Comptia Sec+ SYO-610 3.6
community cloud
. A community cloud is a cloud infrastructure that is shared among a few groups, such as partnering corporations, but is otherwise private. This is generally used and controlled by organizations that have shared or similar interests.
Hypervisor
A hypervisor is a piece of hardware or software that runs multiple instances of virtual machines either directly off of the hardware of the machine, or on top of an existing operating system •
On Premise vs Hosted vs Cloud cont.
Cloud implementation times are much shorter and require no setup of hardware for the organization. The shared, multi-tenant servers can be quickly upgraded as necessary for all tenants on the system.
Cloud storage
Cloud storage is data storage that is hosted over the network and typically hosts data cross many different drives and servers. The cloud storage provider is responsible to maintain these servers. • People and organizations buy or lease storage capacity from the providers to store user, organization, or application data. • Cloud storage generally contains multi-tenant data. This means your data an all other customer's data is kept on the same devices.
Hybrid Cloud
Hybrid cloud is a mix of both a private and public cloud. This allows the organization to shift the workload between the two as needs demand, allowing for increased flexibility.
On-Premise "Cloud"
On-Premise "Cloud" is a solution that is hosted locally. Though not as truly a cloud solution, it can act as a private cloud for other business locations. The organization doesn't have to worry about who controls their data.
SaaS - Software as a Service
Software as a Service (SaaS)" delivers software as a service over the Internet, eliminating the need to install and run the application on the customer's own computers and simplifying maintenance and support. • Software as a Service (SaaS) is a good solution if budget requirements do not allow for additional servers or hiring new personnel. • Webmail would be classified as a Software as a Service (SaaS) technology.
Type-1 hypervisors
Type-1 hypervisors run directly on the hardware and run the guest virtual machines on top. Type-1 hypervisors tend to run faster and are less prone to compromise.
Type-2 hypervisors
Type-2 hypervisors run as an application on top of an existing operating system. Type-2 hypervisors run slower and are more prone to compromise than a type1 but it is capable of being run on any existing machine.
Hosted (cloud)
• A Hosted cloud is hosted by another vendor for the organization. These can be accessed remotely but the organization loses control of the hardware. Cloud hosted applications tend to not be hosted as multi-tenant unlike normal cloud solutions.
Private Cloud
• A private cloud is similar in principle, but is set up behind a firewall and provides hosted services to only a limited number of approved users.
On Premise vs Hosted vs Cloud cont.
• Both the Hosted and Cloud solution allows for increased scalability and reduced cost for the organization. Though, the more the company saves in hosting the hardware and software, the less control they have.
Cloud Computing
• Cloud computing refers to the on-demand provision of computational resources (data, software or hardware) via a computer network, rather than from a local computer. • A provider cloud facilitates computing for heavily utilized systems and networks. It can store multi-tenant data with different security requirements. • A security control that is lost with cloud computing is physical control of the data.
IaaS - Infrastructure as a Service
• Cloud infrastructure services, also known as Infrastructure as a Service (IaaS), deliver computer infrastructure - typically a platform virtualization environment - as a service. • For example, the cloud provider provides the entire infrastructure over the network. This can include computer, servers, and even the systems required in electrical or water infrastructures.
hypervisors cont..
• Container based virtualization runs many isolated guests on top of a host operating system. Instead of each using their own virtual machine, each guest just runs in an isolated environment from the host OS. • This isolated environment is known as a container.
Public Cloud
• In a public cloud, a third-party provider offers a range of services to the general public over the internet. Data from several corporate or individual clients may share the same server. • A private cloud is similar in principle, but is set up behind a firewall and provides hosted services to only a limited number of approved users.
PaaS - Platform as a Service
• Platform as a Service (PaaS) - It facilitates deployment of applications without the cost and complexity of buying and managing the underlying hardware and software layers. • It provides an easy-to-configure operating system and on-demand computing for customers.
SECaaS
• Security as a service (SECaaS) is when a cloud service provider is in charge of providing some type of security service over the cloud. This removes a company's need to buy their own dedicated security hardware. • This could include anything from anti-virus services to some form of intrusion prevention system . • Can also provide cloud-specific security, which has growing importance with today's cloud centric computing. • SECaaS is cheaper than hosting all of these services on the local network, since none of the hardware needs to be bought and maintained.
VM escape
• Virtual machine escape is an issue where an attacker would be able to "escape" their current virtual machine to access other VMs on the host, or the host itself. • An exploit like this is increasingly dangerous because of the growing use of VMs in the professional environment. • To minimize the risk of VM escape: • Only install necessary applications, and be selective in what is installed. • Keep VMs up to date and patched . • Minimize user privilege to only what is needed
VM Sprawl Avoidance
• Virtualization sprawl is when the quantity and organization of virtual machines on a network hit a point where the admin can no longer manage them. • VMs might be easy to create, but they have many of the same issues as their physical counterparts. They require continual support and need to stay up to date. • Proper licensing • Secure configurations • Compliant to company policy • To mitigate this issue the admin should use one central image, or a few centralized images, and remove older and lesser used images from service.
Security Groups
•Basic stateful packet filtering for instances •Default security group •Custom groups •Custom group with no rules drops all network traffic •Can be assigned to multiple instances •Instances in the same subnet can be assigned different security groups •Multiple security groups can be assigned to the same instance
Cloud Networking Security
•Cloud networking types •Operating and managing cloud systems •Virtual networks between VMs and containers within the cloud •Virtual networks publishing cloud services •Virtual private clouds (VPCs) •Segmented virtual networks •Can contain multiple IPv4 and IPv6 subnets •Public and private subnets •Internet gateway and default route •Public IP addresses •NAT gateway •VPN
Fog and Edge Computing
•Embedded and IoT devices deployed at the network edge •Strong requirements for availability and low latency •Fog computing •Provision greater processing resource between the edge and data center •Edge computing •Defines additional zones and processing nodes •Edge device zone •Edge gateways •Fog nodes
Cloud Access Security Brokers
•Mediate access to cloud services by enterprise users across all types of devices •Implemented as proxy or via API •Next-Generation Secure Web Gateway (SWG) •Secure access service edge (SASE)
