Chapter 8 Securing Public Servers

Question 1

What is a Distributed Denial of Service (DDoS) attack?

Answer 1

A DDoS attack floods a network or host with excessive traffic, rendering it unavailable to legitimate users. Attackers use a botnet, a collection of infected computers, to launch these attacks.

Question 2

How can DDoS attacks be mitigated?

Answer 2

DDoS attacks can be mitigated through techniques such as throttling (slowing down excessive traffic) and black hole routing (routing malicious traffic to a null destination).

Question 3

What is DNS hijacking?

Answer 3

DNS hijacking occurs when attackers redirect DNS queries, leading users to fake websites or altering search results. It can be mitigated by hardening DNS servers and implementing secure DNS protocols.

Question 4

What is typo squatting?

Answer 4

Typo squatting is a form of URL hijacking where attackers create fake websites with similar names to popular ones, exploiting users’ typing mistakes to deceive them. User awareness and careful verification of URLs can help mitigate this.

Question 5

What is session hijacking?

Answer 5

Session hijacking involves attackers gaining unauthorized access to an authenticated user’s session. Mitigation involves implementing secure web application practices, such as setting the “HTTP Only” flag for cookies.

Question 6

What is a pass-the-hash attack?

Answer 6

A pass-the-hash attack exploits password hashes stored in memory to gain unauthorized access to network resources. Mitigation involves using updated operating systems that prevent the retrieval of password hashes from memory.

Question 7

What is a Managed Security Service Provider (MSP)?

Answer 7

An MSP is a third-party provider that offers outsourced cybersecurity services, including 24/7 security monitoring, vulnerability scans, and penetration testing to mitigate attacks and enhance overall security.

Question 8

What is a monolithic app?

Answer 8

A monolithic app is a large program that is not broken down into smaller components. It is not how modern software development is done.

Question 9

What are containers?

Answer 9

Containers are lightweight, isolated environments that contain application files and dependencies. They run on a host operating system and do not require a separate operating system like virtual machines.

Question 10

What is Docker?

Answer 10

Docker is a popular containerization engine that allows the management and deployment of containers. It enables developers to package their applications and dependencies into containers.

Question 11

How do containers differ from virtual machines (VMs)?

Answer 11

Containers only contain application files and dependencies, while VMs contain an entire operating system. Containers start up quickly as they utilize the underlying host OS, unlike VMs that require the OS to start.

Question 12

How can containers be managed in Linux?

Answer 12

In Linux, Docker is installed as the container engine. Containers can be pulled from Docker Hub and run using the “docker run” command. They provide an isolated environment for running applications.

Question 13

What is software-defined networking (SDN)?

Answer 13

SDN is an approach that abstracts network configuration and management from physical network devices. It allows users to configure network settings easily through a GUI or command line without needing detailed knowledge of underlying network equipment.

Question 14

What are the benefits of using containers?

Answer 14

Containers provide portability, scalability, and rapid deployment of applications. They enable efficient utilization of resources, simplify application management, and improve software development workflows.

Question 15

How does understanding containers help with security?

Answer 15

Understanding containers is crucial for securing environments. Containers can run services and applications that might not be visible when scanning the host OS. It is essential to have awareness of containerized services to properly secure the environment.

Question 16

How are containers used in cloud computing?

Answer 16

Containers can be deployed in cloud-based virtual networks. This allows for easy creation and management of network components without needing in-depth knowledge of the underlying infrastructure. Software-defined networking interfaces facilitate this process.

Question 17

What is a hypervisor?

Answer 17

A hypervisor is an operating system that manages virtual machine guests. It supports the execution and management of multiple virtual machines on a single physical server.

Question 18

What are the two main types of hypervisors?

Answer 18

The two main types of hypervisors are type one (bare metal) and type two. Type one hypervisors run directly on the host’s hardware, while type two hypervisors run as an application on top of an existing operating system.

Question 19

What is the benefit of using on-premises hypervisors?

Answer 19

On-premises hypervisors provide full configuration control, allowing organizations to manage the hypervisor and virtual machines according to their specific requirements. However, they require upfront investment and ongoing support.

Question 20

What is the benefit of using cloud-based hypervisors?

Answer 20

Cloud-based hypervisors, provided by cloud service providers, offer the convenience of quickly deploying virtual machines without the need to manage the underlying infrastructure. Organizations can benefit from scalability, flexibility, and reduced hardware maintenance.

Question 21

What vulnerabilities exist with virtual machines?

Answer 21

Virtual machines are vulnerable to the same vulnerabilities as physical servers. It is necessary to patch the operating system, applications, and harden both the host and virtual machines. VM sprawl and VM escape are additional concerns that can increase the attack surface if not properly managed.

Question 22

What is VM sprawl?

Answer 22

VM sprawl refers to the proliferation of virtual machines without proper management. It can lead to forgotten or unused virtual machines, increasing the attack surface and resource consumption.

Question 23

What is VM escape?

