Cloud Security Flashcards
On-Premises
Operates locally
Off-Premises
Operates via the cloud
CTSS
Compatible Time-Sharing System
Distributes resources of a single machine for simultaneous multiple user access
IaaS
Infrastructure as a Service
Maintaining server on a cloud-based VM
Provides virtual resources
Customer Responsible for: Accountability, Data, Application, Runtime, Middleware, OS
Provider Responsibility: Virtualization, Servers, Storage, Network
PaaS
Platform as a Service
Creation of platforms for applications & eliminates platform maintenance
Customer Responsible for: Accountability, Data, Application
Provider Responsibility: Runtime, Middleware, OS, Virtualization, Servers, Storage, Network
SaaS
Software as a Service
Running software off-premises (Ex. Dropbox, Gmail, Office365)
Customer Responsible for: Accountability, Data
Provider Responsibility: Application, Runtime, Middleware, OS, Virtualization, Servers, Storage, Network
XaaS
Anything as a Service
All types of products that can be provided via the cloud
DaaS
Desktop as a Service
Hosting an OS on a virtual machine
Provide desktop interfaces for users
Public Cloud
Uses provider resources
Hosts services open to others
DRaaS
Disaster Recovery as a Service
Replication of servers to the cloud (failover solution)
Private Cloud
Separate for each customer
Private customizable environment
Offers a higher level of reliability
Hybrid Cloud
Public and private models combined
Running apps interchangeably, privately,
or publicly
Hypervisor
Manages virtual system resources
Type 1 runs on system hardware (also known as bare metal)
Type 2 runs on host OS as an application
Virtualization Security
Cloud Provider Responsibility: physical infrastructure security and virtualization platform security
Cloud Customer Responsibility: Virtualized security controls (virtualized host encryption)
Cloud Availability Zones
Regions: Multiple availability zones
Availability Zones (AZ) : Geographical (closer is better), Legal/compliance/corporate policy constraints of where data resides, Cost, Offerings
SLA
Service Level Agreement
Agreement between service provider and client regarding the features provided and implementation
IAM
Identity & Access Management
Framework for management of control of permissions, authentication, and identification using digital identities
Data Center Disaster Recovery
Redundancy
Resiliency
Disaster Recovery
Data Backups
EC2
Amazon cloud computing service platform
S3
Amazon data storage services
POLP
Principle of Least Privilege
WAF
Web Application Firewall
Helps protect web applications by filtering and monitoring HTTP traffic
Uses ACLs
Layer 7
NGFW
Next Generation Firewall
3rd generation firewall that provides capabilities beyond a traditional
Volumetric Attacks
Focus on consuming network resources through amplification or botnets.
SDN
Software-Defined Networking
network architecture approach that enables the network to be intelligently and centrally controlled, or ‘programmed,’ using software applications
SDP
Software-Defined Perimeter
Authentication outside app
Layer 2
Virtualization
Single physical machine for multiple simulated environments.
Based on images
Lifespan: year/long-term
Cloud Computing
Pool and automate resources for on-demand use.
Based on templates
Lifespan: Max hours to months/short-term
VA
Virtual Appliances
IaaS: VAs are crucial regarding file format (OVA, OVF). Can be network devices (routers, switches)
SaaS: VAs provide direct route when a quick SaaS setup is needed. Prevent the need to redesign large apps.
Container
Standard units of software packaging code and dependencies
Lightweight/standalone
Ensure secure implementation of apps
Docker
A PaaS that uses virtualization to deliver software in containers
SDP Core Pillars
Identity-Centric: identities rather than IP addresses
Zero Trust: Must authenticate first
Build for the Cloud: Works w/ SDN & prevents unauthorized network access
DLP
Data Loss Prevention
CASB
Cloud Access Security Broker
Gatekeeper and manages security-related policies
