Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 10_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCREd
Tags
Related
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 04_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 07_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 08_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 07_ocred_fax_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 11_ocred_fax_ocred.pdf
- Cloud Security PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing On-premise vs. Third...
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing On-premise vs. Third Party Security Controls Provided by Major CSPs Firewall and ACLs 1PS/IDS Third Party Only Third Party Only Third Party Only Third Party Only Web Application Firewall Application Gateway Cloud Armor Oracle Dyn WAF Cloud Internet Services (WAF) AWS Firewall Manager AWS Security Hub Advanced Log Analytics Stackdriver Monitoring Oracle Security Monitering and 18M Log Analysis SIEM Log Analytics Amazon GuardDuty Azure Monitor Stackdriver Logging Analytics Cloud Activity Tracker Microsoft Antimalware/ Antimalware Third Party Only Azure Security Center Third Party Only Third Party Only Third Party Only Privileged Access Management Azure AD Privileged Identity Third Party Only Management Third Party Only Third Party Only Third Party Only (PAM) Data Loss Prevention (OLP) Amazon Macie Information Protection (AIP) Cloud Data Loss Prevention API Third Party Only Third Party Only Amazon Inspector Security Vulnerability Cloud Security Advisor Vulnerability Assessment Azure Security Center Cloud Security Scanner AWS Trusted Advisor Assessment Service Vulnerability Advisor Office Advanced Threat Various controls embedded in Email Protection Third Party Only Protection G-Suite Third Party Only Third Party Only SSL Decryption Elastic Load HTTPS Load Balancing Third Party Only Cloud Load Balancer Reverse Proxy VPC Customer Gateway Virtual Network Dynamic Routing Gateway IPSec VPN VPN Google VPN AWS Transit Gateway SSTP (DRG) Secure Gateway Key Management Service Cloud Key Management Cloud Infrastructure Key Key Management Key Vault Key Protect Cloud Security (KMS) Service Management On-premise vs. Third Party Security Controls Provided by Major CSPs (Cont’d) Built-in DDoS defense Built-in DDOS defense Cloud Internet Services Oracle Cloud Infrastructure Cloud IAM Azure Active Directory IAM APPID Oracle Cloud Infrastructure AWS MFA Azure Active Directory Security Key Enforcement App 1D IAM VPC Flow Logs Oracle Cloud h/S3 Bucket Azure Audit Logs Access pa fi ture Audit Log Analysis with LogDNA Elastic Load Cloud Load Balancing Cloud Infrastructure Load Load Balancer Azure Load Balancer Cloud Load Balancer Balancer/CloudFront HTTPS Load Balancing Balancing LAN Virtual Private Cloud (VPC) Virtual Network VPC Network Virtual Cloud Network (VCN) VIANS WAN Direct Connect ExpressRoute/MPLS Dedicated interconnects FastConnect Direct Link Endpoint Protection Third Party Only Microsoft Defender ATP Third Party Only Third Party Only Third Party Only Certificate Management AWS Certificate Manager Third Party Only Third Party Only Third Party Only Certificate Manager Amazon EC2 Container Service Azure Container Service Container Security Kubernetes Engine Oracle Container Services Containers-Trusted Compute (ECS) (ACS) Governance Risk and AWS CloudTrail Cloud Security Command Compliance Monitoring AWS Compliance Center Azure Policy Center Third Party Only Third Party Only AWS Backup Azure Backup Object Versioning Backup and Recovery Archive Storage 18M Cloud Backup Amazon 3 Glacier Azure Site Recovery Cloud Storage Nearline On-premise vs. Third Party Security Controls Provided by Major CSPs On-premise security controls are provided by cloud platforms to ensure reliable customer service. Generally, third-party tools are required to secure the cloud infrastructure in terms of the security controls that are not provided by the CSP. Before taking any technology decisions, organizations should review their requirements and the existing tools provided by each CSP based on a self-check or requirement-driven approach. Module 10 Page 1384 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing For example, = How many security tools are currently required in the organization? = What risks can the security tools reduce/address? = Rationalize the existing security vendors and tools. Matching the requirements with the solutions offered by the cloud vendor can help in making an effective technology decision regarding the selection of cloud provider. Additionally, it should be ensured that the third-party products can be integrated with the cloud platform. The security system should combine the third-party controls with the security controls provided by the CSP. ON-PREMISE AWS AZURE GOOGLE ORACLE IBM... Cloud. Security Groups Network Security Cloud Armor VCN Security. Firewall and ACLs.. Security AWS Network ACLs | Groups (NSGs) VPC Firewall Lists G roups Third P IPS/IDS Third Party Only Third Party Only Third Party Only Third Party Only Or:lry arty e AWS WAF Cloud ieh Appscation AWS Fi Il Application Gatewa Cloud Armor Oracle Dyn WAF | Internet Firewall (WAF) WS Firewa PP v ¥. Manager Services Advanced Lo Stackdriver : IBM Log. AWS Security Hub. 8 Monitoring Oracle Security Analysis SIEM Log Analytics A GuardD Analytics Stackdri Monitoring