using aws In the Hands on Projects for this module, you created security rules that allowed traffic from any source to help with initial testing In this project, you will restrict the traffic source to a single VM instance Imagine you work for a small company that is building its first website hosted in the cloud The company will have one VM as a web server and a second VM in a different VPC or VNet as a database server The web server should be accessible from the open Internet, but the database server should only allow communication with the web server Before opening ports for web traffic and database traffic, you want to ensure you have your security rules set appropriately You decide to start with pings, which use ICMP and are easy to test You'll need a source VM (your web server instance) and a target VM (your database server instance) in two separate VPCs or VNets You need to prove that you can ping your target VM from your source VM but not from your local computer While there are more secure ways to do this, in this scenario, you will place the target VM in a public subnet so that you can determine how to use security rules to control traffic to the target VM Complete the following steps Create two VPCs with one subnet each, either in the same cloud platform or in two different cloud platforms (Your instructor might require that you use the same cloud platform for this project or two cloud platformscheck with your instructor for specific requirements ) Make sure both subnets have access to the Internet For example, in AWS, you'll need to add an Internet gateway to each subnet and add an Internet route to each subnet's route table Create a VM instance in each subnet Make sure each VM receives a public IP address What public IP address is assigned to your VMs Configure security rules that allow ICMP traffic from any source to your target VM so you can confirm the target VM will respond successfully to pings Get a working ping from your local computer to your target VM before proceeding Configure security rules that allow SSH or RDP connections to your source VM Remote into the source VM Configure security rules that only allow ICMP traffic from your source VM to your target VM What rules did you add What effect do you expect each rule to have on traffic to and from each VM Run a ping from the source VM to the target VM that shows ICMP traffic is reaching the target VM Take a screenshot showing the output include this visual with your answers to this project's questions Run a ping from your local computer to your target VM that shows ICMP traffic from other sources cannot reach the target VM Take a screenshot showing the output include this visual with your answers to this project's questions Delete all resources created in this Capstone project Check through your account to confirm that all related resources have been deleted

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Nov 04, 2024

using aws In the Hands-on Projects for this module, you created security rules that allowed traffic from any source to help with initial testing. In

using aws

In the Hands-on Projects for this module, you created security rules that allowed traffic from any source to help with initial testing. In this project, you will restrict the traffic source to a single VM instance.

Imagine you work for a small company that is building its first website hosted in the cloud. The company will have one VM as a web server and a second VM in a different VPC or VNet as a database server. The web server should be accessible from the open Internet, but the database server should only allow communication with the web server.

Before opening ports for web traffic and database traffic, you want to ensure you have your security rules set appropriately. You decide to start with pings, which use ICMP and are easy to test. You'll need a source VM (your web server instance) and a target VM (your database server instance) in two separate VPCs or VNets. You need to prove that you can ping your target VM from your source VM but not from your local computer. While there are more secure ways to do this, in this scenario, you will place the target VM in a public subnet so that you can determine how to use security rules to control traffic to the target VM.

Complete the following steps:

Create two VPCs with one subnet each, either in the same cloud platform or in two different cloud platforms. (Your instructor might require that you use the same cloud platform for this project or two cloud platformscheck with your instructor for specific requirements.) Make sure both subnets have access to the Internet. For example, in AWS, you'll need to add an Internet gateway to each subnet and add an Internet route to each subnet's route table.
Create a VM instance in each subnet. Make sure each VM receives a public IP address. What public IP address is assigned to your VMs?
Configure security rules that allow ICMP traffic from any source to your target VM so you can confirm the target VM will respond successfully to pings. Get a working ping from your local computer to your target VM before proceeding.
Configure security rules that allow SSH or RDP connections to your source VM. Remote into the source VM.
Configure security rules that only allow ICMP traffic from your source VM to your target VM. What rules did you add? What effect do you expect each rule to have on traffic to and from each VM?
Run a ping from the source VM to the target VM that shows ICMP traffic is reaching the target VM. Take a screenshot showing the output; include this visual with your answers to this project's questions.
Run a ping from your local computer to your target VM that shows ICMP traffic from other sources cannot reach the target VM. Take a screenshot showing the output; include this visual with your answers to this project's questions.
Delete all resources created in this Capstone project. Check through your account to confirm that all related resources have been deleted.