This project will take a team of students through the process of setting up a basic cloud-based infrastructure simulating a High-Performance Computing (HPC) environment. The setup will involve preparing cloud instances, configuring network routing, and establishing firewall and DNS rules.

Network Rerouting Project

This project will take a team of students through the process of setting up a basic cloud-based infrastructure simulating a High-Performance Computing (HPC) environment. The setup will involve preparing cloud instances, configuring network routing, and establishing firewall and DNS rules. The project is divided into 5 weeks, each with specific tasks aimed at building a functional system with a head node and a compute node.

Week 1: Preparing Cloud Instances as Head Node and Compute Node

Set up and configure two compute nodes, one as a head node and the other as a compute node, to begin establishing the foundation of the cloud infrastructure.

• Topics: Prepare your head node and compute node virtual machines
• Tasks:
  • Redeploy your cluster infrastructure on Sebowa
  • Familiarize yourself with GitHub Project Management tools

Week 2: Configuring Network Routing Between Head and Compute Node

• Topics: Ensure that the compute node routes its traffic through the head node for improved control and monitoring. The compute node's next hop will be configured to point to the head node.

• Tasks:

  • Configure Network Routing on Compute Node:

    • Modify the route table of the compute node so that its next hop for all outbound traffic is the head node.
    • Ensure that the compute node does not communicate with external networks directly but routes its traffic through the head node.

  • Test the Routing Configuration:

    • Ensure that the compute node cannot reach the internet or other internal/ external resources directly.
    • Verify that all traffic from the compute node goes through the head node by running network diagnostics like traceroute or netstat.

  • Enable IP Forwarding on the Head Node:

    • On the head node, enable IP forwarding so that it can route traffic between the compute node and the wider network (if needed for further configurations or internet access).
    • Update the network configuration to persist after a reboot (e.g., using sysctl on Linux).

  • Apply Firewall Rules (Preliminary):

    • Restrict traffic between the head node and compute node to necessary ports (e.g., SSH, web ports).
    • Block any unintended external traffic on the compute node until routing through the head node is confirmed.

• Deliverable:

  • Configuration files showing updated route tables and network configurations.
  • Evidence of successful routing, such as output from traceroute and tests confirming all traffic goes through the head node.

Week 3: Configuring Firewall and DNS on the Head Node

• Topics: Secure the cloud infrastructure by configuring firewall rules and setting up DNS on the head node for routing and traffic control.

• Tasks:

  • Configure the head node’s firewall:

    • Only allow inbound traffic on necessary ports (e.g., SSH, web ports).
    • Restrict outbound traffic from the compute node to flow only through the head node.
    • Configure the firewall to drop any other traffic by default (deny-all policy) to ensure maximum security.

  • Install and configure DNS on the head node:

    • Ensure that the head node handles name resolution requests from the compute node.
    • Set up DNS entries for internal communication between the head node and compute node (e.g., map the static IP addresses to meaningful hostnames).
    • Test name resolution from the compute node to verify that DNS queries are being processed by the head node.

  • Test firewall configurations to ensure that only the required traffic is permitted:

    • Try to access blocked services from the compute node to confirm they are denied.
    • Test the allowed services to ensure they function correctly (e.g., SSH and job scheduling).
    • Test the DNS configuration to ensure the compute node can resolve the head node’s hostname and any other necessary internal DNS entries.

  • Implement additional security hardening measures:

    • SSH key-based authentication only (disable password logins).
    • Limiting login attempts or enabling fail2ban to prevent brute force attacks.
    • Disable any unnecessary services on both nodes to reduce attack surfaces.

• Deliverable:

  • Firewall configuration files and rules (e.g., iptables, nftables rules or cloud security group settings).
  • DNS configuration files or cloud DNS settings.
  • Evidence of successful firewall and DNS configuration, such as logs or test outputs showing blocked/allowed traffic and proper DNS resolution.

Week 4: Prepare GitHub Markdown Documentation

• Topics: Document the steps involved in your network re-rerouting, firewall / DNS deployment and security hardening measures.
• Tasks:
  • Prepare user documentation for someone else to be able to reproduce your steps

Week 5: Submit a Pull Request to the Selection Round Project

• Topics: Add section 14 to Tutorial 2 describing the Network Security Hardening Measures you've implemented:
  • Internal Networking Routing
  • Firewall Configuration
  • DNS Configuration
  • Additional Security Hardening Strategies
• Tasks:
  • Create a feature branch that adds a section with pictures to the tutorial content
  • Submit a PR

Week 6: Final Project Poster Presentations and Discussions

• Tasks:
  • Students will present their findings on Network Security Hardening.
  • Discuss challenges and insights gained throughout the project