DION training - Security+ -> Section 15 - Security Architecture Flashcards
What is cloud computing?
It refers to provisioning of services over the internet.
What is the concept of responsibility matrix in cloud computing?
Responsibility matrix divides the responsibilities of client and the could service provider.
What are the different considerations that we should keep in mind while choosing a cloud provider?
- Availability - what’s the uptime of the service that service provider is providing
- Cost - what would be the current cost and what would be the future cost.
- Scalability - Does cloud provider has redundant servers and can provide scalability when workload increases
- Elasticity -
- Risk Transference -
- Resilience -
- Ease of deployment
- Patch availability
etc
What is shared physical server vulnerability in cloud computing?
On a single host, there are different VMs hosted. If one VM is vulnerable or it is not securely configured, it might impact the security of other machines or host machine as well.
Do proper isolation of VMs
patch-up management
Do regular vulnerability scans
What are few vulnerabilities related to Cloud computing?
- Single point of failure - If there is no redundancy.
- Unclear security policies
- Weak authentication and encryption practices.
- Lack of up to date security measures.
What are Data Remnants?
It is residual data left behind after the deletion or erasure process.
It happens due to inadequate data deletion procedures.
What are 2 types of hypervisors?
Hypervisor is the program that manages the access to system resources by different virtual machines.
1st Type - Bare metal Hypervisor - It is the hypervisor that directly installs on top of system hardware.
It does not install on top of some OS like windows, MacOS.
Ex - VMware ExXi, Citrix’s xen server.
2nd type - It is installed on top of OS like windows.
Ex - Vmware work station, Oracle Virtual box
What is the concept of containerization?
It is a concept of creating containers for applications that provide all the dependencies required for this particular application. It provides an isolated environment for a application.
It has numerous benefits as compared to virtualization that first requires a VM OS to be installed and only then we can install some application on top it.
In containerization, there is no VM OS, as containerized applications can directly request resources from the host OS and it happens on need per basis.
So it saves the use of resources by VM OS.
Few providers of containerization - Docker, Kubernetes, Red Hat OpenShift
What are some virtualization-related vulnerabilities?
- VM escape -
- Privilege escalation - If access controls are not implemented properly.
- Resource re-use - It can become a vulnerability when a memory is not properly cleared before it is used by another process. And other processes might get its hand on the sensitive data of the first process.
What is serverless concept in computing?
It is normally used by app developers and serverless concept takes away the responsibility to managing our own servers as they are managed by the service/cloud provider.
It has number of benefits -
1. More time to focus on actual application instead of managing server.
2. Decreased cost - normally in Serverless service, Cloud provider charges based on how much time resources were used for.
Its drawback is that there might be vendor lock-in as migrating an application to another provider is a difficult task.
What is the concept of Micro-services?
In this concept, an application program is divided into independent Micro services instead of one large single program.
It has a number of benefits like following -
- It increases resiliency - As one micro-service failure doesn’t bring the whole application down.
- Easy to deploy patches or updates - Updates/patches can be deployed only on the concerned service. Whole application doesn’t need to be taken down.
- Scalability - Each service can be scaled separately as per its demand.
- Flexibility - Micro-services can be written in different languages.
Example of such service - Netflix
Its challenges -
- complexity
- Data management
- Security implication due to increased attack surface area.
What is SDN - Software Defined Networking?
SDN involves the concept of managing networking devices from a centralized place.
It divides the working of networking devices into 3 panes -
Data plane - this plane just forwards the data from one place to another
Control plane - It is the brain of the network. It decides where data is forwarded.
Application plane - The plane where all network applications interacting with the SDN controller reside.
What is the concept of infrastructure as code?
It is a method in which IT infrastructure is defined in code files that can be versioned, tested and audited.
Code can be written in high level languages like YAML, JSON, HCL etc.
IaS can be written as scripts and can be used to manage and configure computing devices like servers.
Note - Infrastructure as Code can help us eliminate Snowflake systems.
What is a Snowflake system and term Idempotence?
Snow Flake - there are the systems with configurations that lacks consistency that might introduce risks, so it has to be eliminated.
Idempotence - It is the ability of operation to produce the same results as many times as it is executed.
What are internet of thing devices?
These are devices that have smart capabilities (computing functionalities) and are connected to the internet. Like smart fridge.
These devices are prone of number of vulnerabilities and it is recommended to keep these IoT devices on separate network.