Cloud Computing Standards and Security

Questions and Answers

What is the primary purpose of cloud computing?

• To exclusively use local servers for data processing.
• To enhance the processing capabilities of personal computers only.
• To utilize remote servers hosted on the Internet for storing, managing, and processing data (correct)
• To restrict access to data from multiple locations.

Which of the following is a key characteristic of a Distributed Denial of Service (DDoS) attack?

• It is a simple security measure typically installed on personal computers.
• It relies on a single compromised system to flood a network.
• It is often carried out using a network of comprised systems, sometimes known as Zombie systems. (correct)
• It primarily targets the physical hardware of a server.

Why are connection-oriented protocols like TCP often used in Distributed Denial of Service (DDoS) attacks?

• They are not typically used in DDoS attacks.
• They are less expensive and cause less damage compared to other protocols.
• They are more expensive and can cause more damage through sockets and connections. (correct)
• They are easier to trace and block.

What is a common solution for mitigating Distributed Denial of Service (DDoS) attacks?

Implementing firewalls with Deep Packet Inspection and an effective network design, such as DMZs. (A)

Which of the following best describes the purpose of obfuscation in cloud computing security?

To semantically preserve the transformation of a data payload in a way that hides the extraction of information. (C)

Which of the following is an example of an obfuscation tool mentioned?

Oxyry (A)

What is the primary function of a Virtual Private Network (VPN)?

To provide a simulation of a private network over a public network, granting access to authorized users. (A)

Which security method is used by VPNs to ensure data privacy?

Limited-access IP Tunnel and Encryption of data within the VPN network (C)

What is a key function of a DMZ (Demilitarized Zone) in network security?

To separate a section of the network that is accessible from the outside, providing a layer of security. (B)

Which types of servers are commonly located in a DMZ?

Web servers, email servers, and FTP servers. (C)

Why is it essential to disable unneeded ports and services on a cloud server??

To reduce the attack surface and potential vulnerabilities. (B)

When configuring firewall rules, what is the best practice regarding incoming traffic?

Only allow required ports and IPs for incoming traffic. (C)

What does the netstat command primarily help with in cloud computing security?

Checking and verifying port settings and active network connections. (B)

In the context of cloud security standards, what does 'least privilege' refer to?

Granting users only the minimum level of access necessary to perform their job functions. (A)

Why is multi-factor authentication (MFA) an important security measure for cloud environments?

It provides an extra layer of security beyond just a password. (C)

What is the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) in cloud security?

To monitor network traffic for suspicious activity and automatically take preventative actions. (B)

What is the significance of regular security audits in maintaining cloud security?

They provide a snapshot of the current security posture and identify areas for improvement. (D)

What is the purpose of data encryption at rest in cloud storage?

To protect data from unauthorized access if the storage medium is compromised. (D)

What is a 'zombie system' in the context of DDoS attacks?

A comprised system used to carry out the attack. (A)

What is the role of a firewall in cloud security, particularly concerning Deep Packet Inspection (DPI)?

To analyze the data part of network packets for malicious code or policy violations. (D)

Flashcards

Cloud Computing

Using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.

Distributed Denial of Service (DDoS)

A sophisticated security attack carried out using several compromised systems (known as Zombie systems) through Connection-oriented protocols (TCP).

Obfuscation

Methods used to semantically preserve transformation of a data payload into such a form that hides extraction of information from the data.

DMZ (Demilitarized Zone)

A virtual or physical connection that separates a section of network which is accessible from outside.

Virtual Private Network (VPN)

Simulation of a private network over a public network (Internet) where specific users are granted access.

Restrict Port Access

Allowing only required ports for incoming traffic helps improve security by limiting potential access points for malicious attacks.

Netstat

Used to check and verify port settings and network connections.

Code Obfuscation

Technique where code is transformed into a semantically equivalent form that is more difficult for humans to understand.

Single Firewall

Network configuration using one firewall to separate the internal LAN from the DMZ and the external network.

Dual Firewall

Network configuration with two firewalls creating a perimeter network.

Study Notes

• Cloud computing involves using a network of remote servers hosted on the Internet to store, manage, and process data, instead of using a local server or a personal computer.

Course Learning Objectives

• Discuss cloud computing standards, security, the business in cloud computing and methods of planning for cloud integration.

Cloud Computing Standards and Security

• Focuses on cloud computing standards and security

Distributed Denial of Service (DDoS)

• DDoS is a sophisticated security attack.
• It uses several comprised systems, known as Zombie systems.
• DDoS attacks are often carried out through Connection-oriented protocols (TCP), that can cause significant damage through sockets and connections.
• Firewalls can be used as a solution with Deep Packet Inspection and effective network designs (DMZs, layered network).

Obfuscation

• It involves methods used to semantically preserve transformation of a data payload.
• It hides extraction of information from the data.
• Oxyry, PyMinify, and Opy are examples of obfuscation techniques

Virtual Private Network (VPN)

• It is a simulation of a private network over a public network.
• It grants users access to specific resources.
• VPNs use limited-access IP Tunnels to only allow IPs and authorized users.
• Security also relies on encryption of data within the VPN.

Single vs Dual Firewall

• Presents a comparison between using a single firewall versus a dual firewall setup for network security.

DMZ (Demilitarized Zone)

• DMZ is a virtual or physical connection.
• It separates a section of a network accessible from the outside, enhancing security.
• DMZs are mainly used for: Web servers, Email servers, FTP servers, VoIP servers, and Game Servers

Disabling Unneeded Ports and Services

• Securing involves allowing only required ports and IPs for incoming traffic.

Checking and Verifying Port Settings

• Netstat tool is used to check and verify port settings for network connections.

Cloud Security Best Practices

• A step-by-step guide is available at https://www.mcafee.com/enterprise/en-ca/security-awareness/cloud/cloud-security-best-practices.html

How Does DDOS Work

• Information can be reviewed at : https://www.cloudflare.com/en-ca/learning/ddos/what-is-a-ddos-attack/ and https://blog.cloudflare.com/ddos-attack-trends-for-2021-q3/