (take a screenshot showing all the components being reflected in the dashboard) . Now, in AWS cloud platform, your account is main entry for using any services in the cloud. Once you login, the first thing to do is select appropriate region (select US East for this lab) from the dropdown at the top on right hand side.

Within an account, the administrator can create a set of users and assign them permissions. Each user can login to the account using their user ID and password, and then use cloud resources within that account. b. Now, you can start exploring the AWS cloud services by clicking on the Navigation Menu as shown in Figure 1. To find different products/services, scroll through the Navigation and find desired product. (Note: Remember to take screenshots as you work through the cloud products/services.) First, go to Security, Identity, and Compliance >> IAM. i. What do you see here? (include screenshot and discuss what do you understand from the dashboard you are seeing here) There is an account ID assigned to every account which is sensitive information that you should not share with anyone, only with a trusted group if needed. The users in that account will need the account ID to login along with the Sign-in URL to login, posted in Brightspace. ii. Now, in IAM, you should be able to create new users for this account (make sure to name the users starting with groupnumber_userxx ) and assign them roles and policies which defines what access they have in the AWS account. Go to Users >> Add Users. You can define a user name and add them with specific access and credentials. Figure 1

- Next, create Roles and add permissions to these roles. While adding permissions, expand the policy names to check the policy format. There are a set of default policies, but you can also create your own policy by clicking on Create Policy (you don’t need to create a new policy, but explore how policy can be created, what are the different components, at the end, after selecting different options, you can cancel or delete the policy). Make sure to take screenshots of the steps. iii. Answer the following questions here. ( Note: you will need to review AWS Cloud Documentation - https://docs.aws.amazon.com/ to answer these questions.) - What is the difference between Roles and Policies in AWS cloud? - What are the different components of a AWS policy and its meaning? - What access control model (e.g., RBAC) is AWS using? Is it one or a combination of different mechanisms/models? - While creating users, you can assign Tags (key-value pairs). What are these tags and how they might be used? - What are Access Keys and the purpose of creating these keys? Should it be shared with others? Task 2 (30 points): a. Now, explore other services → Compute >> EC2 >> Launch Instance . There are several options available but for this task, you need to create a Linux virtual machine (Ubuntu 22.xx or higher) and then select t2.micro to be within the free tier limit. Set default configurations and configure a security rule for SSH access and make sure Port 22 is open ( there will be a default rule created for it, so keep it) . In the final step, Review Instance Launch take a screenshot for all your configurations. Also, remember to keep default settings for Network, Storage, and no changes in the Advanced details . i. Now, configure a secure way to remotely access your VM, you might get an option to set-up an existing key-pair. See the screenshot below. Make sure to

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

create a new key pair, give it a name, and then download key pair since you will use it later to access the VM instance.

ii. Now, the instance is created, so click on it and check the details, e.g., IP address, and other information. There is a Security tab, click on it and check what are the different options available for the VM. iii. Create a new IAM role (for allowing full IoT access) for your VM instance and add it to the VM. Make sure to take screenshots of the role creation and assignment steps. iv. Next, you need to access this VM using SSH. [Hint: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstances. html?icmpid=docs_ec2_console ) Make sure to use the private that you created earlier while creating the VM instance for securely logging in to the VM. - For Windows users (use your Windows VM in studentVC cluster for this), you can use OpenSSH or Putty to access the VM (instructions are given at the link above). OR - For Linux or Mac users (use your Linux VM in studentVC cluster for this), you can use a SSH client to remotely login to the VM. v. Once you have successfully completed all the tasks, make sure STOP the VM instance. Otherwise, your VM may get automatically removed. Task 3: (15 points) Explore other AWS services a. Now, another service to investigate is Compute >> Lambda >> Functions . Create a new Lambda Function in AWS cloud platform and use the Python hello world function blueprint to create your first Lambda function. You need to run the function and take a screenshot of the output (include a screenshot for this). Make sure to check specific roles and permissions/policies created or assigned to the function (include screenshot for this). b. The last service to explore is AWS Storage >> S3 in AWS Console. Create a bucket where you will create your first bucket to store your data. Click on Create Bucket and follow the configurations. Discuss best security practices and assign desired policies to it and justify and explain which policy you assigned and why. Documentation: https://docs.aws.amazon.com/AmazonS3/latest/userguide/GetStartedWithS3.html

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Show how you stored an object in your bucket. Make sure to include screenshots for this. Bonus points: 6 points vi. Go to Database >> Dynamo DB . Documentation: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowIt Works.CoreComponents.html?icmpid=docs_dynamodb_help_panel_hp_table #HowItWorks.CoreComponents.TablesItemsAttributes View the video available for Dynamo DB. Include keywords you hear in the video which are mentioned in our lecture (e.g., SLAs – Service Level Agreements). i. Create a table in Dynamo DB ( Employee_yourgroupnameandnumber) and add a primary key ( Emp_ID ). ii. Investigate what levels of permissions or policies can be assigned for the table. iii. Is data encrypted at rest? Include a screenshot to show this. Deliverables : • Lab Report Required: Yes o Create a lab report in word/pdf with all the lab work and completed tasks. o Answer all the questions for each task. o Must include any diagrams, screenshots and notes on tasks/actions completed for the lab. Grading Rubric • All the tasks must be completed to receive full points for each task. • Attendance is 10% of the lab points. • Follow the lab report template provided for Lab 1. Lab Report Template: - Front page (with course and your information, date of submission, etc.) - Lab Objectives: ▪ A summary of what are the tasks completed in the lab assignment, what did you understand and learn from the assignment, etc.

- For each task, complete all steps. Take multiple screenshots to show the completion of all the tasks. Also, make sure to include explanation/description below the screenshot to demonstrate your understanding of the concepts being covered in the lab assignment. - Answer all the questions. - Troubleshooting tasks, if any. - References: ▪ Make sure to cite all the sources referred while completing the lab assignment. - Appendices (Optional) ▪ Any additional information you would like to include. Network Information: For student VMs, the network details are given as follows. • CNIT271Gxx : 44.67.xx.1/16 where xx is the group number. Every student have their own groups. Example: • If I am using CNIT271G96 folder, then following information will be set on my machine. • IP Address: 44.67.96.10 (assuming 10 is allowed IP address). Also, 44.67.xx.1-3 are reserved for internal routing, so avoid using these IP addresses for your VMs. • Gateway IP Address: 44.67.0.1 • Subnet Mask – 16 (255.255.0.0) • DNS: 44.2.1.44, 44.2.1.45