Exam 1 Review BADM 7403

Two Approaches to Media Access Control

- Contention Access - Controlled access

Different Network Controls

- Preventive Controls - Detective Controls - Corrective Controls

OSI Model stands for?

Open Systems Interconnection Reference Model

Cluster

is a group of independent IT resources that are interconnected and work as a single system.

Trust Boundary

is a logical perimeter that typically spans beyond physical boundaries to represent the extent to which IT resources are trusted (Figure 4.7).

Public Cloud

is a publicly accessible cloud environment owned by a third-party cloud provider. E.g: Amazon AWS, Google App Engine, Microsoft 365 et...

Malicious insider

o Malicious insiders are human threat agents acting on behalf of or in relation to the cloud provider. They are typically current or former employees or third parties with access to the cloud provider's premises. This type of threat agent carries tremendous damage potential, as the malicious insider may have administrative privileges for accessing cloud consumer IT resources.

Application Architecture

o The way the functions of the application layer are spread out across the client and server o Four components of applications: § Presentation logic § Application logic § Data access logic § Data Storage

Physical Layer

which transmits the message.

Infrastructure as a Service (IaaS)

§ All hardware is outsourced

Transport Layer

§ which links the application layer to the network layer, controls the segmenting and tracking of the packets of data, and is in charge of flow control.

On-Premise IT Resources

- Internal End-User device access corporate It Services through the corporate network - Internal Users access corporate IT services through the corporate Internet Connection while roaming in external networks. -External Users access corporate IT services through the corporate Internet Connections

Cloud-Based IT Resources

- Internal End-User device access corporate It Services through the corporate network - Internet Users access corporate IT Services while roaming in external networks through the cloud provider's Internet Connection - External users access corporate IT services through the cloud provider's Internet Connection. .

The Three Basic Architectural tiers of Web Applications

-Presentation Layer -Application Layer -Data Layer

Identify the 5 Layers of OSI Model

1. Physical 2. Data Link 3. Network 4. Transport 5. Application

What are five processes that are needed to facilitate the flow of data in an OSI Model?

1. Physical 2. Data Link 3. Network 4. Transport 5. Application

Servers

A physical server can be abstracted into a virtual server

Single-tenancy

A single instance of the software and supporting infrastructure serve a single customer. Each Customer or tenant must purchase and maintain an individual system.

Scalability

Allows for traffic spikes and minimizes delays

Elasticity

Allows for workload changes by provisioning and de-provisioning resources in an autonomic manner, such that at each point in time the available resources match the current demand as closely as possible

Integrity

Assurance that data have not been altered or destroyed

Backbone Networks (BNs)

Backbone Networks (BNs) · High-speed networks connecting other networks together · May span hundreds of feet to several miles

CIA Triad

Confidentiality, Integrity, Availability

Contention Access

Devices must be "polite" and follow these steps: o "Listen" for traffic o If another device is transmitting, wait to transmit o Otherwise, transmit (and keep listening) o If another device begins to transmit, stop and wait

Controlled Access

Each device must get "permission" to transmit, similar to raising a hand.

Risk Treatment

Mitigation policies and plans are designed during the risk treatment stage with the intent of successfully treating the risks that were discovered during risk assessment. Some risks can be eliminated, others can be mitigated, while others can be dealt with via outsourcing or even incorporated into the insurance and/or operating loss budgets. § Risk Mitigation Policy § Risk Mitigation Action

Confidentiality

Protection of an organizational data from unauthorized disclosure

What is PDU?

Protocol Data Unit (PDU) contains layer-specific information necessary for a message to be transmitted through a network § Each layer adds a PDU § PDUs act like nested envelopes § Encapsulation occurs when a higher level PDU is placed inside of a lower level PDU

What is Protocol?

Protocol Defines the Language of Transmition - It specifies the rules, functionality, and message for communication at the layer

What are the Risk Management phases?

Risk Assessment Risk Treatment Risk Control

Ubiquitous

Services or data are available from anywhere

Availability

The Degree to which information and systems are accessible to authorized users

Horizontal Scaling

The allocating or releasing of IT resources that are of the same type is referred to as ...

