ITE-5210 Advanced Operating Systems

Assignment 05
Due Date: 10th April 2020
Student#: N01326749 Section: 0NA Name: Madhav Reddy Chintapalli

Instructions:
1. Lab Activity to be submitted in Microsoft word document.
2. Replace Student# by your student number and MyName by your first and last name at the top of this document.
3. Rename this document by replacing the following in this document name:
a) Student# by your student number and
b) MyName by your first name and last name separated by the “-” character
4. Kindly follow the below steps, Tasks are to be done in sequence.
5. Submit the document via Blackboard.

Task 1 - Firewall and Security

1) What is a firewall.
2) Name different Types of Firewalls Techniques for network security.
3) How you can allow or block http requests from your AWS EC2 instance. Review your AWS EC2 configuration to answer
this question.

Task 2 – Cloud Services

1) Explain the following related to S3

a) Amazon S3
b) Bucket
c) Objects
d) keys
e) Regions
2) What is an elastic IP?
3) What is Amazon EBS volume.

Any time you are stuck in the assignment, please drop me a course message.

Task1
1. Firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or
block specific traffic based on a defined set of security rules.
2. Types of firewalls

Proxy firewall
serves as the gateway from one network to another for a specific application.
provide additional functionality such as content caching and security by preventing direct connections from outside the network.

Stateful inspection firewall

allows or blocks traffic based on state, port, and protocol.
monitors all activity from the opening of a connection until it is closed.
Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from
previous connections and packets belonging to the same connection.

Unified threat management (UTM) firewall

combines the functions of a stateful inspection firewall with intrusion prevention and antivirus
includes additional services and often cloud management.

1 Of 4
 ITE-5210 Advanced Operating Systems
Assignment 05
Due Date: 10th April 2020
Student#: N01326749 Section: 0NA Name: Madhav Reddy Chintapalli

focuses on simplicity and ease of use.

Next-generation firewall (NGFW)

blocks modern threats such as advanced malware and application-layer attacks.
includes

Standard firewall capabilities like stateful inspection

Integrated intrusion prevention
Application awareness and control to see and block risky apps
Upgrade paths to include future information feeds
Techniques to address evolving security threats

Threat-focused NGFW
includes all the capabilities of a traditional NGFW and also provide advanced threat detection and remediation.
Know which assets are most at risk with complete context awareness
Quickly react to attacks with intelligent security automation that sets policies and hardens your defenses dynamically
Better detect evasive or suspicious activity with network and endpoint event correlation
Greatly decrease the time from detection to cleanup with retrospective security that continuously monitors for suspicious
activity and behavior even after initial inspection
Ease administration and reduce complexity with unified policies that protect across the entire attack continuum

3.
To allow or block traffic on port 80 and 443, you must configure the associated security group and network access control list
(network ACL).

Security group rules

For HTTP traffic, add an inbound rule on port 80 from the source address 0.0.0.0/0. For HTTPS traffic, add an inbound rule on port
443 from the source address 0.0.0.0/0. These inbound rules allow traffic from IPv4 addresses. To allow IPv6 traffic, add inbound rules
on the same ports from the source address ::/0.

Inbound rules
Type Protocol Port Range Source

HTTP (80) TCP (6) 80 0.0.0.0/0

HTTP (80) TCP (6) 80 ::/0

HTTPS (443) TCP (6) 443 0.0.0.0/0

HTTPS (443) TCP (6) 443 ::/0

Network ACL

The default network ACL allows all inbound and outbound traffic. If you use a custom network ACL with more restrictive rules, then
explicitly allow traffic on port 80 and 443.

Inbound rules

2 Of 4
 ITE-5210 Advanced Operating Systems
Assignment 05
Due Date: 10th April 2020
Student#: N01326749 Section: 0NA Name: Madhav Reddy Chintapalli

Rule # Type Protocol Port Range Source Allow/Deny

100 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW

101 HTTPS (443) TCP (6) 443 0.0.0.0/0 ALLOW

102 HTTP (80) TCP (6) 80 ::/0 ALLOW

103 HTTPS (443) TCP (6) 443 ::/0 ALLOW

* ALL Traffic ALL ALL ::/0 DENY

* ALL Traffic ALL ALL 0.0.0.0/0 DENY

Outbound rules
Rule # Type Protocol Port Range Destination Allow/Deny

100 Custom TCP Rule TCP (6) 1024-65535 0.0.0.0/0 ALLOW

101 Custom TCP Rule TCP (6) 1024-65535 ::/0 ALLOW

* ALL Traffic ALL ALL ::/0 DENY

* ALL Traffic ALL ALL 0.0.0.0/0 DENY

Task 2
1.
a.
Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers.

Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from
anywhere on the web. It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure
that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those
benefits on to developers.

b.
To upload your data (photos, videos, documents etc.) to Amazon S3, you must first create an S3 bucket in one of the AWS Regions.
You can then upload any number of objects to the bucket.

In terms of implementation, buckets and objects are resources, and Amazon S3 provides APIs for you to manage them. For example,
you can create a bucket and upload objects using the Amazon S3 API. You can also use the Amazon S3 console to perform these
operations. The console uses the Amazon S3 APIs to send requests to Amazon S3.

c.
Data is stored as objects within resources called “buckets”, and a single object can be up to 5 terabytes in size. S3 features include
capabilities to append metadata tags to objects, move and store data across the S3 Storage Classes, configure and enforce data

3 Of 4
 ITE-5210 Advanced Operating Systems
Assignment 05
Due Date: 10th April 2020
Student#: N01326749 Section: 0NA Name: Madhav Reddy Chintapalli

access controls, secure data against unauthorized users, run big data analytics, and monitor data at the object and bucket levels.
Objects can be accessed through S3 Access Points or directly through the bucket hostname.

d.
 Each Amazon S3 object has data, a key, and metadata.
 The object key (or key name) uniquely identifies the object in a bucket. Object metadata is a set of name-value pairs.
 You can set object metadata at the time you upload it.
 After you upload the object, you cannot modify object metadata. The only way to modify object metadata is to make a copy
of the object and set the metadata.

e.
 Amazon S3 creates buckets in a Region you specify. T
 optimize latency, minimize costs, or address regulatory requirements, choose any AWS Region that is geographically close to
you.
 Objects that belong to a bucket that you create in a specific AWS Region never leave that Region, unless you explicitly
transfer them to another Region.

2.
 static IPv4 address designed for dynamic cloud computing.
 associated with your AWS account.
 mask the failure of an instance or software by rapidly remapping the address to another instance in your account.
 public IPv4 address.
 If your instance does not have a public IPv4 address, you can associate an Elastic IP address with your instance to enable
communication with the internet.

3.
 Durable, block-level storage device that you can attach to one instance or to multiple instances at the same time.
 You can use EBS volumes as primary storage for data.
 You can also use them for throughput-intensive applications that perform continuous disk scans.
 EBS volumes persist independently from the running life of an EC2 instance.
 You can attach multiple EBS volumes to a single instance. The volume and instance must be in the same Availability Zone.
 After you attach a volume to an instance, you can use it like any other physical hard drive.
 EBS volumes are flexible.
Amazon EBS provides the following volume types: General Purpose SSD (gp2), Provisioned IOPS SSD (io1), Throughput Optimized
HDD (st1), Cold HDD (sc1), and Magnetic (standard, a previous-generation type). They differ in performance characteristics and price,
allowing you to tailor your storage performance and cost to the needs of your applications.

4 Of 4