Add to collection(s) Add to saved
  1. No category
Uploaded by Sam Clough

Lecture 01

advertisement 
CYB 610 Cloud Systems Security
Course Introduction
Chen Zhong
CYB 610 Cloud Systems Security
• First week:
• User: Classroom120
• Password: Spartans+2121
CYB 610 Cloud Systems Security
Overview
• Make sure everything works! Check list:
•
•
•
•
Question for me? Question about myself?
Clear voice, screen and docs are accessible,
Discussion methods (breakout room + zoom poll)
Anything else?
• What to learn and how to learn?
• Cloud computing
• What is it?
• What does it comprised of?
• Why is it so prevalent and key to business
development?
• Lab: Lab Setup
CYB 610 Cloud Systems Security
Cloud Systems Security
• What, Why cloud computing
• Why should we care about security
CYB 610 Cloud Systems Security
Cloud computing uses Internet technology to provide flexible and scalable services.
CYB 610 Cloud Systems Security
Cloud Computing
• Cloud vendor provides managed computing
resources for rent by customers
• What do you want to rent?
• (Virtualized) Hosts (Infrastructure as a Service)
• Rent cycles: AWS EC2, Rackspace Cloud Servers,
OpenStack
• Environment (Platform as a Service)
• Rent instances: AWS Lambda, Microsoft Azure, Google
App Engine, Workday cloud platform
• Programs (Software as a Service)
• Rent services: Salesforce, Google Docs, AWS, Dropbox,
Slack
CYB 610 Cloud Systems Security
From Data Center to Cloud
-> Doubt or
not?
Credits: Systems and Internet Infrastructure Security (SIIS) Laboratory Page@PSU
CYB 610 Cloud Systems Security
Reasons to Doubt
• History has shown they are vulnerable to
attack
•
•
•
•
Default and hardcoded passwords
Passwords and other credentials stored in plain text files
Unpatched software and firmware vulnerabilities
Poorly configured BIOS, firewalls, ports, servers, switches,
routers, or other parts of the infrastructure
• Unencrypted network traffic or data at rest
• Lack of privileged access
• …
• Insiders can subvert even hardened systems
Credits: Systems and Internet Infrastructure Security (SIIS) Laboratory Page@PSU
CYB 610 Cloud Systems Security
Reasons to Doubt
https://www.comparitech.com/blog/information-security/biggest-data-breaches-in-history/
CYB 610 Cloud Systems Security
Co
ty
Data
and
services
gri
• My home is my castle, and I want
a certain measure of privacy when
I'm home (Confidentiality).
• Protect the assets in my home
from theft or from being tampered
by unauthorized parties (Integrity).
• I'd like my house and its contents
to remain in full working order
whenever I want them (Availability).
e
Int
nfi
den
t
ial
ity
Security
Availability
Figure 1.1 The Security Requirements Triad
10
CYB 610 Cloud Systems Security
Cloud Security vs Security
• New problem or new solution?
• New challenges brought on by the cloud
(plus old ones)
•
•
•
•
•
•
•
Data security concern
Selection of cloud, private, public or hybrid.
Real-time monitoring
Dependency on cloud provider
Lack of knowledge and expertise
Recovery of lost data
…
CYB 610 Cloud Systems Security
Security Domains Related to the Cloud
• The CCSP certification covers material from
the six topical domains. They are as follows:
• Domain 1: Cloud Concepts, Architecture, and
Design
• Domain 2: Cloud Data Security
• Domain 3: Cloud Platform and Infrastructure
Security
• Domain 4: Cloud Application Security
• Domain 5: Cloud Security Operations
• Domain 6: Legal, Risk, and Compliance
Excerpt From: Ben Malisow. “CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide.”
CYB 610 Cloud Systems Security
Course Map
CYB 610 Cloud Systems Security
Course Highlights
• Our targets: concepts, skills, tools …
• Most important: learn how to learn
• Technologies are evolving
• How can we quickly understand emerging
technologies/threats, estimate their impacts on business,
and make the right response?
• To achieve the goal of learning how to learn:
• Understand the existing problems: why, what, and
how
• Practice logic thinking
• Learn by doing
CYB 610 Cloud Systems Security
Cloud Computing
What is it?
What does it comprised of?
Why is it so prevalent and key to business development?
CYB 610 Cloud Systems Security
Cloud Computing
• What is cloud computing?
• Cloud deployment model
• Key cloud concepts
• Cloud service models
CYB 610 Cloud Systems Security
Why Cloud?
• Cloud vendor provides managed computing resources
for rent by customers
CCSP (ISC)2 Study Guide
CYB 610 Cloud Systems Security
What is Cloud Computing
• The official NIST definition:
• “Cloud Computing is a model for enabling
ubiquitous, convenient, on-demand network access
to a shared pool of configurable computing
resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly
provisioned and released with minimal
management effort or service provider interaction.”
