Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Elements of Cloud Security (Cont’d) Logging Q Network Security O Main challenge in cloud network security includes the lack of network visibility in Q Efficient security log management for cloud includes aggregating all logs, capturing appropriate data, controlling log collection and distribution frequency, ensuring system scalability, etc. monitoring and managing suspicious activities by the consumer O Security logs are used for threat detection, data analysis, and compliance audits to enhance cloud security Cloud network security requires the following additional security features like, encrypt data-in-transit, provide multi-factor authentication, install firewalls, enable data loss prevention, etc. Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibited. Elements of Cloud Security Cloud Service Consumers Cloud service consumers are responsible for: = User security and monitoring (identity and access management (IAM) = Information security—data (encryption and key management) = Application-level security = Data storage security = Monitoring, logging, and compliance Cloud Service Providers Cloud service providers are responsible for securing the shared routers, switches, load balancers, firewalls, hypervisors, storage consoles, DNS, directory services, and cloud API. Module 10 Page 1343 infrastructure, including networks, management Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing ) User Security and Monitoring [ Identity services (AuthN/Z, federation, delegation, provisioning) ] (@] c [ Supporting services (Auditing, Super user privilege management) w - ] [=] 3 (1] 1 r— 3 - N ( Information Security - Data w © =] [Encryptlon (transit, rest, processing), Key management, ACL, I.ogglng] - = , s o g Application-level Security Application stack, Service connectors, Database, Storage J Platform and Infrastructure Security \. / J Ajiqisuodsad s,a9pinoad pnop) [ PaaS— NoSQL, API, Message Queues, Storage PaaS Guest OS-level (Firewall, Hardening, Security monitoring) | laaS Hypervisor/Host-level (Firewalls, Security monitoring) Qetwork—level (BGP, Load balancers, Firewalls, Security monltoring)/ Figure 10.38: Elements of cloud security Identity and Access Management (IAM) Identity and Access Management (IAM) offers role-based access control to the customers or employees of an organization for accessing critical information within the enterprise. It comprises business processes, electronic or digital identities. policies, IAM and products technologies that enable provide and technologies tools the surveillance to the of system administrators for regulating user access (creating, managing, and removing access) to systems or networks based on the roles of individual users within the enterprise. Organizations generally prefer all-in-one authentication that can be extended to Identity Federation. Because Identity Federation includes IAM with single sign-on (SSO) and a centralized AD account for secure management. Additionally, IAM enables multi-factor authentication (MFA) for the root user and its associated user accounts. MFA is used to control the access to cloud service APIs. However, the best option is selecting either a virtual MFA or hardware device. Module 10 Page 1344 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 User life cycle 30 Approve user authorizations based on roles/rules LI u};‘ Federation Monitoring and Audit Systems and Applications Figure 10.39: Identity and Access Management (IAM) Compliance A clear understanding of the requirements of an organization and how compliance is achieved can enable the organizations to benefit from business agility and growth. Compliance failure can lead to regulatory fines, lawsuits, cyber security incidents, and reputational damage. Following are the compliance considerations for an organization to integrate its compliance programs with its cloud providers. = Knowing the requirements that impact an organization is important. These requirements are based on the jurisdiction of an organization, industry, or the activities employed by an organization for its operation. * * Conducting regular compliance risk assessments helps organizations to establish the foundation of a strong compliance program. This process allows organizations to adopt the updated and revised risk assessment processes regularly. Monitoring and auditing the compliance program of an organization proactively or before a crisis hits can help organizations to find gaps and improve their compliance position. Data Storage Security In a cloud, data are stored on internet-connected servers in data centers, and it is the responsibility of data centers to secure the data. However, customers should protect their data to ensure comprehensive data security Data Storage Security Techniques: = Local data encryption: Ensuring confidentiality of sensitive data in the cloud. Module 10 Page 1345 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing = Key Exam 212-82 management: Generating, using, protecting, storing, backing up, and deleting encryption keys. Key management in cloud ensures strict key security owing to the increased possibility of key exposure. = Strong password intervals. management: Using strong passwords and changing them at regular = Periodic security assessment of data security controls: Continuously monitoring and reviewing the implemented data security controls. = Cloud data backup: Taking local backups of the cloud data prevents possible data loss in the organization. Monitoring Cloud monitoring is required to manage cloud-based services, applications, and infrastructure. Effective cloud monitoring helps an organization to protect a cloud environment from potential threats, store, and transfer data in the cloud easily and safeguard the personal data of customers. Activity access: = monitoring should observe the following activities to monitor unauthorized data Data replication: It plays a key role in data management by migrating databases online and synchronizing the data in real time. Migration monitoring should be performed during data replication. = Data file name changes: Data handling activities such as data file name changes should be monitored. The file change attributes should be utilized for monitoring changes in the file system. = File classification changes: Activity monitoring through file classification changes helps in determining any changes in the cloud data files. = Data ownership changes: Data activity monitoring via data ownership changes should be closely monitored to prevent unauthorized access and security breach. Data monitoring should define thresholds and rules for normal activities, which can help in detecting unusual activities and send alerts to data owners if any breach is observed in the defined threshold. Network Security Main challenge in cloud network security includes the lack of network visibility in monitoring and managing suspicious activities by the consumer. Cloud network security requires the following additional security features in comparison to the traditional network security features. ® = = Encrypt data-in-transit Provide multi-factor authentication |nstall firewalls Module 10 Page 1346 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing *= Exam 212-82 Enable data loss prevention Methods to secure a cloud network ® Using DMZs = |solating resources with subnets, firewalls, and routing tables ® Securing DNS configurations * Limiting inbound/outbound traffic = Securing accidental exposures ® |Intrusion detection and prevention systems * Implementing layers of firewall Logging Security logs provide a record of the activities in the IT environment of an organization. They are used for threat detection, data analysis, and compliance audits to enhance cloud security. After the accelerated adoption of cloud platforms, instead of using a few servers, companies now maintain thousands of servers that play a smaller role within the application infrastructure stack. This complicates the aggregation of data silos. To ensure efficient and secure log management following practices. = Aggregate All Logs = (Capture Appropriate Data = Keep Applications Safe = System Scalability Module 10 Page 1347 in the cloud, organizations should follow the Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.