Chapter 5 – Security in the Cloud Flashcards
What is a Private Cloud?
A distributed computing environment with only one customer.
What are the risks associated with a Private Cloud?
Personnel threats; natural disasters; external attacks; regulatory noncompliance; malware.
What is a Community Cloud?
Resources are shared and dispersed among an affinity group.
What are the risks associated with a Community Cloud?
Resiliency through shared ownership; shared costs; no need for centralized administration for performance and monitoring.
What is a Public Cloud?
Offers services to any entity that wants to become a cloud customer.
What are the risks associated with a Public Cloud?
Vendor Lock-In; Data Portability; Vendor Lock-Out.
What is Vendor Lock-In?
Customer is unable to retrieve data; use portability for ease when transporting data, ensure contract states so, avoid proprietary formats, check for regulatory constraints; detrimental contract terms or technical limitations.
What is Data Portability?
Used to avoid lock-in; the ease of moving data from one cloud provider to another.
What is Vendor Lock-Out?
Provider goes out of business, bought out by another business, or ceases operation.
What is a Type 1 Hypervisor?
Also called bare-metal/hardware hypervisor; resides on host machine as bootable software.
What is a Type 2 Hypervisor?
Software hypervisor; runs on top of the OS that runs on a host device.
What is Guest Escape / VM Escape?
Allows a user to leave their own virtualized instance; user can access other virtualized instances on the same host, view, copy, or modify data stored, access host itself affecting all instances on the machine.
What is Host Escape?
User can leave the host machine, accessing other devices on the network.
What is VMI (Virtual Machine Introspection)?
Agentless means of ensuring VM’s security baseline does not change by examining the physical address, network settings, and installed OS.
What is NFV (Network Functions Virtualization)?
Replacement of network appliance hardware with VMs; uses a hypervisor to run networking software and processes such as routing and load balancing.
What is SDN (Software Defined Networking)?
Approach to networking that uses software-based controllers or APIs to communicate with underlying hardware infrastructure and direct traffic on a network.
What can network admins do with SDN?
Reroute traffic based on current customer demand; create logical subnets without having to change any actual physical connections; filter access to resources based on specific rules or settings.