Cybersecurity Essentials - Module 17 Cheat Sheet

# Module 17: Cloud Security :::success Here is a cheat sheet generated from the course content using ChatGPT. It recaps the main concepts of each module, definitions and examples. At the end of (almost) each part, you will find a link to online related flashcards. ::: ### 17.1 Virtualization and Cloud Computing --- #### 17.1.1 Introduction to Virtualization - Virtualization and cloud storage reduce dependency on physical devices, saving time and money. - Key risks include security threats that require careful management. --- #### 17.1.2 The Virtual Environment **Benefits of Virtualization:** - Decreases the number of physical machines needed in IT infrastructure. **Key Elements:** 1. **Virtual Machines (VMs):** - **Type 1 Hypervisor:** Directly interacts with hardware for guest OS control. - **Type 2 Hypervisor:** Runs as an application on the host OS, creating VMs entirely in software. - **Vulnerabilities:** - VMs need patching as they use operating systems. - High privilege sharing can compromise host systems if a VM is attacked. 2. **Containers:** - Consist only of applications and dependencies, using an engine for OS emulation. - Tools like **Docker** provide OS-level virtualization; **Kubernetes** manages containers. - Elevated privileges within a container could compromise the underlying OS. 3. **Virtual Desktop Infrastructure (VDI):** - Stores user desktop environments remotely. - Benefits include easy creation, deletion, and configuration over a network. - Requires high availability and storage capacity. --- #### 17.1.3 Virtualization Risks - **VM Sprawl:** Underutilized virtual servers consume excessive resources. - **VM Escape:** A VM interacts with and compromises the host OS. --- #### 17.1.4 Cloud-Based Technology - Enables access to computing, storage, software, and servers via the Internet. - Shifts technology components from organizations to cloud providers. **Service Models (XaaS):** 1. **Software as a Service (SaaS):** - Users access applications and databases via the cloud. - Infrastructure is managed by providers. 2. **Platform as a Service (PaaS):** - Offers development tools and services remotely on a subscription basis. 3. **Infrastructure as a Service (IaaS):** - Provides virtualized computing resources like hardware and storage. --- #### 17.1.5 Cloud Deployment Models **Deployment Types:** 1. **Private Cloud:** - Hosted internally for greater data control. - Higher costs due to maintenance and administration. 2. **Public Cloud:** - Hosted by service providers with a subscription fee. - Lower cost but less data control. 3. **Hybrid Cloud:** - Combines private and public cloud features for flexibility. 4. **Community Cloud:** - Shared platform among multiple organizations, tailored to specific industries. --- #### 17.1.6 Fog and Edge Computing **Fog Computing:** - Distributes computing between devices and the cloud data center. - Used in applications requiring minimal latency (e.g., autonomous vehicles). **Edge Computing:** - Processes data directly on the device or sensor without transferring it to a data center. --- #### 17.1.7 Top Threats to Cloud Computing **Common Threats:** 1. **Data Breaches:** Unauthorized access to sensitive data. 2. **Cloud Misconfiguration:** Improper setups expose vulnerabilities. 3. **Poor Cloud Security Architecture:** - Private cloud security is the organization’s responsibility. - Public, hybrid, and community clouds require shared security responsibilities. 4. **Compromised Account Credentials:** - Threat actors hijacking privileged accounts pose serious risks. 5. **Insider Threats:** Malicious or unintentional compromise by employees or partners. 6. **Insecure User Interfaces (UIs) or APIs:** - Exposed interfaces are prime targets for attackers. 7. **Limited Cloud Usage Visibility:** - Reduces ability to distinguish safe or malicious files. :::danger **Check Your Understanding** :ballot_box_with_check: You can find the answers to the quiz by clicking [here](https://itexamanswers.net/7-1-8-check-your-understanding-virtualization-and-cloud-computing.html). ::: >[!Warning]Recap >A hypervisor is a software or hardware program that multiple, independent OSs on a single physical system. There are two types of hypervisors: Type 1 is hardware virtualization and Type 2 is hosted virtualization. Cloud-based technologies let organizations access computing, storage, software, and servers through the internet. The three main cloud computing service models are SaaS, PaaS, and IaaS. Cloud computing classifications