Scribd Logo
Upload

Welcome to Scribd!

  • Infrastructure Security Network

    Uploaded by

    tinytribe20
    7 views24 pages

    Original Title

    Infrastructure_Security_Network

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    7 views24 pages

    Infrastructure Security Network

    Uploaded by

    tinytribe20

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 24

    Practices for Lesson:

    Infrastructure Security -
    Network
    Practice: Create a VCN

    Tasks

    1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
    and click Networking  Virtual Cloud Networks.

    2. On the Virtual Cloud Networks page, click Start VCN Wizard Button.

    Copyright © 2021, Oracle and/or its affiliates.

    24 Practices for Lesson: Infrastructure Security - Network


    3. In the Start VCN Wizard page, accept the default and click Start VCN Wizard button.

    4. On the Configuration page, enter the following and click Next Button:
    Name - CloudNet

    5. Verify the details on the Review and Create page; click Create button.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 25


    6. Once the VCN resources are created, click View Virtual Cloud Network button.

    7. Verify that VCN and other VCN components are created.

    This completes the task of creating VCN.

    Copyright © 2021, Oracle and/or its affiliates.

    26 Practices for Lesson: Infrastructure Security - Network


    Practice: Create Security List

    Tasks

    1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
    and click Networking  Virtual Cloud Networks.

    2. Click the CloudNet link to display the VCN details.

    3. In the Resources section, click the Security Lists link.

    4. On the Security Lists screen, click Create Security List button.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 27


    5. On the Create Security List page, enter the following and click Create Security List button:
    Name – SL-WebServer

    6. On Security Lists screen, click the SL-WebServer link to view Security List details.

    7. On the Security Details screen, click Add Ingress Rules button.

    Copyright © 2021, Oracle and/or its affiliates.

    28 Practices for Lesson: Infrastructure Security - Network


    8. On the Add Ingress Rules page, enter the following and click Add Ingress Rules button:
    Source CIDR – 0.0.0.0/0
    IP Protocol – TCP
    Destination Port Range – 80

    9. From the breadcrumb on top left, navigate back to CloudNet VCN.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 29


    10. In the Resources section, click the Subnets link.

    11. Click the Public Subnet-CloudNet link, which will display the subnet details.

    12. Click Add Security List button.

    Copyright © 2021, Oracle and/or its affiliates.

    30 Practices for Lesson: Infrastructure Security - Network


    13. On Add Security List page, select the SL-WebServer Security List and click Add Security
    List Button.

    This completes the task of creating security list.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 31


    Practice: Create Web Server Instances

    Tasks

    1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
    and click Compute  Instances.

    2. Create a new compute instance with the following details:


    Name – WebServer01
    Image – Oracle Linux 7.9
    Shape – VM.Standard2.1
    Network – CloudNet
    Subnet – Public Subnet-CloudNet (Regional)
    Public IP Address – Choose Assign a public IPv4 address
    Add SSH Keys – Add a generated public key

    3. After the compute instance is created, note down the public IP of the instance and connect
    to the instance using SSH.
    Note: Allow few minutes and retry if SSH connection is rejected.

    4. After connecting to the compute instance, run the following commands to install and
    configure Apache Web server.

    sudo yum -y install httpd


    sudo firewall-cmd --permanent --add-port=80/tcp
    sudo firewall-cmd --reload
    sudo systemctl start httpd
    sudo bash -c 'echo You are visiting Web Server 1 >>
    /var/www/html/index.html'

    5. After executing all the commands successfully, open a browser in your local system and
    open the URL http://<Public IP of Web Server01>.

    Copyright © 2021, Oracle and/or its affiliates.

    32 Practices for Lesson: Infrastructure Security - Network


    6. Verify that Web Server 1 is accessible, and the browser will display the message given
    below:

    7. Following the same steps as given above, create another compute instance WebServer02.
    Install and configure Apache Web Server in WebServer02. Change the echo command to
    reflect Web Server 2.

    8. After executing all the commands successfully, open a browser in your local system and
    open the URL http://<Public IP of Web Server02>.

    9. Verify that Web Server 2 is accessible, and the browser will display the message given
    below:

    This completes the task of creating web servers.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 33


    Practice: Create Network Security Group

    Tasks

    1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
    and click Networking  Virtual Cloud Networks.

    2. Click the CloudNet link to view the details of the VCN.

    3. Click the Network Resources Groups link under Resources.

    4. Click Create Network Security Group button to create a new NSG.

    Copyright © 2021, Oracle and/or its affiliates.

