Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 02_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 06_ocred_fax_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 01_ocred_fax_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 04_ocred_fax_ocred.pdf
- Lecture 2 - Part I (2) PDF
- 4.1 Apply Common Security Techniques to Computing Resources PDF
- Structures de données en C - ENSAM PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Types of Cloud Computing Services SYS ADMINS DEVE...
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Types of Cloud Computing Services SYS ADMINS DEVELOPERS END CUSTOMERS END CUSTOMERS Infrastructure-as-a- Platform-as-a-Service Software-as-a-Service Identity-as-a-Sexvice Service (IaaS) (Paas) (Saas) (IDaas) = Provides virtual = Offers development = Offers software to = Offers IAM services machines and other tools, configuration subscribers on-demand including SSO, MFA, abstracted hardware management, and over the Internet IGA, and intelligence and operating systems deployment platforms * E.g., web-based office collection which may be on-demand that can be applications like Google * E.g., Onelogin, controlled through used by subscribers to Docs or Calendar, Centrify Identity a service API develop custom Salesforce CRM, or Service, Microsoft * E.g., AmazonEC2, applications Freshbooks Azure Active Directory, GoGrid, Microsoft = E.g., Google App or Okta OneDrive, or Rackspace Engine, Salesforce, or Microsoft Azure Types of Cloud Computing Services (Cont’d) Security-as-a-Service (SECaaS8) Function-as-a-Service (FaaS) CUSTOMERS CUSTOMERS = Provides penetration testing, authentication, Provides a platform for developing, running, intrusion detection, anti-malware, security and managing application functionalities for END END incident, and event management services microservices = E.g., eSentire MDR, Switchfast Technologies, E.g., AWS Lambda, Google Cloud Functions, OneNeck IT Solutions, or McAfee Managed Microsoft Azure Functions, or Oracle Cloud Fn Security Services Container-as-a-Service (CaaSl) Anything-as-a-Service (XaaS) CUSTOMERS CUSTOMERS = Offers virtualization of container engines, Offers anything as a service over the Internet and management of containers, applications, based on the user’s demand like digital END and clusters, through a web portal or API g products, food, transportation, medical = E.g., Amazon AWS EC2, or Google Kubernetes consultations, etc. Engine (GKE) E.g., Salesforce, AWS, Google Compute Engine, Azure, 0365 and G Suite, JumpCloud Types of Cloud Computing Services Cloud services are divided broadly into the following categories: » [Infrastructure-as-a-Service (laaS) This cloud computing service enables subscribers to use on-demand fundamental IT resources, such as computing power, virtualization, data storage, and network. This service provides virtual machines and other abstracted hardware and operating systems Module 10 Page 1307 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing (OSs), which may be controlled through a service application programming interface (API1). As cloud service providers are responsible for managing the underlying cloud computing infrastructure, subscribers can avoid costs of human capital, hardware, and others (e.g., Amazon EC2, Microsoft OneDrive, Rackspace). Advantages: o Dynamic infrastructure scaling o Guaranteed uptime o Automation of administrative tasks o Elastic load balancing (ELB) o Policy-based services o Global accessibility Disadvantages: o Software security is at high risk (third-party providers are more prone to attacks) o Performance issues and slow connection speeds » Platform-as-a-Service (PaaS) This type of cloud computing service allows for the development of applications and services. Subscribers need not buy and manage the software and infrastructure underneath it but have authority over deployed applications and perhaps application hosting environment configurations. This offers development tools, configuration management, and deployment platforms on-demand, which can be used by subscribers to develop custom applications (e.g., Google App Engine, Salesforce, Microsoft Azure). Advantages of writing applications in the PaaS environment include dynamic scalability, automated backups, and other platform services, without the need to explicitly code for them. Advantages: o Simplified deployment o Prebuilt business functionality o Lower security risk compared to laaS o Instant community o Pay-per-use model o Scalability Disadvantages: o Vendor lock-in o Data privacy o Integration with the rest of the system applications Module 10 Page 1308 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Software-as-a-Service (SaaS) This cloud computing service offers application software to subscribers on-demand over the Internet. The provider charges for the service on a pay-per-use basis, by subscription, by advertising, or by sharing among multiple users (e.g., web-based office applications like Google Docs or Calendar, Salesforce CRM, and Freshbooks). Advantages: o Low cost o Easy administration o Global accessibility o High compatibility (no specialized hardware or software is required) Disadvantages: o Security and latency issues o Total dependency on the Internet o Switching between Saa$S vendors is difficult Identity-as-a-Service (IDaaS) This cloud computing service offers authentication services to the subscribed enterprises and is managed by a third-party vendor to provide identity and access management services. It provides services such as Single-Sign-On (SSO), Multi-Factor- Authentication (MFA), Identity Governance and Administration (IGA), access management, and intelligence collection. These services allow subscribers to access sensitive data more securely both on and off-premises (e.g., OnelLogin, Centrify Identity Service, Microsoft Azure Active Directory, Okta). Advantages: o Low cost o Improved security o Simplify compliance o Reduced