Seek 7: Security the Cloud - Architecture Flashcards
Building and operating a cloud securely and efficiently entails a great deal of planning
–Ingredients: A data center, hardware, a set of enabling software, a staff with broad and deep experience, and processes to make it work
–At a high level, we start with a ___ and redundant ___to a cloud ingress
–Then we add a massive amount of gear that is racked and cabled following well-defined ___
data center, Internet connections
patterns
NIST defined cloud computing as an IT model for “enabling convenient, on-demand network access to a ____that can be rapidly ____with minimal management effort or service provider interaction”
shared pool of configurable computing resources
provisioned and released
Failing to plan cloud deployment appropriately will typically lead to ___
higher ongoing costs due to inefficiencies in design and processes
A reasonable approach to cloud deployment entails prudent architecture that considers the need for ___
inevitable evolution and reserves flexibility for such evolution
Factors Driving the Cloud Deployment Requirements
Costs and Resources Reliability Performance The Security Triad Legal and regulatory constraints
Cloud facility physical security
The scope of physical security involves a range of measures to prevent, detect, and respond to unauthorized access to the facility
Physical security should be viewed as a system for protection, with individual security elements complementing each other in a multifaceted and layered defense
AWS physical security
AWS’s world-class, highly secure data centers utilize state-of-the art electronic surveillance and multi-factor access control systems
All aspects of security should be captured in a ___
cloud security policy
cloud security policy
–A formal document that has the complete approval of management
–Should not provide technical details, but rather spell out all security requirements from an organizational or business standpoint
cloud security policy supporting documents
guidelines
acceptable use policy
security standards
cloud security policy supporting documents - guidelines
A set of guidelines for enabling security in the development of infrastructure software, infrastructure management processes, and operational procedures
cloud security policy supporting documents - acceptable use policy
This policy should specify what the consequences for violations are
Security standards for a cloud should address…
Access Controls Incident Response and Management System and Network Configuration Backups Password Policies Security Testing Data and Communications Encryption Continuous Monitoring
Security standards for a cloud - access control
Should be at a granularitynecessary to guide implementation of physical access to facilities and logical access to systems and applications
Security standards for a cloud - Incident Response and Management
Should detail all rolesand responsibilitiesof various parties along with proceduresand timelinesfrom detection through postmortem reporting
Security standards for a cloud - System and Network Configuration Backups
It is critical to have current and authoritative copies of all configurations including infrastructure components, servers, and switches as well as for all hosted systems
Security standards for a cloud - Password Policies
Should detail the qualitiesthat acceptable passwords must comply with
Security standards for a cloud - Security Testing
- The cloud provider must perform and document the results of initial and periodic security testing
- This standard should include rolesand responsibilitiesas well as detailing when third-party testing or reviews should be performed
Security standards for a cloud - Data and Communications Encryption
Should detail functional areas (such as web server traffic), the approved cryptographic algorithms and the required key lengths
Security standards for a cloud - Continuous Monitoring
Should detail how configuration management and change control are performed to support ongoing security
The correct operationof systems and authoritative system logs depends on the___
correct time
Correct and synchronized time becomes especially important with communicating computers residing in different locations, which need to have their record and event timestamps synchronized to a single source
Synchronized Time Source
Network Time Protocol (NTP)
Network Time Protocol provides____
Coordinated Universal Time (UTC)
Requirements –Identity Management
Consider using a federated identity system to allow for identity portability for the user population and to present a single mechanism for internal access as well as tenant and user access
•A federated identity management system will allow for interoperability with customer and third-party identity providers or domains
Assure that when identities are de-provisioned, historical information for users___
is maintainedto allow for future legal investigations
Implement ___ for all remote control or remote access by operations personnel
whitelisted source IP addresses
A key escrow implementing ___ control can be used to protect keys
M of N
M of N control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks
In a cloud, audit events will be generated in fundamentally different ___
trust zones
Security events are recognized as having different degrees of integrity
Security monitoring must be a ___ and ___service that is accessible internally or remotely in a secure manner
highly available
hardened
Security monitoring must include generation of alerts based on ___
automated recognition of critical security events
Implementing a cloud-wide ___and expressing this as a service for tenants or users
intrusion and anomaly detection capability
Incident management and response must be in line with ___
There must be a process in place to ___to incidents
SLAs and the security policy
detect, identify, assess, and respond
Ensure that incident management includes clear and reliable means for customers and tenants to ___
report situations or events to the provider
To be most effective, vulnerability and penetration testing should be coordinated with ___
monitoring and configuration management