Multitenancy (Multi-Tenancy)

The characteristic of a software program that enables an instance of the program to serve different consumers (tenants) whereby each is isolated from the other, is referred to as...

Cloud Provider

The party that provides cloud-based IT resources is the cloud provide.

Cloud Consumer

The party that uses cloud-based IT resources is the

Cloud Service Owner

The person or organization that legally owns a cloud service is called a

What are the different types of threats to the cloud?

Traffic Eavesdropping: Malicious Intermediary: Denial of Service (DoS): Insufficient Authorization: Weak Authentication: Virtualization Attack: Overlapping Trust Boundaries: Container Attack:

Vertical Scaling

When an existing IT resource is replaced by another with higher or lower capacity, ___________ is considered to have occurred

Wide Area Networks (WANs)

Wide Area Networks (WANs) · Largest geographic scope · Often composed of leased circuits · May spans hundreds or thousands of miles

Malicious Service Agent

__________________ is able to intercept and forward the network traffic that flows within a cloud (Figure 6.5). It typically exists as a service agent (or a program pretending to be a service agent) with compromised or malicious logic. It may also exist as an external program able to remotely intercept and potentially corrupt message contents.

Trusted Attacker (Malicious Tenant):

_____________________shares IT resources in the same cloud environment as the cloud consumer and attempts to exploit legitimate credentials to target cloud providers and the cloud tenants with whom they share IT resources (Figure 6.6). Unlike anonymous attackers (which are non-trusted), _____________ usually launch their attacks from within a cloud's trust boundaries by abusing legitimate credentials or via the appropriation of sensitive and confidential information.

Multipoint Circuits

are most commonly used in wireless today. · Shared circuits (________) are less expensive

What are Network Controls?

are safeguards that reduce or eliminate threats to network security

Virtualization Attack

attack exploits vulnerabilities in the virtualization platform to jeopardize its confidentiality, integrity, and/or availability.

Insufficient Authorization

attack occurs when access is granted to an attacker erroneously or too broadly, resulting in the attacker getting access to IT resources that are normally protected. This is often a result of the attacker gaining direct access to IT resources that were implemented under the assumption that they would only be accessed by trusted consumer programs (Figure 6.11).

Hybrid Cloud

cloud environment comprised of two or more different cloud deployment models.

Point-to-Point circuits

include most wired connections today

Container Build File

is a descriptor (created by the user or service) that represents the requirements of the application and services that run inside the container, as well as the configuration parameters required by the container engine in order to create and deploy the container. The syntax and format of the container build file and configuration parameters it defines depend on the choice of container engine.

Anonymous Attacker

is a non-trusted cloud service consumer without permissions in the cloud (Figure 6.4). It typically exists as an external software program that launches network-level attacks through public networks. When anonymous attackers have limited information on security policies and defenses, it can inhibit their ability to formulate effective attacks. Therefore, __________ often resort to committing acts like bypassing user accounts or stealing user credentials, while using methods that either ensure anonymity or require substantial resources for prosecution.

IT Resource

is a physical or virtual IT-related artifact that can be either software-based, such as a virtual server or a custom software program, or hardware-based, such as a physical server or a network device

Threat

is a potential security violation that can challenge defenses in an attempt to breach privacy and/or cause harm. Both manually and automatically instigated ________s are designed to exploit known weaknesses, also referred to as vulnerabilities. A _________ that is carried out results in an attack.

Vulnerability

is a weakness that can be exploited either because it is protected by insufficient security controls, or because existing security controls are overcome by an attack. IT resource vulnerabilities can have a range of causes, including configuration deficiencies, security policy weaknesses, user errors, hardware or firmware flaws, software bugs, and poor security architecture.

Private Cloud

is owned by a single organization. They enable an organization to use cloud computing technology as a means of centralizing access to IT resources by different parts, locations, or departments of the organization. Hosted/Non Hosted Solutions Benefit: Under Enterprise Control Whilst VM architecture essential, it will lack benefits of sharing: Cost; Scalability; Performance

Community Cloud

is similar to a public cloud except that its access is limited to a specific community of cloud consumers.

