Security Considerations

When working on cloud-based infrastructure, which must necessarily have some connection to the internet, there is no way to make your instances absolutely secure. There are many aspects to security, including countless unknown variables introduced by user-defined software/workloads. That beings said, there are steps you can take to make your setup more secure.

Allocation

Never add anyone to your allocation that you don’t know or trust.

Any student that gets added to your allocation will have the ability to create and destroy resources at will. We recommend having a discussion with your students ahead of time, laying down ground rules, and clearly defining expectations. Some instructors may even elect to include consequences in their sylabus for students who act maliciously, such as deleting other students’ resources.

When your course is finished and students are done using Jetstream2 resources through your allocation, shut down or delete your resources and remove students from your allocation.

Firewalls

Instances launched from the Exosphere interface come with a very permissive security group ruleset. Noteabely, all inbound TCP ports are open by default. During the process for Creating a Standard Image we recommend setting up a host-based firewall prior to snapshotting your instance. This way, every instance you or your students boot using that image will be more secure. Please see Firewalls for more information about setting up a basic but secure firewall.