Section 13: Cloud Computing Flashcards
Cloud computing
A way of offering on-demand services that extend the traditional capabilities of a computer or network
VDI
Virtual Desktop Infrastructure - VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server
What are the four different cloud types?
Public
Private
Hybrid
Community
Public Cloud
A service provider makes resources available to the end users over the internet
Private Cloud
A company creates its own cloud environment that only it can utilize as an internal enterprise resource
Hybrid Cloud
Benefits of both public and private cloud
Community Cloud
Resources and costs are shared among several different organizations who have common service needs
Saas
Software as a Service - Provides all the hardware, OS, software, and apps needed for a complete service to be delivered
IaaS
Infrastructure as a Service - Provides all the hardware, OS and backend software needed in order to develop you own software or service
PaaS
Platform - Provides your organization with the hardware and software needed for a specific service to operate
SecaaS
Security as a Service - Provides your organization with various types of security services without the need to maintain a cybersecurity staff
Sandboxing
Utilizes separate virtual networks to allow security professionals to test suspicious or malicious files
File Servers
Servers are used to store, transfer, migrate, sync, and archive files for your organization
__________ are a frequent point of attack in cloud environments
Email servers
Web Servers should be placed in your
DMZ
FTP Server
A specialized type of file server that is used to host files for distribution across the web
Domain Controller
A server that acts as a central repository of all the user accounts and their associated passwords for the network
Golden Ticket
Generates a ticket to allow access into the DC
VPCs
Virtual Private Clouds - A private network segment made available to a single cloud consumer within a public cloud
What two things do you need to consider when storing data in the cloud?
Compliance and regulatory considerations
Serverless
A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances
Insecure API
Must always be used over an encrypted channel! All data must pass server-side validation routines! Error handling and error messages! Implement throttling/rate-limited mechanisms to protect from a DoS
Improper Key Management. How do you mitigate this?
Use SAML, OAuth. OIDC for authentication
Do not hardcode or embed a key into the source code
Delete unnecessary keys and regenerate keys when moving into a production environment
Make sure you have hardening policies in place for all hosts, servers, etc.
Insufficient Logging and Monitoring. Mitigating?
Software as a service may not supply access to log files or monitoring tools
Logs must be copied to non-elastic storage for long-term retention=
Unprotected Storage mitigation
Cloud storage containers are referred to as buckets or blobs
Check your permissions; make sure they’re correct
Incorrect origin settings may occur when using content delivery
Cross Origin Resource Sharing (CORS) Policy
A content delivery network policy that instructs the browser to treat requests from nominated domains as safe