    34 Practices for Lesson: Infrastructure Security - Network


    5. On the Create Network Security Group page, enter the following and click Next button.
    Name – NSG-SSL

    6. On the Security Rules Page, enter the following and click Create Button.

    Source Type – CIDR


    Source CIDR – 0.0.0.0/0
    IP Protocol – TCP
    Destination Port Range – 443

    7. Verify the NSG is created successfully.

    This completes the task of creating NSG.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 35


    Practice: Create a Self-Signed Certificate

    Tasks
    1. Log in to OCI with the credentials provided. Click the Cloud Shell button at the right corner
    of the page to open Cloud Shell.

    2. Once the Cloud Shell is opened, enter the below command to generate a CSR (Certificate
    Signing Request).

    openssl req -out ocilb.csr -new -newkey rsa:2048 -nodes -keyout


    ocilb.key

    3. Enter the details prompted as shown below. Note down the password entered.

    4. Enter the command below to generate a Self-Signed Certificate:

    openssl x509 -signkey ocilb.key -in ocilb.csr -req -days 365 -out
    ocilb.crt

    Copyright © 2021, Oracle and/or its affiliates.

    36 Practices for Lesson: Infrastructure Security - Network


    5. Verify that the Self-Signed Certificate gets created as shown below:

    This completes the task of creating a Self-Signed Certificate.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 37


    Practice: Create a Secure Load Balancer

    Overview
    In this practice, you will create a load balancer with SSL Termination configuration as shown
    below.

    Assumptions
    You have completed the previous practice of creating a Self-Signed Certificate.

    Tasks

    1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
    and click Networking  Load Balancers.

    2. Click Create Load Balancer button to create a new load balancer.

    Copyright © 2021, Oracle and/or its affiliates.

    38 Practices for Lesson: Infrastructure Security - Network


    3. In the Select Load Balancer Type page, accept the default Load Balancer and click Create
    Load Balancer button to create a new load balancer.

    4. On the Add Details page, enter the following and click Next button.
    Load Balancer Name – Lb01
    Virtual Cloud Network – CloudNet
    Subnet – Public Subnet-CloudNet (regional)

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 39


    5. On Choose Backends page, click Add Backends button.

    Copyright © 2021, Oracle and/or its affiliates.

    40 Practices for Lesson: Infrastructure Security - Network


    6. On Add Backends page, select compute instances WebServer01 and WebServer02 and
    click Add Selected Backends button.

    7. Go to Cloud Shell and run the below command to display the certificate details:
    cat ocilb.crt

    8. Copy the text from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.

    9. Go to Configure Listener page, and in SSL Certificate section, select Load Balancer
    Managed Certificate from Certificate Resource.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 41


    And select Paste SSL Certificate option. Paste the certificate contents copied from Cloud
    Shell.

    10. Go to Cloud Shell and run the below command to display the private key details:
    cat ocilb.key

    11. Copy the text from -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----.

    Copyright © 2021, Oracle and/or its affiliates.

    42 Practices for Lesson: Infrastructure Security - Network


    12. Go back to Configure Listener page, and in SSL Certificate section, click the Specify
    Private Key check box. Select Paste Private Key option. Paste the private key contents
    copied from Cloud Shell.

    13. Enter the password used while creating the Self-Signed Certificate in the field Enter
    Private Key Passphrase.

    14. Verify that the page looks like the one shown below and click Submit button.

    15. Wait for the load balancer to be provisioned and the status to become Active.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 43


    16. In the Load Balancer Information section, click Edit link next to Network Security Groups.

    17. On the Edit Network Security Groups page, select NSG-SSL and click Save Changes
    button.

    18. Note down the public IP address of Lb01 Load Balancer.

    19. Open a browser in your local system and open the URL https://<Public IP of Lb01>
    If warning on self-signed certificate is shown, then accept and continue.

    20. Verify that Web Server 1 or 2 is accessible, and the browser will display any one of the
    messages given below.

    21. This demonstrates securing Load Balancer in OCI and using NSG to allow port 443.

    Copyright © 2021, Oracle and/or its affiliates.

    44 Practices for Lesson: Infrastructure Security - Network


    22. Refresh the browser and observe that the response changes between Web Server 1 and
    Web Server 2. This indicates that the load balancer is distributing the requests based on
    Weighted Round Robin algorithm.

    This completes the task of creating a secure load balancer.

    Copyright © 2021, Oracle and/or its affiliates.

    Practices for Lesson: Infrastructure Security - Network 45


    Copyright © 2021, Oracle and/or its affiliates.

    46 Practices for Lesson: Infrastructure Security - Network

    You might also like