Cloud Security Flashcards
Cloud Computing
§ A way of offering on-demand services that extend the traditional capabilities of a computer or network
§ Cloud computing relies on virtualization to gain efficiencies and cost savings
Hyperconvergence
Hyperconvergence allows providers to fully integrate the storage, network, and
servers
Virtual Desktop Infrastructure
VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server
Virtual Desktop Infrastructure
VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server
secure enclave
A secure enclave provides CPU hardware-level isolation and memory encryption on every server, by isolating application code and data from anyone with privileges, and encrypting its memory.
Cloud Types
- Public Cloud
- Private Cloud
- Hybrid Cloud
- Community Cloud
Public Cloud
A service provider makes resources available to the end users over the Internet
Private Cloud
§ A company creates its own cloud environment that only it can utilize as an internal enterprise resource
§ A private cloud should be chosen when security is more important than cost
Community Cloud
Resources and costs are shared among several different organizations who have common service needs
Software as a Service
Provides all the hardware, operating system, software, and applications needed for a complete service to be delivered
Infrastructure as a Service
Provides all the hardware, operating system, and backend software needed in order to develop your own software or service
Platform as a Service
Provides your organization with the hardware and software needed for a specific service to operate
Security as a Service
§ Provides your organization with various types of security services without the need to maintain a cybersecurity staff
§ Anti-malware solutions were one of the first SECaaS products
File Servers
Servers are used to store, transfer, migrate, synchronize, and archive files for your organization
FTP Server
§ A specialized type of file server that is used to host files for distribution across the web
§ FTP servers should be configured to require TLS connections
Domain Controller
A server that acts as a central repository of all the user accounts and their associated passwords for the network
Virtual Private Cloud
o A private network segment made available to a single cloud consumer within a public cloud
o The consumer is responsible for configuring the IP address space and routing within the cloud
o VPC is typically used to provision internet-accessible applications that need to be accessed from geographically remote sites
o On-premise solutions maintain their servers locally within the network
o Many security products offer cloud-based and on-premise versions
o Consider compliance or regulatory limitations of storing data in a cloud-based security solution
o Be aware of the possibility of vendor lock in
Cloud Access Security Broker
Enterprise management software designed to mediate access to cloud services by users across all types of devices • Single sign-on • Malware and rogue device detection • Monitor/audit user activity • Mitigate data exfiltration
Forward Pro
o A security appliance or host positioned at the client network edge that forwards user traffic to the cloud network if the contents of that traffic comply with policy
o WARNING: Users may be able to evade the proxy and connect directly
Reverse Proxy
o An appliance positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with policy
o WARNING: This approach can only be used if the cloud application has proxy support
Application Programming Interface
o A method that uses the brokers connections between the cloud service and the cloud consumer
o WARNING: Dependent on the API supporting the functions that your policies demand
Function as a Service
A cloud service model that supports serverless software architecture by provisioning runtime containers in which code is executed in a particular programming language
Serverless
§ A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances
§ Everything in serverless is developed as a function or microservice
Cloud Threats
Insecure Application Programming Interface (API)
Improper Key Management
Insufficient Logging and Monitoring
Unprotected Storage
Cross Origin Resource Sharing (CORS) Policy