Answer 23

VM escape is a type of attack where a malicious actor exploits vulnerabilities in a virtual machine to gain unauthorized access to the underlying hypervisor or host operating system. Proper patching and security measures are essential to prevent VM escape.

Question 24

How can virtual machines be hardened?

Answer 24

Virtual machines should undergo standard security practices such as patching, disabling unnecessary services and user accounts, implementing strong passwords, limiting internet visibility, and utilizing encryption. Hardening the underlying hypervisor is also crucial for overall security.

Question 25

How can virtual machines be encrypted?

Answer 25

Virtual machine encryption adds an extra layer of security by encrypting the virtual machine’s files and preventing unauthorized access. Encryption can be enabled through the hypervisor’s settings, requiring a decryption passphrase to access the VM.

Question 26

What is fog or edge computing?

Answer 26

Fog or edge computing refers to the concept of caching cloud-stored content on an on-premises device, allowing local access to the content for on-premises users. It provides faster access compared to accessing the content over the internet.

Question 27

How can on-premises networks be linked to the public cloud?

Answer 27

On-premises networks can be connected to the public cloud through internet connections using protocols like HTTP(S) or by establishing a site-to-site VPN to create a secure connection between the on-premises network and the cloud.

Question 28

What are the characteristics of cloud computing?

Answer 28

The characteristics of cloud computing include pooled resources, broad network access, self-service provisioning, rapid elasticity, metered usage, and a shared responsibility model between the cloud service provider and the customer.

Question 29

What is a public cloud?

Answer 29

A public cloud is a cloud deployment model where cloud services are provided over the internet and available to the general public. It is owned and managed by a cloud service provider, and customers have isolated environments and pay for the services they use.

Question 30

What is a private cloud?

Answer 30

A private cloud is a cloud deployment model where cloud services are used by a single organization. It is typically hosted on-premises or in a dedicated data center and offers more configuration flexibility but requires upfront capital investment and full responsibility for management.

Question 31

What is a hybrid cloud?

Answer 31

A hybrid cloud is a cloud deployment model that combines public and private clouds. It allows organizations to leverage the benefits of both models, with mission-critical workloads running in a private cloud and other workloads replicated or extended into the public cloud for scalability and redundancy.

Question 32

What is a community cloud?

Answer 32

A community cloud is a cloud deployment model designed to serve specific communities or industries with similar requirements. It caters to tenants with common cloud computing needs, such as government agencies, healthcare organizations, or financial institutions.

Question 33

What are the key considerations for cloud security?

Answer 33

Cloud security involves ensuring proper access controls, encryption of data, regular patching and hardening of virtual machines, monitoring and logging for security events, and understanding the shared responsibility model between the cloud service provider and the customer.

Question 34

What is Infrastructure as a Service (IaaS)?

Answer 34

Cloud provider manages infrastructure, customers manage virtual machines and networks.

Question 35

What is Platform as a Service (PaaS)?

Answer 35

Cloud provider manages infrastructure and middleware, customers focus on app development.

Question 36

What is Software as a Service (SaaS)?

Answer 36

Cloud provider delivers software applications, customers access and use them.

Question 37

Characteristics of IaaS?

Answer 37

Provider manages infrastructure, customers manage virtual machines and networks.

Question 38

Characteristics of PaaS?

Answer 38

Provider manages infrastructure and middleware, customers focus on app development.

Question 39

Characteristics of SaaS?

Answer 39

Provider delivers software applications, customers access and use them.

Question 40

Benefit of Managed Services/Serverless?

Answer 40

Provider manages infrastructure, customers focus on app development or tasks.

Question 41

Responsibility shift in cloud service models?

Answer 41

In IaaS, customers manage infrastructure; in PaaS, provider manages infrastructure; in SaaS, provider manages infrastructure and software.

Question 42

What are the responsibilities of cloud service providers (CSPs)?

Answer 42

CSPs are responsible for managing hardware, firmware updates, physical infrastructure in data centers, and certain software components in specific service models.

Question 43

What are the responsibilities of cloud customers or tenants?

Answer 43

Cloud customers are responsible for accessing the cloud, implementing alternate network connections, enabling cross-region replication, and implementing cloud security controls.

Question 44

What are some cloud security controls specific to the cloud environment?

Answer 44

Cloud security controls include CASB (Cloud Access Security Broker), SWG (Secure Web Gateway), network security groups (NSGs), policy enforcement tools like Azure Policy, and data loss prevention measures like Azure Information Protection (AIP).

Question 45

Why is monitoring important in cloud security?

Answer 45

Monitoring helps detect anomalies and suspicious activities in cloud services. It involves reviewing logs, aggregating log data, and analyzing it to ensure the security of cloud environments.

Question 46

What is log forwarding and why is it beneficial?

Answer 46

Log forwarding is the process of sending log data to a central monitoring system. It helps in aggregating and analyzing log data from various cloud services, making it easier to detect and respond to security incidents.