are based on how the service models are deployed. They include private, public, hybrid, and community clouds. Cloud environments have their own unique threats, including data breaches, cloud misconfiguration, poor security architecture, compromised account credentials, insider threat, insecure software UI or API, and limited cloud usage. ### 17.2 The Domains of Cloud Security --- The **Cloud Security Alliance (CSA)** developed the "Security Guidance for Critical Areas of Focus in Cloud Computing v4" document. This widely referenced resource outlines **14 domains** of cloud security to promote best practices and ensure security assurance. **Domains of Cloud Security:** 1. **Cloud Computing Concepts and Architectures** - Defines cloud computing terminology. - Details logical and architectural frameworks referenced throughout the CSA Security Guidance document. 2. **Governance and Enterprise Risk Management** - Describes four key areas impacted by cloud computing: - Governance - Enterprise Risk Management - Information Risk Management - Information Security 3. **Legal Issues, Contracts, and Electronic Discovery** - Covers legal concerns related to: - Moving data to the cloud. - Contracting with cloud service providers. - Handling electronic discovery requests during litigation. 4. **Compliance and Audit Management** - Highlights challenges in measuring and communicating compliance as organizations transition from traditional data centers to the cloud. 5. **Information Governance** - Ensures data and information usage aligns with: - Organizational policies - Regulatory and contractual requirements - Strategic business objectives 6. **Management Plane and Business Continuity** - Discusses the importance of securing the cloud **management plane**, which includes protocols and resources for managing the cloud. - Emphasizes business continuity and disaster recovery for both cloud providers and clients. 7. **Security as a Service** - Focuses on the evolving delivery of security services from the cloud. 8. **Infrastructure Security** - Addresses cloud-specific infrastructure security measures to operate securely within cloud environments. 9. **Virtualization and Containers** - Highlights the need for securing virtualization technologies and virtual assets, which form the basis of cloud computing. 10. **Incident Response** - Describes key elements of the **Incident Response Lifecycle** and considerations for cloud responders. 11. **Application Security** - Provides guidance on securely building and deploying applications within cloud environments, especially for **PaaS** and **IaaS**. 12. **Data Security and Encryption** - Recommends risk-based security for data, as not all data requires the same level of protection. - Emphasizes encryption as a critical control for securing cloud data. 13. **Identity, Entitlement, and Access Management (IAM)** - Explains how cloud identity management differs from traditional IAM. 14. **Related Technologies** - Provides insights and recommendations for: - Cloud-reliant technologies. - Technologies commonly seen in cloud deployments but not necessarily dependent on cloud operations. >[!Warning]Recap >The CSA’s document titled Security Guidance for Critical Areas of Focus in Cloud Computing v4 promotes best practices to provide security assurance within the 14 cloud computing domains. ### 17.3 Cloud Infrastructure Security --- #### 17.3.1 Infrastructure Security The **Infrastructure Security** domain outlines cloud-specific infrastructure aspects and foundational measures for secure cloud operations. **Key Layers of Cloud Infrastructure:** 1. **Physical and Logical Layers:** - Includes compute (CPU, memory), networking, and storage combined to create the cloud infrastructure. 2. **Virtual Infrastructure:** - Managed by cloud users, comprising the compute, network, and storage resources accessed from cloud resource pools. **Challenges in Cloud Infrastructure Security:** - Traditional security measures relying on physical communication paths and security appliances are ineffective in cloud environments. - Virtual appliances and software agents are custom tools for securing virtual environments. However: - They may create resource bottlenecks or cause processor overloading. - Deployment and evaluation must be carefully managed. **Benefits of Software-Defined Networks (SDN):** - Enable new security controls and improve overall network security. - Offer easy network isolation without hardware constraints. - Provide SDN firewalls (security groups in cloud computing) with flexible