CCSP (ISC)2 Study Guide
CYB 610 Cloud Systems Security
Technologies it is based on
• Virtualization relies on
software to simulate
hardware functionality
and create a virtual
computer system.
• Being used in data
centers for a long time
• Allows the possibility
of having multiple
virtual machines (VM)
• Sometimes referred to
as “instance”
Guest
VM
Guest
VM
Guest
VM
Guest
VM
Hypervisor
Host Operating System
Physical Hardware
CYB 610 Cloud Systems Security
Technologies it is based on
• Each VM runs a separate
operating system and
applications.
• VMs run at the same time
without being aware of
each other's existence
while sharing the
underlying hardware
resources.
• A hypervisor is software
that hosts these VMs who
creates the shared pool of
computing resources.
Guest
VM
Guest
VM
Guest
VM
Guest
VM
Hypervisor
Re
qu
est
Host Operating System
Physical Hardware
CYB 610 Cloud Systems Security
Benefits of Virtualization
• Reduce capital costs
• Less hardware is required as you have the ability to
provision multiple VMs on one host
• Reduce operating costs
• Less hardware, less space, power, cooling required within
data center
• Optimization of resources
CYB 610 Cloud Systems Security
Resources for Rent
• Compute
• Storage
• Database
• Network
• Artificial Intelligence
CYB 610 Cloud Systems Security
Resources for Rent
Remote virtual pool of on-demand shared resources
• Compute
• Compared with classic environment: CPU, RAM
• Storage
• Classic: Hard disks or Network Attached Storage (NAS),
High speed Storage Area Network (SAN)
• Database
• Classic: MS SQL server, Mysql
• Network
• Classic: Router, switch, firewall
CYB 610 Cloud Systems Security
Cloud Deployment Model
• Public cloud
• Private cloud
• Hybrid cloud
• Community cloud
Described in Textbook Ch 5 and we will revisit them when talking
about security issues.
CYB 610 Cloud Systems Security
Public Cloud
• A vendor makes available the use of shared
infrastructure, including:
•
•
•
•
Compute
Storage
Database
Network
• It can be provisioned on demand and typically
access over the internet for public usage.
CYB 610 Cloud Systems Security
Public Cloud
• Consumer will never see the hardware used or know
the exact physical location of their data
• Consumer can specify the geographic region in which
it resides to aid with data access latency based on
where end users are located.
• Cloud vendor provides all backend and physical
maintenance of the physical location services such as
power, cooling, hardware failure.
• As a general rule, you can access your services on the
Public Cloud from anywhere with an internet
connection.
CYB 610 Cloud Systems Security
Private Cloud
• Compared with public cloud:
• Infrastructure is privately hosted, managed and
owned by the individual company using it
• It gives improved and more direct control of the
company’s data
• Enterprise can keep a tighter grasp of security control
• Visualization: create a pool of shared compute,
storage and network resources.
• Additional costs will be needed for operations
and maintains of the equipment.
CYB 610 Cloud Systems Security
Hybrid Cloud
• Makes use of both public and private cloud
• Established when a network link is configured
between the Private Cloud to services within the
Public Cloud
• Combines the advantages and disadvantages
of both network.
• Normally for short-term configuration
• May be used for seasonal burst traffic, or for
Disaster Recovery
CYB 610 Cloud Systems Security
Key Characteristics of Cloud
Computing
• On-demand resourcing
• Scalability
• Economy of scale
• Flexibility & elasticity
• Growth
• Utility based metering
• Shared infrastructure
• Highly available
• Security
CYB 610 Cloud Systems Security
Cloud Service Models
• Software as a Service (SaaS)
• Allows the delivery of an application that can be
widely distributed and accessed
• No requirements to install software on local device
• Platform as a Service (PaaS)
• Makes for deployment service for developers
• Vendor manages and maintains host hardware,
network components, OS, etc
• Infrastructure as a Service (IaaS)
• Enables to architect your own portion of the cloud by
configuring computer (virtual) and network (virtual)
• You can configure VMs (instances) and their OS
CYB 610 Cloud Systems Security
Cloud Service Models
CYB 610 Cloud Systems Security
Other Cloud Services
• Disaster Recovery as a Service (DRaaS)
• Communication as a Service (CaaS)
• Monitoring as a Service (MaaS)
• Security as a Service (SaaS)?
• https://technologyadvice.com/blog/information-technology/top-5-security-as-aservice-providers/
Related documents
ELEMENTS OF WEATHER SUMMARY
ELEMENTS OF WEATHER SUMMARY
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Cloud Based Business Growth Support Processes
Cloud Based Business Growth Support Processes
Security Position
Security Position
Download
advertisement