Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 02_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 01_ocred.pdf
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 02_ocred.pdf
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 03_ocred.pdf
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 07_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 08_ocred_fax_ocred.pdf
- Cloud and Virtualization Security PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Elements of Cloud Security (Cont’d)...
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Elements of Cloud Security (Cont’d) Logging OQ Security logs are used for threat detection, data analysis, and Network Security compliance audits to enhance cloud security O Main challenge in cloud network security includes the lack of network visibility in Q Efficient security log management monitoring and managing suspicious for cloud includes aggregating all logs, capturing appropriate data, activities by the consumer controlling log collection and OQO Cloud network security requires the distribution frequency, ensuring following additional security features system scalability, etc. like, encrypt data-in-transit, provide multi-factor authentication, install firewalls, enable data loss prevention, etc. Copyright © by L All Rights Reserved. Reproduction Reproduction is Strictly Prohibited. Elements of Cloud Security Cloud Service Consumers Cloud service consumers are responsible for: = User security and monitoring (identity and access management (IAM) = Information security—data (encryption and key management) = Application-level security = Data storage security = Monitoring, logging, and compliance Cloud Service Providers Cloud service providers are responsible for securing the shared infrastructure, including routers, switches, load balancers, firewalls, hypervisors, storage networks, management consoles, DNS, directory services, and cloud API. Module 10 Page 1343 EG-Council Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing ) User Security and Monitoring [ Identity services (AuthN/Z, federation, delegation, provisioning) ] (@] c w - [ Supporting services (Auditing, Super user privilege management) ] [=] 3 (1] 1 - N r— 3 ( Information Security - Data © w =] = [Encryptlon (transit, rest, processing), Key management, ACL, I.ogglng] , s - o g Application-level Security [ Application stack, Service connectors, Database, Storage J. J Ajiqisuodsad s,a9pinoad pnop) / Platform and Infrastructure Security \ PaaS— NoSQL, API, Message Queues, Storage Guest OS-level (Firewall, Hardening, Security monitoring) PaaS Hypervisor/Host-level (Firewalls, Security monitoring) laaS | Qetwork—level (BGP, Load balancers, Firewalls, Security monltoring)/ Figure 10.38: Elements of cloud security Identity and Access Management (IAM) Identity and Access Management (IAM) offers role-based access control to the customers or employees of an organization for accessing critical information within the enterprise. It comprises business processes, policies, and technologies that enable the surveillance of electronic or digital identities. IAM products provide tools and technologies to the system administrators for regulating user access (creating, managing, and removing access) to systems or networks based on the roles of individual users within the enterprise. Organizations generally prefer all-in-one authentication that can be extended to Identity Federation. Because Identity Federation includes IAM with single sign-on (SSO) and a centralized AD account for secure management. Additionally, IAM enables multi-factor authentication (MFA) for the root user and its associated user accounts. MFA is used to control the access to cloud service APIs. However, the best option is selecting either a virtual MFA or hardware device. Module 10 Page 1344 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing User llge life cycle Approve user authorizations based on roles/rules 30 LI u};‘ Federation Systems Systems and and Applications Applications Monitoring and Audit Figure 10.39: Identity and Access Management (IAM) Compliance A clear understanding of the requirements of an organization and how compliance is achieved can enable the organizations to benefit from business agility and growth. Compliance failure can lead to regulatory fines, lawsuits, cyber security incidents, and reputational damage. Following are the compliance considerations for an organization to integrate its compliance programs with its cloud providers. = Knowing the requirements that impact an organization is important. These requirements are based on the jurisdiction of an organization, industry, or the activities employed by an organization for its operation. =* Conducting regular compliance risk assessments helps organizations to establish the foundation of a strong compliance program. This process allows organizations to adopt the updated and revised risk assessment processes regularly. =* Monitoring and auditing the compliance program of an organization proactively or before a crisis hits can help organizations to find gaps and improve their compliance position. Data Storage Security In a cloud, data are stored on internet-connected servers in data centers, and it is the responsibility of data centers to secure the data. However, customers should protect their data to ensure comprehensive data security Data Storage Security Techniques: = Local data encryption: Ensuring confidentiality of sensitive data in the cloud. Module 10 Page 1345 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing = Key management: Generating, using, protecting, storing, backing up, and deleting encryption keys. Key management in cloud ensures strict key security owing to the increased possibility of key exposure. = Strong password management: Using strong passwords and changing them at regular intervals. = Periodic security assessment of data security controls: Continuously monitoring and reviewing the implemented data security controls. = Cloud data backup: Taking local backups of the cloud data prevents possible data loss in the organization. Monitoring Cloud monitoring is required to manage cloud-based services, applications, and infrastructure. Effective cloud monitoring helps an organization to protect a cloud environment from potential threats, store, and transfer data in the cloud easily and safeguard the personal data of customers. Activity monitoring should observe the following activities to monitor unauthorized data access: = Data replication: It plays a key role in data management by migrating databases online and synchronizing the data in real time. Migration monitoring should be performed during data replication. = Data file name changes: Data handling activities such as data file name changes should be monitored. The file change attributes should be utilized for monitoring changes in the file system. = File classification changes: Activity monitoring through file classification changes helps in determining any changes in the cloud data files. = Data ownership changes: Data activity monitoring via data ownership changes should be closely monitored to prevent unauthorized access and security breach. Data monitoring should define thresholds and rules for normal activities, which can help in detecting unusual activities and send alerts to data owners if any breach is observed in the defined threshold. Network Security Main challenge in cloud network security includes the lack of network visibility in monitoring and managing suspicious activities by the consumer. Cloud network security requires the following additional security features in comparison to the traditional network security features. ® Encrypt data-in-transit = Provide multi-factor authentication = |nstall firewalls Module 10 Page 1346 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing *= Enable data loss prevention Methods to secure a cloud network ® Using DMZs = |solating resources with subnets, firewalls, and routing tables ® Securing DNS configurations * Limiting inbound/outbound traffic = Securing accidental exposures ® |Intrusion detection and prevention systems * Implementing layers of firewall Logging Security logs provide a record of the activities in the IT environment of an organization. They are used for threat detection, data analysis, and compliance audits to enhance cloud security. After the accelerated adoption of cloud platforms, instead of using a few servers, companies now maintain thousands of servers that play a smaller role within the application infrastructure stack. This complicates the aggregation of data silos. To ensure efficient and secure log management in the cloud, organizations should follow the following practices. = Aggregate All Logs = (Capture Appropriate Data = Keep Applications Safe = System Scalability Module 10 Page 1347 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