asset-based criteria for access control. --- #### 17.3.2 Cloud Security Responsibilities Cloud security follows a **shared responsibility model** between **Cloud Service Providers (CSPs)** and cloud clients. While CSPs manage the core services, clients are responsible for securing their applications and data. **Security Responsibility Distribution (See Table):** | Security Responsibility | On-premise | IaaS | PaaS | SaaS | |-----------------------------|------------|----------|-------------|-------------| | Data | Client | Client | Client | Client | | Endpoints | Client | Client | Client | Shared | | Identity Management | Client | Client | Shared | Shared | | Application | Client | Client | Shared | CSP | | Network Control | Client | Client | Shared | CSP | | Operating System | Client | CSP | CSP | CSP | | Physical Infrastructure | Client | CSP | CSP | CSP | #### 17.3.3 Other Cloud Infrastructure Security Considerations **Company Security Policies:** - Allowing employees to use unmonitored apps may improve productivity but can introduce security risks. - Solution: Implement well-defined security policies and educate users on secure app usage. **Layered Security:** - Cloud resources are structured across hardware, infrastructure, platform, and application layers. - **Defense-in-depth strategies**: - CSP-built security tools (e.g., built-in DDoS protection). - Virtual private clouds (VPCs) for logically isolated subnets. - Virtual firewalls for traffic control, providing host-level security groups and rules. - Flow logs for traffic monitoring across network interfaces. - VPNs for secure access and site-to-site connections. - IAM services for secure user authentication, credential management, and access control. **Microsegmentation (Hypersegregation):** - Uses virtual network topologies to create multiple isolated networks without additional hardware costs. - Allows for more granular security control over traffic and workflows in the cloud. :::danger **Check Your Understanding** :ballot_box_with_check: You can find the answers to the quiz by clicking [here](https://itexamanswers.net/7-3-4-check-your-understanding-cloud-computing-security-measures.html). ::: >[!Warning]Recap >The Infrastructure Security domain describes cloud-specific aspects of infrastructure security and the foundation for operating securely in the cloud. There are two major layers to infrastructure in cloud computing: The physical and logical compute (CPU, memory, etc.), networks, and storage are combined to create a cloud, and the virtual infrastructure managed by a cloud user, that is, the compute, network, and storage assets they access from the resource pools. A CSP is responsible for the cloud services to the client, but the client is responsible for the rest of services. The sharing of responsibilities varies according to the type of cloud deployment. Established, well-defined company security policies and educating users are effective ways to manage unknown apps. Cloud resources can be viewed in four layers, hardware, infrastructure, platform, and application layers. Defense-in-depth strategies can be applied to each of these layers. Microsegmentation leverages virtual network topologies to run multiple, smaller, and more isolated networks without incurring additional hardware costs. ### 17.4 Cloud Application Security --- #### 17.4.1 Application Development To ensure security during application development, the process includes three key phases: **Developing and Testing:** - **Development Environment:** - Used to create, test, and debug software. It is less restrictive than the live environment. - Tools like version control software track and manage changes to code. - Sandbox environments prevent code overwriting during development. - **Testing:** - Developers test how code interacts with the normal environment. - Quality Assurance (QA) identifies defects early for easy resolution. **Staging and Production:** - **Staging Environment:** Matches the production environment to verify security settings. - **Production:** Software is deployed to production after security verification. **Provisioning and Deprovisioning:** - **Provisioning:** Automates software creation or updates. - **Deprovisioning:** Handles software removal. --- #### 17.4.2 Securing Coding Techniques To ensure secure applications, developers use the following techniques: 1. **Normalization:** - Converts input strings to their simplest form. - Prevents duplicate binary representations and identifies malicious input. 