7 - Cloud Security and Governance Flashcards
Security concerns
Loss of control
Lack of trust
Multitenancy
MTC
Firewalling
(3 firewalls)
Main firewall
then border systems route to DMZ
DMZ contains app servers
3 firewalls
NIDS
Network Intrusion Detection
NIDS: Purpose
Monitors local traffic for irregular activity.
Eg port scans, ddos, exploits
NIDS: Speed
Quite slow as must inspect every packet and payload
Volumetric Attacks
Use massive traffic. Easy to generate
Impact: Blocks access
Protocol Attacks
Exploit weaknesses in L3 and L4 protocols
Impact: All processing capacity consumed
Application Attacks
Exploit L7 weaknesss. Sophisticated and challenging to identify
Impact: Exhaust resources by monopolising processes and transactions
DDoS scrubbing
Traffic goes to high bandwidth scrubber before legitimate traffic is allowed back
Expensive
HIDS
Host Intrusion Detection System
HIDS: Purpose
Monitors server state for unusal activity
Data segmentation
Separating data by sensitivity. High sensitivity data would require full system breach
Responding to attacks
Cut off intruder
Identify atack vector
Wipe server and start over with patch
Launch server again
Threat model
Helps in analysing a security problem, design mitigation and solutions.
Identify threats
Rank
Choose strategies
Build solutions
Attacker model: Questions to consider
insider vs outsider?
single vs collaborator?
What motivates them?
