Cloud Computing Security Quiz

Questions and Answers

What is one characteristic of cloud computing?

High costs

Scalability (correct)

Inflexibility

Physical hardware dependency

All firewalls and gateways provide complete protection against intrusions.

False

What is the primary function of an intrusion detection system?

To monitor and identify potential security breaches.

A ______ is used to manage multiple virtual machines on a single physical server.

hypervisor

Match the following cloud deployment models with their descriptions:

Public Cloud = Resources shared across multiple organizations Private Cloud = Resources dedicated to a single organization Hybrid Cloud = Combination of public and private clouds Community Cloud = Resources shared among a specific community of users

What is the primary function of a Load Balancer in cloud computing?

To distribute workloads across multiple resources

Automated Scaling Listener can help in managing traffic in cloud computing environments.

True

What is the purpose of Failover Mechanisms in cloud computing?

To provide backup systems in case of failures.

Cloud Usage Monitor is used to track ______ in cloud services.

resource usage

Match the following security mechanisms with their descriptions:

Firewalls = Controls incoming and outgoing network traffic Encryption = Secures data by converting it into a code Authentication = Verifies the identity of users Access Control = Defines who can access specific resources

What does symmetric key cryptography primarily use for encryption and decryption?

The same key for both encryption and decryption

Public key cryptography uses the same key for both encryption and decryption.

False

What is the main purpose of network security?

To protect networks and data from unauthorized access and attacks.

The _______ algorithm is widely known for its role in secure data transmission using asymmetric key cryptography.

RSA

Match the following types of encryption with their descriptions:

Symmetric Key Cryptography = Uses the same key for encryption and decryption Public Key Cryptography = Uses a pair of keys for encryption and decryption Block Cipher = Encrypts data in fixed-size blocks Stream Cipher = Encrypts data one bit at a time

Which protocol is primarily used for sending email?

SMTP

Local DNS servers are responsible for caching DNS information.

True

What service do authoritative DNS servers provide?

They provide definitive answers to queries about domain names.

The message type used by a manager to request data from an SNMP agent is called a ______.

GetRequest

Match the following protocols with their primary functions:

SMTP = Sending email IMAP = Retrieving email DNS = Translating domain names to IP addresses SNMP = Network management

Which component is NOT a part of DNS?

Mail transfer agents

DNS records are only used for email services.

False

Name a service provided by DNS.

Translating domain names to IP addresses.

What is the purpose of a Trap message in SNMP?

To inform the manager of exceptional events

InformRequest is used by the manager to inform a remote entity of MIB values accessible to it.

True

What is the main function of the Response message in SNMP?

To provide the value in response to a Request.

The protocol that allows for managing network devices through a set of defined operations is known as ______.

NETCONF

Match the following SNMP messages with their purposes:

GetBulkRequest = Retrieve multiple values from the agent SetRequest = Change the value of a specific MIB variable Response = Reply with the requested value Trap = Notify the manager of an event

Which of the following is not a function of the network layer?

Setting MIB values

The IP Datagram format is consistent across different versions of IP.

False

What does YANG stand for in network management?

Yet Another Next Generation

Which of the following is NOT a property of RSA?

It provides message integrity.

A cryptographic hash function is designed to be a one-way function.

True

What does MAC stand for in the context of message authentication?

Message Authentication Code

In the context of TLS, the _______ phase is used to establish a secure connection.

handshake

Match the following cryptographic functions with their descriptions:

Digital Signatures = Provides non-repudiation Message Authentication Code (MAC) = Ensures message integrity Cryptographic Hash Function = Produces a fixed-size output Public Key Infrastructure (PKI) = Manages digital certificates

What is a key feature of Pretty Good Privacy (PGP)?

It provides email encryption and digital signatures.

Transport-layer Security (TLS) ensures confidentiality and integrity of transmitted data.

True

What is the primary purpose of a Digital Signature?

To verify the authenticity and integrity of a message.

