Domain 7 - Infrastructure Security Flashcards
_______ is the foundation for operating securely in the cloud. Is the glue of computers and networks that we build everything on top of. encompasses the lowest layers of security, from physical facilities through
the consumer’s configuration and implementation of infrastructure components. These are
the fundamental components that everything else in the cloud is built from, including compute
(workload), networking, and storage security.
Infrastructure security
Two macro layers to infrastructure
- The fundamental resources pooled together to create a cloud. This is the raw, physical and
logical compute (processors, memory, etc.), networks, and storage used to build the cloud’s
resource pools. - The virtual/abstracted infrastructure managed by a cloud user. That’s the compute, network,
and storage assets that they use from the resource pools.
What are the 3 common networks isolated onto different dedicated hardware in the cloud?
- Management Network
- Storage Network
- Service Network
2 Major categories of Virtualisation?
- VLAN
- SDN
Is a type of virtualisation designed for single tenant network and not designed for cloud virtualisation scale
VLAN
Is a type of virtualisation that decouples network plane from data plane and can offer much flexibility and isolation
SDN
True/False: Traditional Network Intrusion Detection Systems, where communications between hosts are are
mirrored and inspected by the virtual or physical Intrusion Detection Systems will not be supported
in cloud environments; customer security tools need to rely on an in-line virtual appliance, or
a software agent installed in instances. This creates either a chokepoint or increases processor
overhead, so be sure you really need that level of monitoring before implementing.
True
What are the challenges of virtual appliances in the cloud?
- Virtual Appliances can become bottleneck
- May take significant resource and increase cost
- Should be cloud aware and designed to handle velocity of change
- Limited Auto scale capabilities
SDN Security Benefits
- Isolation is easier
- SDN Firewalls provide better flexible criteria than hardware FW
________________ (also sometimes referred to as hypersegregation) leverages virtual network topologies to run more, smaller, and more isolated networks without incurring additional hardware costs that historically
make such models prohibitive
Microsegmentation
3 Components of CSA Software Defined Perimiter Working Group (SDP)
- SDP Client
- SDP Controller
- SDP Gateway
True/False: Cloud users are responsible for implementing perimeter security that protects the
environment, but minimizes impact on customer workloads,
False. It is Cloud Provider responsibility
_________ connect an enterprise private cloud or data center to a public cloud provider, typically using either a dedicated Wide Area Network (WAN) link or VPN.
Hybrid clouds
_____ is an emergin architecture for hybrid connectivity which allows to connect to multiple cloud network using single hybrid connection
Bastion or Transit network
A ______ is a unit of processing, which can be in a virtual machine, a container, or other
abstraction.
Workload