Security in Cloud Computing

Question 1

What is PaaS and what does it provide?

Answer 1

Platform as a Service (Paas):
Geared towards software development
Hardware and software hosted by provider
Provides ability to develop without having to worry about hardware or software

Question 2

What is IaaS and what does it provide?

Answer 2

Infrastructure as a Service (IaaS):
Provides virtualized computing resources
Third party hosts the servers with hypervisor running the VMs as guests
Subscribers usually pay on a per-use basis

Question 3

What is SaaS and what does it provide?

Answer 3

Software as a Service (SaaS):
Provider supples on-demand applications to subscribers
Offloads the need for patch management, compatability and version control

Question 4

What tool would you use to conduct Multi-Cloud Environments auditing?

Answer 4

ScoutSuite

Question 5

What tool would you use to conduct AWS Cloud Environment auditing?

Answer 5

Prowler

Question 6

What tool would you use to conduct AWS exploitation?

Answer 6

Pacu

Question 7

List 4 type of cloud deployment models.

Answer 7

1. Public Cloud (Services on cloud open to public)
2. Private Cloud (Single tenant cloud environment)
3. Community Cloud (Cloud shared by number of organisations, but not open to public)
4. Hybrid Cloud (Combination of multiple cloud deployment models)

Question 8

What is a cloud carrier?

Answer 8

An intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers

Question 9

What is a cloud broker?

Answer 9

Manages use, performance and delivery of services as well as relationships between providers and subscribers

Question 10

What is FedRAMP?

Answer 10

Cyber security risk management program regarding cloud services

Question 11

What is meant by a Trusted Computing Model?

Answer 11

To resolve and harden computer security risks via hardware enhancements

Question 12

What is the biggest threat faced in Cloud Computing?

Answer 12

Data Breach or Loss - Malicious theft, erasure or modification

Question 13

What is meant by the term “Shadow IT”?

Answer 13

System or solutions that is developed but haven’t been through proper approval

Question 14

Which 2 cloud service models does “Abuse of Cloud Resources” usually applies to?

Answer 14

1. IaaS
2. PaaS

Question 15

In Cloud Computing, what is the biggest issue faced with APIs?

Answer 15

Insecurity of Interfaces and APIs

Question 16

What type of an attack is a Wrapping Attack?

Answer 16

Man-In-The-Middle that targets Cloud Environments (Typically SOAP messages).

Question 17

What is mean by a Session Riding attack?

Answer 17

Same as CSRF, but is targetted mainly at cloud technologies.

Question 18

What is meant by a Side Channel Attack?

Answer 18

Attacking a system without using the direct interface e.g. using a VM to attack another VM that’s on the same physical server.

Question 19

What is a VDI?

Answer 19

Virtual Desktop Infrastructure

Question 20

What is meant by serverless architecture

Answer 20

Users do not need to spend time tuning systems, as the cloud service is responsible to scaling the capacity for demand.

Valid Concerns with this architecture:
- Dependency on the cloud service provider
- Protection of endpoint security
- Limited disaster recovery options