Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 07_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Cloud Network Security Cloud network security can be achieved in the following ways: Virtual Private Cloud (VPC) Public and Private Subnets v" VPCis a secure and independent private cloud environment that resides within the public cloud v’ VPC clients can execute programs, save data, host applications, and perform anything they wish on a private network using their individual accounts ¥ The subnets in VPC can be public or private. The virtual machines in the public subnet can transmit outbound traffic directly over the web v" The private subnet can communicate via the Internet using a NAT gateway VPC p— — VPCClient - | Public Subnet fi Public Cloud ¢\ (] Q Cloud..... i et....... == Private Subnet fi g, N.m-...................... Private Instances Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibited. Cloud Network Security (Cont’d) Transit Gateways v’ VPC Endpoint Atransit gateway is a network routing solution that establishes and manages communication between an onpremises consumer network and VPCs via a centralized unit v’ It establishes a private connection between a VPC and another cloud service without access to the Internet, external gateways, NAT solutions, VPN connections, or public addresses VPC - = QQ'... G Cloudbased VPN [@e a on premises x Transit.............. “a VRouter Virtual Instances e VPC Endpoint Copyright © by E Cloud Service L All Rights Reserved. Reproduction is Strictly Prohibited. Cloud Network Security A cloud network is virtual IT infrastructure managed by cloud service providers (CSPs), where network resources are supplied on demand in the form of private and public clouds. By creating a virtual environment within the cloud through an existing physical network, CSPs can perform network operations on the public cloud using individual client accounts. Module 10 Page 1368 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Cloud network security can be achieved in the following ways. Virtual private cloud (VPC): VPC is a secure and independent private cloud environment that resides within the public cloud. VPC clients can execute programs, host applications, save data, and perform anything they wish on a private network using their individual accounts, but the private cloud is hosted by the public cloud provider. A VPC is generally independent from other VPCs running with the same account; hence, one VPC client cannot view the traffic directed to another client’s VPCs. The client can also create an IPv6 block and add multiple subnets within that block. VPC can merge the scalability and other optimal features of public cloud computing with the data segregation of private cloud computing. VPC resources are available on demand and can be expanded and configured based on the requirement. Public Cloud O (o8 @esinsianssnssans hessausnanss > Virtual Private Cloud VPC Client Figure 10.59: Virtual Private Cloud (VPC) Public and private subnets: The subnets in VPC can be public or private. The virtual machines residing in the public subnet can transmit data packets directly over the web, while the VMs in a private subnet cannot. A public subnet consists of an outward path that transmits messages via an Internet Gateway (IGW), which allows IPv4 and IPv6 traffic from the VPC without any conditions on the bandwidth. VMs in the public subnet can also receive inbound traffic via the IGW as long as their network ACLs and security groups permit it. A private subnet can connect to the external web via a public network address translation (NAT) gateway. The routing device itself performs NAT. Additionally, NAT does not directly permit inward traffic from the web, which makes the subnet private. The external connectivity for the private subnet can also be created using VPN services. VPC Public Subnet @ Uit Y " (( b I )) e il 7