Study Notes

E-mail

• Three major components: user agents, mail servers, simple mail transfer protocol (SMTP)
• User Agent (e.g., Outlook, iPhone mail client): composing, editing, reading mail messages; outgoing and incoming messages stored on server
• Mail servers: mailbox contains incoming messages for user; message queue of outgoing mail messages; SMTP protocol between mail servers to send email messages
• SMTP RFC (5321): uses TCP to reliably transfer email from client (mail server) to server, port 25; three phases of transfer (SMTP handshaking, transfer of messages, closure); command/response interaction (like HTTP)
• Scenario example: Alice sends email to Bob (step-by-step process showing message transfer via SMTP)

SMTP: Observations

• Comparison with HTTP: HTTP is client-pull, SMTP is client-push

Mail Message Format

• SMTP: protocol for exchanging email messages (defined in RFC 5321)
• RFC 2822 defines email message syntax (like HTML defines web document syntax)
• Header lines (e.g., To:, From:, Subject:) and email body (ASCII characters only)

Retrieving Email: Mail Access Protocols

• IMAP (Internet Mail Access Protocol, RFC 3501): stores messages on server for retrieval (e.g., Gmail, Hotmail, Yahoo); provides retrieval, deletion, folders
• HTTP (e.g., Gmail, Hotmail, Yahoo!): web-based interfaces on top of SMTP for sending and IMAP for retrieving emails

Domain Name System (DNS)

• Distributed database implemented in a hierarchy of many name servers
• Service that almost all other applications depend upon
• Application-layer protocol: hosts and DNS servers communicate to resolve names
• DNS runs over UDP protocol, using UDP port 53
• Translates host names into host addresses (Name Space)
• DNS services (hostname-to-IP-address translation, host aliasing, mail server aliasing, load distribution)
• DNS structure (DNS services; reasons why DNS can't be centralized)

DNS: services, structure

• Hostname-to-IP-address translation
• Host aliasing
• Mail server aliasing
• Load distribution
• Purpose of DNS (centralized; traffic volume; maintenance)

DNS: root name servers

• Crucial "contact of last resort" for name resolution
• Manages root DNS domain
• Managed by ICANN (Internet Corporation for Assigned Names and Numbers)
• 13 logical root servers worldwide; replicated many times

Top-Level Domain (TLD) and authoritative servers

• Responsible for top-level domains (e.g., .com, .org, .net, .edu)
• Organizations maintain their authoritative DNS servers
• Mapping domain names to IP addresses

Local DNS Name Servers

• When a host makes a DNS query, it's sent to its local DNS server
• Local DNS server returns a reply, possibly using cache of recent name-to-address mappings or forwarding.
• Each ISP has its own local DNS server.

DNS Name Resolution

• Iterated query: Server contacted replies with name of server to contact
• Recursive query: Burden on contacted server to resolve name

Caching DNS Information

• Caching improves response time by caching DNS mappings
• Cache entries timeout (TTL)
• Cached entries may be out-of-date

DNS records

• RR (Resource Record) format: (name, value, type, ttl)
• type=A: name is hostname, value is IP address
• type=NS: name is hostname, value is IP address of authoritative nameserver

DNS Security

• DDoS attacks (bombarding root servers with traffic)
• Spoofing attacks (intercepting DNS queries with bogus replies)

Network Management

• Components of network management (managed device, data, network management protocol)
• Network management approaches (command line interface (CLI), SNMP, NETCONF/YANG)
• SNMP protocol: message types (GetRequest, GetNextRequest, GetBulkRequest, SetRequest, InformRequest, Response)

Remote Procedure Call (RPC)

• RPC is a mechanism, not a protocol; for structuring distributed systems
• Network properties and architectures can vary across computing systems
• Two components: (a) Protocol for message exchange; (b) Programming Language and Compiler Support to enable packaging of arguments (and return values).

RPC Implementations

• SunRPC, IETF ONC RPC, DCE-RPC, CORBA, MS DCOM, ActiveX, gRPC

NETCONF

• goal: actively manage/configure devices network-wide
• Operates between managing server and managed network devices
• Actions: retrieve, set, modify, activate configurations
• Atomic-commit actions over multiple devices
• Query operational data and statistics
• Subscribe to notifications from devices
• Remote procedure call paradigm, using RPC
• NETCONF protocol messages encoded in XML; uses reliable transports (e.g., TLS)
• NETCONF commands such as , , , , , and

YANG

• Modeling language for representing configuration and Operational State data
• Unifies transport layer protocols, carrying structured data, not raw.

Network Layer

• Forwarding: Move packets from router input to appropriate output
• Routing: Determine packets route from source to destination Methods: Per-router Control (traditional); Logically centralized control (software-defined networks)

IP Datagram Format

• IP Protocol version number
• Header length (bytes)
• Type of service
• Time to live
• Protocol (upper layer such as TCP orUDP)
• Source IP Address
• Destination IP Address

IPv6: Motivation

• 32-bit address space allocation limit (IPv4)
• Improve forwarding/processing speeds (fixed-length 40-byte header)
• Enable network-layer treatment of "flows"

IP Addressing: Introduction

• 32-bit identifier associated with each host/router interface
• Connection between host/router and physical link
• Routers typically have multiple interfaces
• Hosts typically one or two interfaces