2. **Stored Procedures:** - Precompiled SQL statements stored in databases. - Reduce network traffic and improve task execution speed. 3. **Obfuscation and Camouflage:** - Obfuscation hides data with random characters. - Camouflage replaces sensitive data with realistic, fictional alternatives. 4. **Code Reuse:** - Saves time by reusing existing software. - Requires caution to avoid introducing vulnerabilities. 5. **SDKs (Software Development Kits):** - Third-party libraries accelerate development but may introduce vulnerabilities. --- #### 17.4.3 Input Validation Input validation protects database integrity by controlling data input and preventing attacks like automated input manipulation. **Example:** - A newsletter subscription form is exploited by attackers who modify confirmation URL links to alter user data or flood the database with invalid entries. Proper validation prevents these attacks. --- #### 17.4.4 Validation Rules Validation rules ensure data accuracy, completeness, and consistency. Common criteria include: - **Size:** Checks character count. - **Format:** Ensures data follows a specified pattern. - **Consistency:** Verifies related data items' codes. - **Range:** Validates data falls within a minimum and maximum value. - **Check Digit:** Adds a calculated digit for error detection using the following steps: 1. Multiply ISBN digits by descending values (e.g., 10, 9...2). 2. Sum the results. 3. Find the check digit required to make the total a multiple of 11. --- #### 17.4.5 Integrity Checks Integrity checks ensure data remains unchanged and consistent. The process uses hash functions and checksums. **Key Components:** 1. **Checksum:** Verifies file integrity by comparing checksums before and after transmission. 2. **Hash Functions:** Use algorithms (e.g., MD5, SHA-1, SHA-256) to compare data integrity with pre-calculated hashes. 3. **Version Control:** Prevents simultaneous edits by users and maintains file integrity. 4. **Backups:** Verify backup integrity to restore data if corruption occurs. 5. **Authorization:** Restricts data modifications to authorized users using access controls and file permissions. ![image](https://hackmd.io/_uploads/r1qoLFFN1x.png) --- #### 17.4.6 Other Application Security Practices To ensure software authenticity and secure browsing, the following practices are implemented: 1. **Code Signing:** - Digitally signs executables to validate the author’s identity and prevent code alterations. 2. **Secure Cookies:** - Protects cookies with HTTPS to prevent unauthorized access and secure browsing sessions. >[!Warning]Recap >The Application Development Domain provides guidance on how to securely build and deploy applications in cloud computing environments such as PaaS and IaaS. There are several techniques for validating security requirements when coding applications, including: normalization, stored procedure, obfuscation and camouflage, code reuse, and SDKs. Controlling the data input helps to maintain database integrity. Validation rules help ensure the security of databases by checking to see if data meets certain rules when it is entered into a field. Integrity checks measure the consistency of data in a file, picture, or record to ensure it has not been corrupted. A checksum is an example of a hash function. ### 17.5 Cloud Data Security --- #### 17.5.1 States of Data Customer data in cloud environments must be secured in three distinct states: - **Data at Rest:** - Refers to data stored on local devices (e.g., hard disks) or centralized servers. - In cloud computing, this includes data stored in the cloud, accessible via the internet, typically through a subscription. - Data at rest includes all data not in transit or in process. - **Data in Transit:** - Refers to data being transmitted between devices, networks, or across the internet. - Securing data in transit requires cryptographic methods and hashing to ensure data is protected during transmission. - **Data in Process:** - Refers to data that is being actively used, such as during input, modification, computation, or output. - Data in process is neither in transit nor at rest. --- #### 17.5.2 Cryptography Cryptography secures data by making it accessible only to authorized recipients. - **Key Concepts:** - **Plaintext:** Readable data before encryption. - **Ciphertext:** Unreadable, encrypted version of plaintext. - **Encryption:** Converts plaintext to ciphertext. - **Decryption:** Converts ciphertext back to plaintext using a key. - **Encryption Types:** 1. **Symmetric Encryption:** - Uses the same key for encryption and decryption. - Example: **Advanced Encryption Standard (AES)**, with block sizes of 128 bits and key sizes of 128, 192, or 256 bits. - Commonly used for private key encryption. 