Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 03_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
Tags
Related
- Nutanix Basics - Products and Platforms PDF
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 04_ocred_fax_ocred.pdf
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 05_ocred_fax_ocred.pdf
- Cloud Computing MCQ Questions PDF
- System Administration - Servers (PDF)
- Implementing Host and Software Security PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Virtual Desktop Infrastructure (VDI) Q Virtual desktop infrastructure (VDI)...
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Virtual Desktop Infrastructure (VDI) Q Virtual desktop infrastructure (VDI) is a virtualization solution in which the desktop OSes of an organization are provisioned and operated at a data center, and images with virtual desktop resources are sent to the end devices O The connections to the virtual desktops from the clients are initiated through a specialized device/software known ‘4' as a connection broker Laptop E............... Virtual Desktop Instances ——\ : - LIL 1L mndiemfl......................... L gy I [ I | Connection Broker Software Mobile Phone IRGEH.........ceeenne. } Hypervisor Virtual Desktop Infrastructure (VDI) Virtual desktop infrastructure (VDI) is a virtualization solution in which the desktop operating systems of an organization are provisioned and operated in a data center and images with the virtual desktop resources are sent to the end nodes. The end node can be a laptop, mobile device, thin client, or traditional PC. VDI helps users connect with a virtual OS and applications in a flexible manner, and it provides an experience similar to the experience of operating within the local environment. If employees work from remote locations and are suffering from a weak signal or the lack of a hardwired Internet connection, the use of VDI in devices acting as thin clients is more feasible for remote data access. Upon turning on the thin client, it loads and runs minimal code to initialize the peripherals and enable clients to sign in to the virtual instances on the organization’s server. These thin clients should determine the valid image and use effective authentication methods for secure connections. The connections to virtual desktops from clients are initiated through a specialized device/software known as a connection broker. VDI can also be used as a security solution for addressing various threats that arise from policies such as BYOD, and it further prevents sensitive data from being stored in the endpoint device. Module 10 Page 1251 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Laptop D : Virtual Desktop Instances Thin client Connection Broker Software Mobile Phone Hypervisor Figure 10.4: Virtual desktop infrastructure (VDI) Virtual desktops can be deployed in persistent and non-persistent ways. = Persistent VDI: In this type of VDI, the user receives a prearranged permanent VDI resource at each sign in. This type of instances has a 1:1 ratio of users to images, which implies that every user holds their own image. * Non-persistent VDI: In this type of VDI, a new image is generated at each sign in. This type of instances has a many:1 ratio of users to images, which implies multiple users can share a single image. Although VDI enables users to simplify their work and secure the organization’s data, it has various security risks. Attackers can target the endpoint devices and infect them with malware by leveraging third-party applications or software to access the organization’s sensitive data. As clients cannot perform local processing in VDI, network or server failures can increase the service outage time. Module 10 Page 1252 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing OS Virtualization Security and Concerns Copyright © by EC AL All Rights Reserved. Reproductions Strictly Prohibited. OS Virtualization Security and Concerns In OS virtualization, the host operating system’s kernel is virtually replicated in multiple instances of isolated user space, called containers, software containers, or virtualization engines, thereby lending (virtualized) operating system functionality to each container. A container is widely used for encapsulating an application and its dependencies in its own environment and runs in isolation from other containers and applications while utilizing the same resources and operating system. This section discusses vulnerabilities, attacks and security challenges associated with containers. The section also explains vulnerabilities, attacks and security challenges associated with Docker and Kubernetes, which are widely used for developing, packaging, running, and managing applications and all their dependencies in the form of containers. This section also discusses serverless computing concepts along with best practices for serverless security. Module 10 Page 1253 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Container Q Virtualization based on an operating system, in which the kernel’s operating system functionality is replicated on multiple instances of isolated user space, called containers, software containers or virtualization engines O Containers as a service (Caa$S) includes the virtualization of containers and container management through orchestrators Q Using Caas, subscribers can develop rich, scalable containerized applications through the cloud or on-site data centers Contai Ozxchestrati Container Engine Container Orchestration s P Software = Managed environment for = An automated process of * O deploying containerized managing the lifecycles of applications software containers and DockerSwarm OPENSHIFT Kubernetes their dynamic environment Copyright © by EC-Council All Rights Reserved. Reproductionis Strictly Prohibited Container Containers (also called software containers or virtualization engines) refer to virtualization based on an operating system, in which the kernel’s operating system functionality is replicated on multiple instances of isolated user space. This can be used, for example, in a virtual hosting environment that requires segmentation of the physical resources among multiple users to enable each user to have their own virtual space. Containers help to manage the users and their respective resources, while keeping them isolated. The containers, are monitored and managed by the administrator having full admin rights to all the containers. Many virtualization problems are effectively resolved with containerization. In containerization, although each user space instance runs in isolation, resources are not wasted since the actual operating system runs independently of the containers. A container encapsulates an application and its dependencies in its own environment while utilizing the same resources and operating system as other containers. Compared to VMs, each container image is more easily migrated and shared because of their smaller sizes. As only one operating system is involved, a container can be easily maintained. Containers also minimize hardware costs since multiple applications run on the same hardware, increasing the utilization of the hardware. The following are some services and technologies that can be used to deploy and manage containers. = Containers as a service (CaaS): This refers to services that enable the deployment of containers and container management through orchestrators. Using CaaS, subscribers can develop rich, scalable containerized applications through the cloud or on-site data centers. Module 10 Page 1254 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing = Container Engine: A container engine can be used to create, add, and remove containers as per requirements. It manages the environment for deploying containerized applications. = Container Orchestration: This refers to an automated process of managing the lifecycles of software containers and their dynamic environment. Currently available open-source container orchestrators are Kubernetes and Docker Swarm, and a commercial container orchestrator is OpenShift by Red Hat. Module 10 Page 1255 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Container Technology Architecture P A ’ Ha A Admin EHi6 Admin : , Containers Developer ™.. P...... > TR | e e; Plodink]. A v o Hostwith Containers Developer - o Internal. Testing and Registry H :‘r........ : Accreditation HIOD 2 G § a. Systems : Host with é H External r' : Orchestrator ~ “** > Containers NN |ryyyy TTTTTYERR : Registry L Developer Image Creation, Testing and Deploy and M. of ' Accreditation ‘ { Storage and Retrieval of Image ‘ ’ Container ‘ Copyright © by EC IL All Rights Reserved. Reproduction is Strictly Prohibited. Container Technology Architecture Container technology architecture comprises the following five tiers: = The developer creates the images and sends them for testing and accreditation. = The testing and accreditation systems validate, verify, and sign the images and send them to the registry. = Atregistries, the images are stored and distributed upon request from an orchestrator. = At orchestrators, the images are converted into containers and deployed to the hosts. = The host runs and stops the containers on the direction of the orchestrator. M é.............. %....... ) e A Admin A Admin Containers Developer H é : : - T.............. ;--n-.l) o].....-u---.----.....)[****"l."""". v 5 v E Host with Containers Developer = Internal : : : Testing and Registry w....... Accreditation FEEEED 2 & % : tfl H Systems : : Host with i‘é External r‘ Orchestrator b o Containers P— 0 ¢ 000 ossoeree H Registry E """"" d Developer Image Creation, Testing and ’ , Depl and Manag 1t of ‘ [ YR LR Storage and Retrieval of Image ‘ = e Figure 10.5: Container technology architecture Module 10 Page 1256 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
