Open nyameko opened 3 weeks ago
Hi Team @lisabeeaan @thinker-bell @JCheney20 @Ghost-3342
As week 3 is ending, I am just checking in under week 3 tasks, hopefully your exams are still going well. Please don't hesitate to ask any questions should you have any.
Remember to @ me when you need me to attend to something so that I can get a notification and I will do the same.
All the best
Topics: Secure the cloud infrastructure by configuring firewall rules and setting up DNS on the head node for routing and traffic control.
Tasks:
Configure the head node’s firewall:
Only allow inbound traffic on necessary ports (e.g., SSH, web ports).
Restrict outbound traffic from the compute node to flow only through the head node.
Configure the firewall to drop any other traffic by default (deny-all policy) to ensure maximum security.
Install and configure DNS on the head node:
Ensure that the head node handles name resolution requests from the compute node.
Set up DNS entries for internal communication between the head node and compute node (e.g., map the static IP addresses to meaningful hostnames).
Test name resolution from the compute node to verify that DNS queries are being processed by the head node.
Test firewall configurations to ensure that only the required traffic is permitted:
Try to access blocked services from the compute node to confirm they are denied.
Test the allowed services to ensure they function correctly (e.g., SSH and job scheduling).
Test the DNS configuration to ensure the compute node can resolve the head node’s hostname and any other necessary internal DNS entries.
Implement additional security hardening measures:
SSH key-based authentication only (disable password logins).
Limiting login attempts or enabling
fail2ban
to prevent brute force attacks.Disable any unnecessary services on both nodes to reduce attack surfaces.
Deliverable:
iptables
,nftables
rules or cloud security group settings).