Cloud Resource Administrator

is the person or organization responsible for administering a cloud-based IT resource (including cloud services).

Data Link Layer

moves the message from one device to the next by controlling the hardware, formatting the message, and checking for errors

How does a server know how to route traffic based upon the information in the IP header?

o Addressing § Used to direct messages from source to destination § Addresses are assigned in various ways (e.g., by system administrators, ICANN, hardware vendors, etc.) § Addresses exist at different layers § Addresses may be translated (resolved) from one layer to another (e.g., DNS, ARP

·How does a server know how to route traffic based upon the information in the IP header?

o Addressing § Used to direct messages from source to destination § Addresses are assigned in various ways (e.g., by system administrators, ICANN, hardware vendors, etc.) § Addresses exist at different layers § Addresses may be translated (resolved) from one layer to another (e.g., DNS, ARP

What are the Differences between Horizontal and Vertical Scaling?

o Horizontal Scaling: The allocating or releasing of IT resources that are of the same type is referred to as horizontal scaling o Vertical Scaling: When an existing IT resource is replaced by another with higher or lower capacity, vertical scaling is considered to have occurred

Overlapping Trust Boundaries

o If physical IT resources within a cloud are shared by different cloud service consumers, these cloud service consumers have ________________________________________- Malicious cloud service consumers can target shared IT resources with the intention of compromising cloud consumers or other IT resources that share the same trust boundary. The consequence is that some or all of the other cloud service consumers could be impacted by the attack and/or the attacker could use virtual IT resources against others that happen to also share the same ________.

What are the R's ?

o Rehosting § Move resources from in-house to the cloud, with no changes o Replatforming § Move resources from in-house to the cloud, but optimize for the cloud o Repurchasing § Complete change of the resource from on-premise to the cloud (e.g. on-premise CRM to Salesforce) o Re-factoring § Adding new features now that the resource is in the cloud o Retire § Shut down legacy system o Retain § Do nothing (for now)

Different Types of Risk Control

o Risk assessment frameworks o Risk Assessment/control strategies

Containerization

o The container is an executable instance of a pre-defined or customized container image that contains one or more software programs, most commonly an application or service. While containers are isolated from each other, they may be required to access a shared resource over the network, such as a file system or remote IT resource. This is possible without impacting the isolated containers. Each container may have one application or process running in it. Containers can also host multiple applications, services or processes.

Container Engine

o The key component of container architecture is the container engine, also referred to as the containerization engine. The container engine is specialized software that is deployed in an operating system to abstract the required resources and enable the definition and deployment of containers. Container engine software can be deployed on physical machines or virtual machines.

Denial of Service (DoS)

o The objective of _________attack is to overload IT resources to the point where they cannot function properly. This form of attack is commonly launched in one of the following ways: § The workload on cloud services is artificially increased with imitation messages or repeated communication requests. § The network is overloaded with traffic to reduce its responsiveness and cripple its performance. § Multiple cloud service requests are sent, each of which is designed to consume excessive memory and processing resources.

Risk Control

o The risk control stage is related to risk monitoring, a three-step process that is comprised of surveying related events, reviewing these events to determine the effectiveness of previous assessments and treatments, and identifying any policy adjustment adjustment needs. Depending on the nature of the monitoring required, this stage may be carried out or shared by the cloud provider.

What can a user customize in a multitenant solution?

o User is a cloud consumer that can use the same IT resources or its instance while each remains unaware that it may be used by others. o Each user/tenant has its own view of the application that it uses, administers, and customizes as a dedicated instance of the software. o User/Tenant can customize the following in a multitenant solution: § User Interface - Tenants can define a specialized "look and feel" for their application interface. § Business Process - Tenants can customize the rules, logic, and workflows of the business processes that are implemented in the application. § Data Model - Tenants can extend the data schema of the application to include, exclude, or rename field in the application data structures. § Access Control - Tenants can independently control the access rights for the users and groups.

