refactor: network blockage chapter update

content/cloud/faq/index.md

@@ -113,19 +113,19 @@ What can I do?
 - Use backup software like Borg or Restic to create an offsite incremental backup.
 - Use backup/data storage services provided by MUNI or CESNET (e. g. https://it.muni.cz/sluzby/zalohovani-bacula ).
 
-## I can't access my cloud VMs, MetaCentrum OpenStack network security protection
+## I can't access my cloud VMs. MetaCentrum OpenStack network security protection
 Access to the MetaCentrum cloud is protected by security teams [CSIRT-MU](https://csirt.muni.cz/?lang=en) and [CSIRT-CESNET](https://csirt.cesnet.cz/en/index).
 
-Some interactions with virtual servers can block access to the allocated cloud resources. This is caused by the fact, that legal SSH access to a virtual machine (VM) can be similar to a brute-force attack.
+Some interactions with allocated virtual servers may cause cloud access blockage. This is caused by the fact, that legal SSH access to a new virtual machine (VM) which is being allocated is very similar to a (SSH) brute-force attack.
 
 A newly created VM will respond to SSH connection attempts in different ways as it moves through the setup stages:
-* VM is booting and network is being established. At this stage, there is no functional connection point, and attempts will timeout.
-* SSH connection is being set. At the start of its lifetime, a VM runs the cloud-init process, which enables SSH authentication with the user's SSH key. A connection is refused, because it can't verify the user.
-* Connection is finally successfull. All setup processes are finished.
+* A) VM is booting and network is being established. At this stage, there is no functional connection point, and connection attempts will timeout.
+* B) SSH connection is being set. At the start of its lifetime, a VM runs the cloud-init process, which enables SSH authentication with the user's SSH key. A connection is refused, because it can't verify the user.
+* C) Connection is finally successfull. All setup processes are finished.
 
 When a brute-force attack is attempted, repeated unsuccessful (unauthorized) connections to the VM are made, and either timeout or refused are returned. If the attacker guesses the right credentials, he/she will eventually get connect passed.
 
-Therefore, when security systems discover a suspicious series of unsuccessfull connections, they block Your machines. This can also happen, if You were the one who initiated them by mistake.
+Therefore, when security systems discover a suspicious series of unsuccessfull connections, they block Your IP address to the allocated cloud VMs. This can also happen, if You were the one who initiated them by mistake.
 
 ### Best practices for accessing cloud resources without getting blocked
 As an example, consider a group of virtual machines, where at least one has access to the internet using an IPv4 or IPv6 public address, and they are connected by an internal network (e.g. 10.0.0.0/24).
@@ -139,7 +139,7 @@ To access other VMs on the same cloud internal network (once ssh connection to 1
 * Address all internal virtual servers with their internal address (CIDR 10.0.0.0/24) and use the machine with the public address as an entry point for traffic
 * Use the steps above to connect – wait for ACTIVE and try a port connection
 
-### How to check, whether cloud resources are blocked
+### How to check, whether you are blocked
 Run the following bash script from the machine, where you believe you got blocked (A), and also from another one located in another IP network segment (B, for instance VM in other cloud):
 
 ```sh
@@ -169,7 +169,5 @@ function test_cloud_access() {
 }
 ```
 
-### How to report issue and get unblocked
-If You are suspecting, that Your virtual machines are blocked, You should contact support by sending an email to the address cloud@metacentrum.cz. To make things easier and resolve the issue faster, it helps to state Your assumption about the blocked access and what led to it.
-
-Also, it is important to add the outputs of the bash function `test_cloud_access()` above, ran from both VMs (A and B).
+### How to report network issue and get unblocked
+If You are suspecting, that Your virtual machines are blocked, You should contact support by sending an email to the address cloud@metacentrum.cz. To make things easier and resolve the issue faster, it is important to add the outputs of the bash function `test_cloud_access()` above, ran from both VMs (A and B).