Week 10: Security the Cloud - Key Strategies and Best Practices Flashcards
With ___, we strive to implement security controls that provide proactive protection from threats
prevention
A sound security strategy must include ___to identify threats or compromises
detection
Timeliness and effectiveness of detection is critical to enable effective response
With ___activities we seek to address threats as they are detected or afterward with remediation, recovery, and forensics
response
Addressing security risks can be done in various ways, but without a ___ and a ___ such efforts often prove ineffective
sound process
considered strategy
Whether building a cloud infrastructure or adopting a public cloud service, leveraging the right process and strategy for managing risk will have recurring benefits:
better security,
lower ongoing operational costs,
reputation for taking security seriously enough to plan ahead
security controls equation
On one side, you have the costs involved in the consequences of a security breach or being subject to an exploit
On the other side, you have various costs associated with implementing security countermeasures
There comes a point for any system where additional preventative actions ___
incur costs that bring fewer and fewer returns
diminishing returns
Actors on two sides of security controls equation
Engineers and security personnel vs business people
Effectively managing security risk involves multiple activities that extend over time and can be grouped into four stages
Planning
Implementation
Evaluation
Maintenance
Security Risk Stages - Planning
This stage is a prerequisite to properly match security controls to address risks in an effective manner
Security Risk Stages - Implementation
This stage involves placing and configuring security controls
Security Risk Stages - Evaluation
This stage involves assessing the efficacy of security controls and periodically reviewing their adequacy
Security Risk Stages - Maintenance
Periodically, it will become necessary to perform configuration changes and updates, including security-relevant modifications
Example Framework for Managing Security Risks
NIST, and CoBIT
Security controls are countermeasures or safeguards to ___ or otherwise ___to security risks
prevent, avoid, counteract, detect,
respond
They can be technical mechanisms, manual practices, or procedures
Recommended Security Controls for Federal Information Systems and Organizations - which publication?
NIST Special Publication 800-53
NIST Special Publication 800-53 states that, in order for Federal Agencies to comply with federal standards, they must
determine the security category of their information systems in accordance with FIPS 199
derive the information system impact level from the security category in accordance with FIPS 200
apply the appropriately tailored set of baseline security controls in NIST Special Publication 800-53
NIST-defined controls are divided into 3 broad classes
Technical, Operational, and Management
Security controls are further organized into ___that fall into these ___ (e.g., Access Control, AC)
18 families
3 classes
each NIST security control has a unique identifier, for example
AC-14
In the U.S. federal government, non-classified systems are characterized according to low, moderate, or high-__information systems
impact
The emphasis on security controls in this unclassified realm might not be as much on ___as it is on ___and ___
confidentiality
integrity
availability
FIPS 199 Impact Classification LOW
if the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals
degradation in mission capability
minor damage
minor financial loss
minor harm to individuals
FIPS 199 Impact Classification HIGH
if the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals
The implementation of information categories is achieved by adding new structures and mechanisms to label and enforce separation at the ___
OS level
Another set of security controls that are sometimes used in the classified world have to do with the concept of ___
“originator controlled” data
“originator controlled” data
An illustrative example of this is an email that the original sender addresses to a set of trusted recipients
However, the original sender may wish to control the resending of those emails to other potential recipients
The Cloud Security Alliance Approach to cloud security
The Cloud Security Alliance developed a Cloud Controls Matrix
Cloud Controls Matrix
A framework of nearly 100 distinct control specifications
Version 1.0 was released in April 2010, version 3.0.1 in July 2014
The CSA Cloud Controls Matrix emphasizes business information ___ in a form that provides ___and ___ for matching information security to cloud industry needs
security controls
structure
detail
Security is Often Ineffective (software perspective)
Software development practices are typically neither rigorous nor focused on engineering principles and verification
Software development often tends toward initial releases that saddle users or administrators with bugs and vulnerabilities followed by patching
- The result is that security is often an afterthought
Software frameworks and functionality scaffolding have grown huge
Installation and configuration of software is usually not performed following a rigorous and defined process that brings identical results
Discovery of new vulnerabilities extends over time to include even older and mature software
cost effective and secure cloud demands ___, ___, and ___in system and infrastructure management
reliability
maturity
agility
Where ___ are used to manage vulnerabilities, it is important that this be done without introducing new vulnerabilities
compensating controls
Implementing compensating security controls around poorly designed applications or systems only adds greater complexity
Good security exhibits several qualities, including ___
simplicity
A goal for cloud security is ease of use and adoption of security controls
Risk is viewed in terms of the ___that ___would exploit ___and compromise the value of information assets
probability
threats
vulnerabilities
Security must be ___by exposing and mitigating new vulnerabilities
continually improved
Exploits tend to take advantage of ___that otherwise do not cause issues
borderline circumstances
____is a key strategy and a best practice for cloud computing security
Monitoring
The scope of a policy will vary according to the type of cloud
There will be some overlap between SaaS, PaaS, and IaaS policies, but largely these will become increasingly ___moving from SaaS to IaaS
broader