What Known It Resources Can be Virtualized?

o Virtualization is the process of converting a physical IT resource into a virtual IT resource § Servers: A physical server can be abstracted into a virtual server § Storage: A physical storage device can be abstracted into a virtual storage device or a virtual link § Network: Physical routers and switches can be abstracted into logical network fabrics, such as VLANs § Power: A physical UPS and power distribution units can be abstracted into what are commonly referred to as virtual UPSs

Which Types of Threats can a cloud strategy help to mitigate?

o Virus Protection o Denial of Service Protection o Theft Protection o Device Failure Protection Disaster Protection

Weak authentication

o can result when weak passwords or shared accounts are used to protect IT resources.

Risk Control

o related to risk monitoring, a three-step process that is comprised of surveying related events, reviewing these events to determine the effectiveness of previous assessments and treatments, and identifying any policy adjustment The risk control stage is related to risk monitoring, a three-step process that is comprised of surveying related events, reviewing these events to determine the effectiveness of previous assessments and treatments, and identifying any policy adjustment § Risk Review § Risk Monitoring

Risk Assessment

o the cloud environment is analyzed to identify potential vulnerabilities and shortcomings that threats can exploit. § Threats § Risk Identification § Risk Evaluation

Traffic Eavesdropping

occurs when data being transferred to or within a cloud (usually from the cloud consumer to the cloud provider) is passively intercepted by a malicious service agent for illegitimate information gathering purposes (Figure 6.8).

Corrective Controls

remedy an unwanted event or intrusion

Capacity Planning

the process of determining and fulfilling future demands of an organization's IT resources, products, and services.

Malicious Intermediary

threat arises when messages are intercepted and altered by a malicious service agent, thereby potentially compromising the message's confidentiality and/or integrity. It may also insert harmful data into the message before forwarding it to its destination. Figure 6.9 illustrates a common example of the malicious intermediary attack.

Container Image

uses a container image to deploy an image based on pre-defined requirements. For example, if an application requires a database component or Web server service to operate, these requirements are defined by the user in the container build file. Based on the defined descriptions, the container engine customizes the operating system image and the required commands or services for the application. This customized image is normally an immutable read-only image, which enables the deployed application or services in the container to function and perform tasks, but prevents any changes from being made.

Application Layer

which is the user's access to the network and the software to perform the work.

Software as a Service (SaaS)

§ All application components and associated hardware/software outsourced § Based on multitenancy e.g. Salesforce.com

Platform as a Service (PaaS)

§ Application logic and data are managed internally § e.g., Microsoft Azure

Advantages of Cloud Computing

§ Lower computing cost § Improved performance of the infrastructure § Reduced software costs § Instant software updates § Improved document format compatibility § Unlimited storage capacity § Increased data reliability § Universal document access § Latest version availability § Easier group collaboration, and § Device independence

Resiliency

§ Mirrored solutions to minimize downtime in the event of a disaster § Gives businesses the sustainability they need during unanticipated events.

Homogeneity

§ No matter which cloud provider and architecture an organization uses, an open cloud will make it easy for them to work with other groups, even if those other groups choose different providers and architectures.

Risk Assessment Frameworks

§ Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) § Control Objectives for Information and Related Technology (COBIT) § Risk Management Guide for Information Technology Systems (NIST guide)

Disadvantages of Cloud Computing

§ The requirement for a constant Internet connection § Does not work well with low-speed connections § Features may be limited § Can be slow § Stored data might not be secure, and § Stored data can be lost

Network Layer

§ which decides where messages goes and is in charge of addressing and routing.

Local Area Networks (LANs)

· Covers a small, clearly defined area · Might contain a single floor or work area or single building · When LANs use wireless circuits, they are called Wireless Local Area Networks (WLAN)

Preventive Controls

· Mitigate or stop a person from acting or an event from occurring · Act as a deterrent by discouraging or restraining

Detective Controls

· Reveal or discover unwanted events (e.g., auditing) Documenting events for potential evidence

Letter Writing Example:

• Application - Paper • Presentation - Body • Session - Letter heading • Transport - Your name on envelope • Network - Their name on envelope • Data - Envelope • Physical - Method of delivery