time o Central management of user accounts Disadvantages: o Single server failure may disrupt the service or create redundancy on other authentication servers o Vulnerable to account hijacking attacks Security-as-a-Service (SECaaS) This cloud computing model integrates security services into corporate infrastructure in a cost-effective way. It is developed based on SaaS and does not require any physical Module 10 Page 1309 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing hardware or equipment. Therefore, it drastically reduces the cost compared to that spent when organizations establish their own security capabilities. It provides services such as penetration testing, authentication, intrusion detection, anti-malware, security incident and event management (e.g., eSentire MDR, Switchfast Technologies, OneNeck IT Solutions, McAfee Managed Security Services). Advantages: o Low cost o Reduced complexity o Continuous protection Improved security through best security expertise Latest and updated security tools Rapid user provisioning o Greater agility O Increased time on core competencies Disadvantages: o Increased attack surfaces and vulnerabilities O Unknown risk profile O Insecure APIs o No customization to business needs o Vulnerable to account hijacking attacks » Container-as-a-Service (Caa$) This cloud computing model provides containers and clusters as a service to its subscribers. It provides services such as virtualization of container engines, management of containers, applications, and clusters through a web portal, or an API. Using these services, subscribers can develop rich scalable containerized applications through the cloud or on-site data centers. Caa$ inherits features of both laaS and PaaS (e.g., Amazon AWS EC2, Google Kubernetes Engine (GKE)). Advantages: o Streamlined development of containerized applications O Pay-per-resource o Increased quality Portable and reliable application development Low cost Few resources Module 10 Page 1310 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing o Crash of application container does not affect other containers o Improved security o Improved patch management o Improved response to bugs o High scalability o Streamlined development Disadvantages: o High operational overhead o Platform deployment is the developer’s responsibility * Function-as-a-Service (FaaS) This cloud computing service provides a platform for developing, running, and managing application functionalities without the complexity of building and maintaining necessary infrastructure (serverless architecture). This model is mostly used while developing applications for microservices. It provides on-demand functionality to the subscribers that powers off the supporting infrastructure and incurs no charges when not in use. It provides data processing services, such as Internet of Things (l1oT) services for connected devices, mobile and web applications, and batch-and-stream processing (e.g., AWS Lambda, Google Cloud Functions, Microsoft Azure Functions, Oracle Cloud Fn). Advantages: o Pay-per-use o Low cost o Efficient security updates o Easydeployment o High scalability Disadvantages: o High latency o Memory limitations o Monitoring and debugging limitations o Unstable tools and frameworks o Vendor lock-in * Anything-as-a-Service (Xaa$) Anything as a service or everything as a service (XaaS$) is a cloud-computing and remote- access service that offers anything as a service over the Internet based on the user’s demand. The service may include digital products such as tools, applications, and Module 10 Page 1311 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing technologies, as well as other types of services such as food, transportation, and medical consultations. The service is paid as per usage and cannot be purchased or licensed as regular products. Apart from common cloud services such as software as a service (Saa$), platform as a service (PaaS), and infrastructure as a service (laaS), XaaS includes services such as network as a service (NaaS), storage as a service (STaas), testing as a service (TaaS), malware as a service (MaaS), and disaster recovery as a service (DRaas$). XaaS$ offers secure services such as customer relationship management (CRM), cloud computing, and directory services (e.g., NetApp, AWS Elastic Beanstalk, Heroku, and Apache Stratos). Advantages: o Highly scalable o Independent of location and devices o Fault tolerance and reduced redundancy o Reduced capital expenditure o Enhances business process by supporting rapid elasticity and resource sharing Disadvantages: o Chances of service outage as XaaS is dependent on the Internet o Performance issues due to high utilization of the same resources o Highly complex and difficult to troubleshoot at times Module 10 Page 1312 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Customer vs. CSP Shared Responsibilities in IaaS, PaaS$, and Saa$ Cloud Computing i Resource Owners - Subscribers/Tenants/Customers - Service Provider.. 2@ ¥ 000 ok raaaeeree | Customer vs. CSP Shared Responsibilities in IaaS, PaaS, and Saa$S In cloud computing, it is important to ensure the separation of responsibilities of the subscribers and service providers. The separation of duties prevents conflicts of interest, illegal acts, fraud, abuse, and errors, and it helps in identifying security control failures, including information theft, security breaches, and invasion of security controls. It also helps in restricting the amount of influence held by an individual and ensures that there are no conflicting responsibilities. It is essential to know the limitations of each cloud service delivery model when accessing specific clouds and their models. Cloud Computing i Resource Owners - Subscribers/Tenants/Customers - Service Provider Figure 10.21: Customer vs. CSP Shared Responsibilities in laaS, PaaS, and Saa$ Module 10 Page 1313 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.