General Infrastructure Security Requirements
Maintain open ports to a minimum
Implement the means to assure continuity of operations in line with SLAs
Ensure that network connectivityis maintained by use of multiple pathways to the cloud services
Ensure that the facility has ample power recovery capabilitiesand power is distributed to the infrastructure in a manner that allows for redundant infrastructure in the event that power is lost
Ensure that de-provisioned internal IP addresses, such as one previously assigned to a tenant’s VM, are sufficiently aged before being recycled for use by another tenant
Example of defense in depth
VPN, whitelisted source IP, security token
Honeypots
can be used by CSP network, tenant networks
CSPs could use a honeypot VM for each physical server to detect intrusions at the hypervisor level
Sandboxing uses a form of ___or ___between applications and the OSin which they are running
virtualization
abstraction
Public clouds face several challenges in ensuring sufficient ___ between tenants, especially when VMs assigned to different tenants are ___
network isolation
co-located on a physical server
The switching infrastructure in the cloud ___traffic between VMs that reside on a single hardware platform
can’t isolate
Isolation of VMs - Security patterns
Select VM technology that affords network isolation between VMs
Encrypt communication traffic into VMs
Harden security controls on VMs
Filter traffic to a VM by using a software firewall
Network isolation can be achieved to some extent by using ____, but this is subjected to vulnerabilities and misconfiguration
network virtualization
___and ___traffic should be physically separated
Administrative
operational
It should be pointed out that having multiple networks to support isolation may drive up ___
infrastructure costs
A typical rack has ___rack units(RU), servers will require one or several RUs and a typical 1RU switch as ___ports
42 48
Use of in-rack switches to consolidate traffic
Additional hardware introduces a potential point for failure
Although the consequence of a single switch failing may be limited to the connectivity of a single rack, there are other factors to consider
Given the number of racks required to implement a cloud, the in-rack switch arrangement may experience more frequent failurethan the use of a ___
centralized core switching arrangement
carrier-grade core switches are significantly more reliable than the aggregate reliability of a higher number of in-rack switches
Another network pattern is the use of ___components,
___balancing, and multiple___ between critical components
to improve reliability and availability
redundant
load
links
for examples - redundant ingress devices
A different and more cost-effective approach would be to architect the infrastructure in ___
repeating patterns
Each additional block expands the amount of processing and storage for the cloud
Configuration Management Database (CMDB)
A Configuration Management Database (CMDB)is an information repository for managing the configuration of an IT system’s components
A CMDB can be used to create and manage an accurate and complete representation of the IT environment
Cloud management software should operate based on information in the ___and update the ___with relevant information as it operates
CMDB CMDB
One area where a CMDB offers advantages is ___
security
Often overlooked in small systems, ___contribute to a faster and more reliable implementationof infrastructure
cabling patterns
This becomes far more critical when infrastructure is scaled
Cabling patters other considerations
–Many modern data center servers, especially cloud friendly blade servers, have multiple power supplies and multiple power cords
–Furthermore, the typical data center delivers power to racks from at least two separate circuits
Finally, it would be a significant improvement if both ends of all cables came with ___that are both visually unique and that can be scanned by a hand-held reader
unique factory encodings
The term resilience refers to ___
the ability to maintain an acceptable level of service when a system is subjected to faults
Possible patterns should include reserving RUs in ___ or ___to allow for future expansion
infrastructure management
security racks
Change can also come in the form of drastic changes to the physical networkthat implements the cloud
One approach to minimize this is to__
run Ethernet cables from core switches to patch panelsabove server racks and from there run patch cables to server ports
To some, the security of a cloud computing architecture can be summarized in one phrase
Everything in a cloud is ___
at scale
It appears that the technology that powers the cloud is progressing at a rate that is faster than the technology used to ___clouds
secure
In the information security space, the maturity of a particular technology relates to ___ actually is(the test of time)
how secure it
3DES
3DESis a widely used encryption cipher, an evolutionof the Data Encryption Standard (DES)cipher originally developed in the early 1970s
DES was selected as the official ___ for the United States in 1976 after a long vetting period
Federal Information Processing Standard
What might work best to manage the risk of IT failures is to adopt an encompassing enterprise ___coupled with clear___ and a plan to address ___
risk framework
business objectives
contingencies
In the view of the Jericho Forum, it is necessary to identify___and ensure that they are adequately secured, whether that is from an external or an internal threat
critical components
Jumphost & VPN
Jumphost& VPN:a security team-only set of mechanisms, to access the security network
Virtual SOC
Virtual SOC: a series of user interfaces for monitoring, scanning, reporting, and analysis
Collection & Analysis
Collection & Analysis:a set of capabilities that starts with the collection of security informationrouted to the syslogarchive andthen relayed to the analysis, alerting, and IDS components
Directed Network Monitoring
Directed Network Monitoring:forms of monitoring that in part involve inspection of network trafficand in part involve the periodicvulnerability scanningof systems in the environment