DHCP: Dynamic Host Configuration Protocol

• Host dynamically obtains IP address from network server
• Renews address lease

DHCP Client-Server Scenario

• Step-by-step description of DHCP process for a client obtaining IP address information

Generalized Forwarding

Review of match-plus-action forwarding; destination-based vs generalized forwarding; forwarding table entries

OpenFlow examples

• Destination-based forwarding example
• Block (drop) arriving datagrams destined to a specific TCP/UDP port
• Other examples of switch actions based on source or destination IP and/or port number; layer 2 forwarding

Orchestrated forwarding: Summary

• "Match plus Action" abstraction.
• Local actions (e.g. Drop, Forward, Modify)
• "Program" network-wide behavior
• Programmable per-packet processing (simple form of network programmability)

Software-Defined Networking (SDN)

• A network layer: historically implemented with distributed, per-router control Models: monolithic router (hardware), separate Control and data planes

Network Security

• Main goals: confidentiality, authentication, message integrity.
• Tasks in designing a security service
• Cryptanalysis
• Types of security attacks: eavesdropping, impersonation, hijacking, denial-of-service.
• Cryptography: Techniques for disguised data
• Confidentiality, Integrity, Nonrepudiation and Availability.

Cryptographic Hash Functions (Hash Functions)

• Algorithm for computationally infeasible to find (1) an object mapping to predefined hash/digest result; (2) two objects in mapping to any same hash result
• Cryptographic hash functions (e.g.: MD5; SHA): produce fixed-length digests
• Commonly used properties of hash functions.

Message Authentication Code (MAC)

• Alice creates a message m and calculates H(m)
• Append H(m) to message (m, H(m)), sent to Bob ○ Bob calculates H(m) and checks if it's the same as received H(m). if it is, it is valid
• Requires shared secret s (Authentication Key) ○ MAC = H(m+s) (append MAC to message) ○ Bob receives (m, h). Computes H(m+s). Valid if they are equal.

Digital signatures

• authentication, creating a verifiable, nonforgeable code

Public Key Cryptography

• Diffie-Hellman (DH), RSA
• Public-key algorithms and mathematical functions

RSA Algorithm

• Getting ready: mapping messages to integers
• Generating public/private keys ○ choose primes P and Q ○ compute n = pq, z= (p-1)(q-1) ○ choose e that is relatively prime to z ○ choose d such that (ed-1) exactly divisible by Z (in other words: ed mod z = 1).
• Encryption/decryption steps (m < n):
• c = me mod n
• m = cd mod n

Comparison of MAC and digital signatures

• MAC: Does not use public/private key encryption
• Digital signatures: Does use public/private key encryption (two-steps)

Certification Authorities (CAs)

• Bind public keys to particular entities (person, website, etc.) ○ Proof of identity
• Certifies E's public key; digitally signs it
• Standards for CAs (ITU X.509)

IP Security (IPsec)

• Used to protect datagrams across networks
• Security Associations (SA), which define security parameters • Two modes (transport; tunnel) • Protocols: Authentication Header (AH); Encapsulation Security Protocol (ESP)

IKE: Internet Key Exchange

• Key management procedure for IPsec • Manual vs automatic; key establishment • PSK(pre-shared keys) and PKI (public/private key infrastructure) for authentication

Firewalls

• Devices to isolate intranets from larger Internet
• Forms of firewalls (stateless, stateful)
• Access Control Lists (ACLs)
• Intrusion Detection Systems (IDS)

Cloud Computing

• Services delivered remotely and on demand, e.g.: Amazon Web Services (AWS) and Elastic Compute Cloud (EC2) Services; Google App Engine, and Google Apps
• Business drivers (cost reduction, agility, technological innovation)
• Technology innovations (clustering, grid computing, virtualization, containerization)
• Characteristics of cloud computing (demand usage, ubiquitous access)
• Cloud delivery models (IaaS, PaaS, SaaS)
• Cloud deployment models(public, private, hybrid, multicloud)
• Cloud infrastructure mechanisms (virtual servers, containers, hypervisors and related components)
• Cloud usage monitor, automatic scaling listener, failover and other mechanisms

Container Orchestration

• Automated deployment, scaling and management of containerized application
• Key components (Container Runtime, Api Server, Scheduler, Controller Manager, Distributed Key - Value Store, Networking, Storage)

Description

Test your knowledge on cloud computing security concepts, including intrusion detection systems, load balancers, and cryptography. This quiz covers various topics related to cloud deployment models and security mechanisms, challenging your understanding of their functions and purposes.