and Cloud Activi mazon GuardDuty Azure Monitor tac. river Analytics oud Activity Logging Tracker Microsoft Third Part Antimalware Third Party Only Antimalware/ Third Party Only Third Party Only Onllry arty Azure Security Center Privileged Access -. Management Third Party Only Azurg AD Privileged Third Party Only Third Party Only Third Party Identity Management Only (PAM) Data Loss. Information Cloud Data Loss. Third Party M Th I Prevention (DLP) ASRERON MERCH Protection (AIP) Prevention API NG Pty Oty Only ] Cloud vl bilit Amazon Inspector Cloud S it \S/ecluntyb'l't Security ulnerability. oud Security ulnerability Advisor Assessment ::VS Trusted SIS SeciRy Ceiter Scanner Assessment | bil visor Service Vu r?era ility Advisor. Various controls. Email Protection Third Party Only Office Advance:d embedded in G- Third Party Only Aiked Pty Threat Protection. Only Suite SSL Decryption yp lasti Load Elastic Application Gateway HTT! P S.Load Third Party Only Cloud Load Reverse Proxy Balancer Balancing Balancer VPC Customer Virtual Network Dyna.mic IPSec VPN VPN Gateway AWS Google VPN Routing Secure Transit Gateway SSTP Gateway (DRG) Gateway Module 10 Page 1385 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Cloud Key Management Cloud Key Infrastructure Ny FrOtec Key Management. Key Vault Management Cloud Service (KMS). Key. Service Security Management. Cloud Hyper Protect.. Storage Encryption Part of Google Encryption At Rest | Elastic Block Storage for Data at Rest Cloud Platform Infrastructure Cryp.to Block Volume Services T Cloud DDoS AWS Shield Built-in DDoS defense | Cloud Armor B BiDoS Internet defense. Services : Oracle Cloud i Cloud Identit Cloud IAM 1AM 1AM A?ure At Y Infrastructure Directory Cloud IAM APPID IAM.. Oracle Cloud A A ty K MFA AWS MFA.zure e SRRy Koy Infrastructure App ID Directory Enforcement IAM. VPC Flow Logs Oracle Cloud. Centralized CloudWatch/S3 Azure Audit Logs Log Analysis Logging/Auditing Bucket g Access Infra.structure with LogDNA Transparency Audit Cloud Load Cloud Elastic Load Balancing o Cloud Load Load Balancer Balancer/CloudFront Azure Load Balancer TIPS Load Infrastructure Balancer H.Loa Load Balancing Balancing Virtual Private Cloud Virtual Cloud LAN (VPC) i Virtual | Network VPC Network Network (VCN) VLANSs. Dedicated ’. WAN Direct Connect ExpressRoute/MPLS. FastConnect Direct Link interconnects Endpoint. Microsoft Defender.. Third Party Protection Third Party Only ATP Third Party Only Third Party Only Only Certificate AWS Certificate Certificate Management Manager i Party OnlyI Third hird P Party OnlyI Third Third ird P Party Only Manager Amazon EC2 - Oracle Containers-.... Azure Container Kubernetes. Container Security | Container Service Service (ACS) Engine Container Trusted (ECS) & Services Compute Governance Risk AWS CloudTrail Cloud Security Third Part and Compliance AWS Compliance Azure Policy Command Third Party Only onl Y Monitoring Center Center v Object Backup and AWS Backup Azure Backup Versioning. I1BM Cloud :. Archive Storage Recovery Amazon S3 Glacier Azure Site Recovery Cloud Storage Backup Nearline Table 10.9: On-premise vs. third-party security controls provided by major CSPs Module 10 Page 1386 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Cloud Security Tools Qualys Cloud An end-to-end IT security solution that provides a continuous, always-on assessment of the global security and compliance posture, with visibility Platform ;. 2 across all IT assets irrespective of where they reside @ Qualys WannaCry Dashboard O CloudPassage Halo https://www.cloudpassage.com © TOP § LOL/OBIOLETE OPERATING SYSTEMS LATEST THREATS FROM LIVE FEED McAfee MVISION Cloud https://www.mcafee.com o CipherCloud https://www.ciphercloud.com MISEING M517.010 WANNACRY RANSOMEWARE ASSETS WITH WANNACRY Netskope Security Cloud paTCH DETECTED « AUTH ONLY https://www.netskope.com Prisma Cloud _L\%fl_/—/—— https://www.paloaltonetworks.com https//www.qualys.com Copyright © by EC- IL All Rights Reserved. Reproduction is Strictly Prohibited. Cloud Security Tools Some tools for securing cloud environment include the following: = Qualys Cloud Platform Source: https://www.qualys.com Qualys Cloud Platform is an end-to-end IT security solution that provides a continuous, always-on assessment of the global security and compliance posture, with visibility across all IT assets irrespective of where they reside. It includes sensors that provide continuous visibility, and all cloud data can be analyzed in real-time. It responds to threats immediately, performs active vulnerability in internet control message protocol timestamp request, and visualizes results in one place with AssetView. Module 10 Page 1387 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing @ Qualys WannaCry Dashboard SEARCH TOP 5 EOL/OBSOLETE OPERATING SYSTEMS LATEST THREATS FROM LIVE FEED —— S— — pr— — e MISSING M517-010 WANNACRY RANSOMEWARE ASSETS WITH WANNACRY PATCH DETECTED - AUTH ONLY _R%fl_/—/_ Figure 10.67: Screenshot of Qualys Cloud Platform Additional cloud security tools include the following: * CloudPassage Halo (https.//www.cloudpassage.com) = McAfee MVISION Cloud (https://www.mcafee.com) = CipherCloud (https://www.ciphercloud.com) = Netskope Security Cloud (https://www.netskope.com) = Prisma Cloud (https.//www.paloaltonetworks.com) Module 10 Page 1388 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.