Chapter 6: Securing the Cloud Security+ Chapter 6: Securing the Cloud Modified 1/30/2016- wagnerju

Chapter 6: Securing the Cloud Explain network design elements and components. Given a scenario, select the appropriate solutions to establish host security. Implement the appropriate controls to ensure data security.

Risks and Cloud Computing Resources are made available in a web-based data center, which can be accessed anywhere.

Risks and Cloud Computing Pay-per-use computing model Customers pay for only the resources they need May revolutionize computing Unlike hosted services, does not require long-term contracts Microsoft Azure Pricing calculator https://azure.microsoft.com/en-us/pricing/calculator/

Risks and Cloud Computing Three service models of cloud computing Cloud software as a service (SaaS) Deliver Applications Cloud platform as a service (PaaS) Deliver computing platforms Cloud infrastructure as a service (IaaS) Deliver servers, storage and networking

Types of Clouds Public cloud – Third party services and infrastructure offered to all users with access provided remotely through Internet. Users give up some control and security. Major Vendors Amazon AWS Microsoft Azure Rackspace Google Types of Clouds Public cloud - Services and infrastructure offered to all users with access provided remotely through Internet Community cloud - Open only to specific organizations that have common concerns Private cloud - Created and maintained on private network Hybrid cloud - Combination of public and private clouds Cloud storage - No computational capabilities but only provides remote file storage

Types of Clouds Private cloud - Created and maintained on private network by one company for it’s sole use. Provides the most security and control but also requires the most investments in infrastructure and expertise Types of Clouds Public cloud - Services and infrastructure offered to all users with access provided remotely through Internet Community cloud - Open only to specific organizations that have common concerns Private cloud - Created and maintained on private network Hybrid cloud - Combination of public and private clouds Cloud storage - No computational capabilities but only provides remote file storage

Types of Clouds Community cloud - Open only to specific organizations that have common concerns Hybrid cloud - Combination of public and private clouds Types of Clouds Public cloud - Services and infrastructure offered to all users with access provided remotely through Internet Community cloud - Open only to specific organizations that have common concerns Private cloud - Created and maintained on private network Hybrid cloud - Combination of public and private clouds Cloud storage - No computational capabilities but only provides remote file storage

Types of Clouds Architecture choose? Types of Clouds Public cloud - Services and infrastructure offered to all users with access provided remotely through Internet Community cloud - Open only to specific organizations that have common concerns Private cloud - Created and maintained on private network Hybrid cloud - Combination of public and private clouds Cloud storage - No computational capabilities but only provides remote file storage

Types of Clouds Cloud storage No computational capabilities but only provides remote file storage. Data is stored redundant and possibly across multiple data centers for fault tolerance

Virtualization Virtualization Means of managing and presenting computer resources without regard to physical layout or location Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system” Virtual system examples: virtual private network, virtual memory, virtual machine

Traditional software stack Component isolation with virtualization What Is Virtualization? Virtualization is the isolation of one computing resource from the others Traditional software stack Applications installed to specific hardware and OS Component isolation with virtualization Virtual Applications Any application on any computer, on demand Interface bound to process Virtual Presentation Presentation layer separate from process Operating system assigned to specific hardware Virtual Machine OS can be assigned to any desktop or server Storage assigned to specific locations Virtual Storage Storage and backup over the network Network assigned to specific locations Virtual Network Localizing dispersed resources Virtualization results in more efficient resource utilization, and supports greater flexibility and simplified change management

Common Uses of Virtualization Access Virus-Infected Data Test Software, Upgrades, or New Configurations Run a guest OS on top of another OS Business Continuity Virtual Desktop / VDI Run legacy software on non-legacy hardware Run multiple operating systems on the same hardware Create a manageable upgrade path

Working with Virtualization Host (Operating System) virtualization Virtual machine simulated as software environment on host system

Virtualization models Type I model is known as “bare metal” Can boot without the operating system Type II model is known as “hosted” Requires the operating system and is dependent on it

Server virtualization Creating and managing multiple server operating systems Relies on the hypervisor software to manage virtual operating systems Can reduce costs and energy use Can help provide users uninterrupted server access Live migration enables virtual machines to be moved to a different Server with no user impact Can also be used for load balancing

Virtualization Advantages Test latest patches by downloading on a virtual machine before installing on production computer Can be used for training purposes Safe environment where malware can be executed with minimal risk to equipment and software New virtual server machines can be quickly made available (host availability) Resources like RAM or hard drive space can easily be expanded or contracted as needed (host elasticity) Reduce costs Providing uninterrupted server access to users

Virtualization Security Advantages Patch compatibility - Latest patches can be downloaded and run in virtual machine to determine impact on other software Snapshot – Image of particular state of virtual machine can be saved for later use Security control testing - Testing existing security configuration Sandboxing - Used test for potential malware Penetration testing - can be performed using simulated network environment Virtualization Security Advantages Virtualization security advantages: Patch compatibility - Latest patches can be downloaded and run in virtual machine to determine impact on other software Snapshot – Image of particular state of virtual machine can be saved for later use Security control testing - Testing existing security configuration Sandboxing - Used test for potential malware

Virtualized environment security concerns Physical firewall may not be able to inspect and filter amount of traffic coming from running multiple virtualized servers Security must be in place to accommodate live migration Some hypervisors do not have necessary security controls to keep out attackers Existing security tools do not always adapt well to multiple virtual machines External physical appliances not designed to protect multiple virtual servers Virtual machines need protection from other virtual machines running on the same host.

Security and the Cloud Multitenancy Laws and Regulations Various clients reside on the same machine. A flaw in implementation could compromise security. Laws and Regulations The consumer retains the ultimate responsibility for compliance