2. **Asymmetric Encryption:** - Uses a pair of keys: one for encryption and a different one for decryption. - Examples: RSA, Diffie-Hellman, EIGamal, and Elliptic Curve Cryptography (ECC). - Often used for secure communication over untrusted networks. --- #### 17.5.3 Hashing Hashing ensures data integrity by creating a unique, fixed-length representation (hash value) of input data. - **Key Properties of Hash Functions:** 1. Accepts input of any length. 2. Produces a fixed-length output (hash value). 3. Is one-way and not reversible. 4. Prevents collisions (two inputs producing the same hash). - **Cryptographic Hash Algorithms:** - Developed by the U.S. National Institute of Standards and Technology (NIST). - **SHA (Secure Hash Algorithm) Family:** - **SHA-1:** Published in 1994, no longer secure. - **SHA-2:** Includes stronger algorithms: - SHA-224 (224-bit output) - SHA-256 (256-bit output) - SHA-384 (384-bit output) - SHA-512 (512-bit output) - SHA-2 replaces older algorithms like MD5 and SHA-1 for enhanced security. - **Hashing Use Cases:** - Verifying data integrity. - Authenticating passwords or encryption keys. - Ensuring unique representation for files and messages. >[!Warning]Recap >The States of Data Domain describes controls related to securing the data itself, of which encryption and hashing are the most important. States of data are: data at rest, data in transit, and data in process. Cryptography is the science of making and breaking codes. There are two classes of encryption algorithms: symmetric and asymmetric. Hashing is a tool that ensures data integrity by taking binary data (i.e., the message) and producing a fixed-length representation called the hash value (i.e., message digest). Integrity ensures that data is complete and unaltered at the time of its acquisition. ### 17.6 Protecting VMs --- #### 17.6.1 Protecting Virtual Machines Virtual Machines (VMs) require the same security measures as physical computers, such as patching, updating, and installing antimalware. Cloud platforms offer additional security features to enhance VM protection. Key practices include: - **Plan Subnet Placement:** - Assign VMs to subnets with restricted access to the outside world based on their specific needs. - **Disable Unneeded Ports and Services:** - Reduce exposure by enabling only the necessary ports and services for each VM. - **Enforce Account Management and Policies:** - Deactivate default user accounts in the VM OS. - Create new user accounts using best practices like password complexity and least privilege access. - **Install Antivirus/Antimalware Software:** - Keep antimalware software updated, either through the VM OS or as a cloud platform service. - **Install Host-Based Firewalls and IDP/IPS:** - Deploy software firewalls and intrusion detection/prevention systems (IDP/IPS) through the VM OS or the cloud platform. --- #### 17.6.2 Protecting VMs from VM Sprawl Attacks The ease of creating VM instances in the cloud can lead to **VM Sprawl**, where unmanaged and outdated VMs become vulnerable to attacks. For example, during projects, multiple VM instances may be created and later abandoned but left running, resulting in: - **Risks of Outdated Instances:** - Unmonitored VMs may not receive updates, exposing them to vulnerabilities. - **Unnecessary Resource Consumption:** - Resources like VM instances, storage, and public IP addresses are consumed without purpose, increasing costs. **Mitigation Measures:** - **Log and Audit Cloud Resources:** - Implement policies to log and monitor the usage of VMs and other cloud resources. - **Monitor Running VMs:** - Regularly review active instances to identify and shut down unused VMs. - **Audit Actual Usage:** - Conduct audits to ensure that all running VMs are necessary for the organization’s operations. Proper monitoring and management of VMs can reduce risks, optimize costs, and improve security. >[!Warning]Recap >To protect VMs: plan subnet placement, disable unneeded ports and services, enforce account management policies, install antivirus/antimalware software and keep it updated, and install host-based/software firewalls and IDS/IPS. VM Sprawl is where an organization has many VM instances that are not properly managed. Some of these VMs may no longer be used but left running. If these running instances are not monitored and maintained, they eventually become outdated and vulnerable to attacks.