Cloud Computing Flashcards
Describe Infrastructure as a Service (IaaS)
Provides virtualized computing resources
Third party hosts the servers with hypervisor running the VMs as guests
Provide 2 examples of IaaS
AWS, Microsoft Azure, Google Cloud
Describe Platform as a Service (Paas)
Geared towards software development
Hardware and software hosted by provider
Provides ability to develop without having to worry about hardware or software
e.g: Heroku, SalesForce
Provide 2 examples of PaaS
AWS Lambda, Google App Engine
Describe Software as a Service (SaaS)
Software that is centrally hosted and managed for the end customer.
Describe Identity-as-a-Service (IDaaS)
Managed authentication services
Provide 2 examples of SaaS
adobe photoshop, zendesk
Describe Security-as-a-Service (SECaaS)
Integrates security services into corporate infrastructure
Provide 3 examples of SECaaS
penetration testing * authentication * intrusion detection * anti-malware * security and incident management.
Describe Container-as-a-Service (CaaS)
cloud-based service offering management and hosting of containers
Provide 3 examples CaaS
Kubernetes, Docker Swarm, and Microsoft Azure
Describe Function-as-a-Service (FaaS)
Provides a platform allowing to develop, run, and manage functionalities without any infrastructure effort.
Provide 2 examples of FaaS
AWS Lambda, Google Cloud Functions, Azure Functions
Describe the Private cloud model of Cloud Deployment Models
Provisioned for exclusive use of single organization
Describe the Public cloud model of Cloud Deployment Models
Provisioned for open use by the general public
Exists on the premises of the cloud provider.
Describe the Community cloud model of Cloud Deployment Models
Shared infrastructure between several organizations with shared concerns (e.g. compliance)
Describe the Multi cloud model of Cloud Deployment Models
Multi-cloud is a environment where an organization leverages two or more cloud computing platforms to perform various tasks
Name the 5 components of NIST definition of cloud computing
1 - On-demand self-service
2 - Broad network access
3 - Resource pooling - shared underlying
4 - Rapid elasticity - instant scalability
5 - Measured service - Metering
What are the 3 types of cloud defined by the NIST?
Software as a Service (SaaS),
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
What is the NIST definition of Cloud Consumer?
User of the cloud products and services
What is the NIST definition of Cloud Provider?
Delivers cloud computing based products and services
What is the NIST definition of Cloud Auditor?
independent assessor of cloud services
What is the NIST definition of Cloud Broker?
Manages the use, performance and delivery of cloud services
What is the NIST definition of Cloud Carrier?
Provides connectivity and transport of cloud services from providers to consumers.
Describe Trusted Computing (TC)
Attempts to resolve computer security problems through hardware enhancements
Roots of Trust (RoT): set of functions within TCM that are always trusted by the OS
What is the Cloud Wrapping attack?
XML rewriting attack
Changes the content of the signed part without invalidating the signature
sending/replaying envelope with changed data.
What is the Cloud Session riding?
CSRF in cloud
What is the Cloud Side(effect) channel attack?
A side-channel attack is any attack based on the physical implementation of a system (as opposed to attacks which are based on an algorithm) which is performed via channels or mediums that are created as a side effect of the main operation of the attacked system
Describe the Cloud Hopper attack?
Initiated by delivering malware through spear-phishing emails
Goal is to compromise the accounts of staff or cloud service firms to obtain confidential information
Describe the Cloudborne attack?
BMCs are a third-party component designed to enable remote server management for initial provisioning, operating system reinstallation, and troubleshooting. The attacker then implants a backdoor that gives them direct access to the hardware itself
Describe the Man-In-The-Cloud (MITC) attack
MITC attacks do not rely on compromising credentials and they do not require malicious code or exploits. Instead, cybercriminals infiltrate end-user machines, steal synchronization tokens directly from the computer’s registry and place them on different devices. Google Drive does not care which machine uses the token, as long as it’s authentic
What is the Cloud security tool CloudInspect?
Penetration-testing as a service from Amazon Web Services for EC2 users
What is the Cloud security tool CloudPassage Halo?
Automates cloud computing security and compliance controls
What is the Cloud security tool privacy.sexy?
increases privacy by reducing third party cloud-based data collection
Can also be used to harden virtual machine images and OSes that are talking to cloud services