It is a best practice for a cloud provider and for cloud consumer organizations to create and define a clear ___for cloud security
policy
Policies should be updated as needed, and they should be supplemented by the use of ___, ___, and related ___that enable implementation of policy
standards
procedures
guidelines
___ is a core goal for cloud computing security
Risk management
The objectives of risk management best practices are to ___, ___, and ___security risks in a cloud initiative
assess
address
reduce
Among the considerations for residual risk are not only actual damages but also damages to the organization’s ___or ___
brand
reputation
A best practice for risk management is to begin with an understanding and assessment of the ___ and orient the selection of ___along with appropriate security practices and procedures toward managing risks
risks (risk analysis) security controls (security life cycle framework)
It is a best practice to implement a configuration and change management process that can:
govern proposed changes
identify possible security consequences
provide assurance that the current operational system is correct in version and configuration
The relationship between configuration management and ___ procedures is often neglected in commercial implementations
security control
The root cause of older and vulnerable configurations making their way back into production is typically a process failure in ___ or ___
configuration management (CM) change control (CC)
Systems are simply too large and too complex for purely manual processes in ___ and ___ to support ongoing security evaluation of the various changes that an operational system is subject to
configuration management (CM) change control (CC)
Audit best practices include
Following a regular schedule in using tools, like Nessus, to identify newly exposed vulnerabilities, configuration issues, weak passwords and to perform patch level verification
Periodically reviewing the security controls that are in place, and assessing their effectiveness with respect to current or anticipated risks
Using automated tools and manual procedures to verify policy compliance
Periodic use of an independent penetration testing service to determine if the system can withstand representative exploits
Reviewing system logs on a periodic basis to verify the correct operation of security monitoring
Auditing seeks to verify ___, review the effectiveness of ___, and validate security ___
compliance
controls
processes
Auditing in PaaS
For PaaS the adoption of such tools is MORE PROBLEMATIC as tenants have less control
Auditing in IaaS and PaaS
should be performed by CSP or even tenants
The objectives of vulnerability scanning are
Catalog all components so that the resulting list can be used to verify configuration management data
Identify any new vulnerabilities, and identify risky services
In general, there are two classes of scanning
Performed from the outside of a machine
A more thorough scan requires that the scanner authenticate to the target to take a complete inventory of the system from the inside
The use of a database to store___ makes these immediately available to auditors and automated tools for compliance and other tasks
vulnerability scan results
It is a best practice to limit___ to the smallest set necessary for the users to perform their work
user privileges
In the cloud, the ___ is already partially implemented by the nature of the model itself
segregation of duties
Requests for changes by the cloud provider will go through a configuration management process where they will be vetted by all the major business functions, security included
Depending on the cloud deployment model, the tenant will have a varying degree of responsibility for and control over configuration changes
Highly sensitive functions should entail a ___ to assure that these functions are properly invoked
two-person rule
The ___ is focused on best practices for building clouds
Cloud Computing Use Case Discussion Group
NIST’s Consumer Best Practices
Selecting a CSP based on how their overall security compares to current practices
Selecting a CSP based on their willingness to offer transparency into key security practices, including risk assessment and incident response
NIST’s Providers Best Practices
Providing network isolation between infrastructure control traffic and user traffic
Using a CMDB
Using integrity checking software to detect unauthorized changes
Implementing scalable and robust Identity Management
Using security as a form of competitive differentiation
It is a best practice to automate the collection of security events from all security-relevant network devices, servers, and applications
These events should be
1. ___
2.___
archived in raw form to preserve a legal record of all security-relevant activity
assessed via automated means to detect situations warranting alerts
Security Feedback
At a high level we seek to provide a feedback loop for the system
In security monitoring, security feedback is based on three sets of information
Knowledge about the infrastructure
- CMDB
Event data
- Output
Security rules
- Used to assess the event data
Security monitoring has several important purposes for CSPs and tenants
Threat Detection Verification of Security Controls Exposure of Bugs Legal Record of Activity Enabling Forensics
The sheer amount of raw security event data that is generated in even a small cloud infrastructure demands that the collection, handling, analysis, and storage of data be ___
efficient
Security-relevant data can be generated at ___
every level of a cloud infrastructure
Event Stream
Generation of Security Events
Collection of Security Events
Correlation and Analysis Strategies
Event Stream - Generation of Security Events
Security-relevant data can be generated at every level of a cloud infrastructure
All modern OSs are capable of generating security event data
Event Stream - Collection of Security Events
Many tools are available to collect, forward, and manage security events, but syslog is the most common
Event Stream - Correlation and Analysis Strategies
Having generated and collected events, we now seek to make sense of them through a variety of techniques, such as attack signatures
In other words, the security around monitoring must __or __that of the system and its data
meet
exceed
It is a best practice in cloud security to assure the security of ___and the integrity and availability of the ___
monitoring
event stream
Cloud providers can be expected to offer broader and richer security ___and ___capabilities for their tenants
monitoring
alerting
