Security+ SY0-601: 2.2: Virtualization and Cloud Security

Chapter 10: Virtualization and Cloud Security

Traditional Models (not cloud)

On-premises

Hosting

Cloud Models

See diagram p. 161.

IaaS

PaaS

SaaS

XaaS

Level of Control in each of the above

Cloud Ownership

Public – eg. Amazon

Community – eg. the Realtors MLS

Private – eg. PNM

Hybrid – eg. Hybrid Cloud with AWS

Cloud Service Providers

MSP: Managed Service Provider

MSSP: Managed Security Service Provider

On-Premises vs. Off-Premises

Fog Computing

Edge Computing

Thin Clients

Containers

The Docker revolution

Microservices and APIs

REST

SOAP

Infrastructure as Code

SDN: Software Defined Networking

https://en.wikipedia.org/wiki/Software-defined_networking

SDV: Software Defined Visibility – Managing access through network configuration, rather than domain permissions.

Serverless Architecture

Services Integration

Resource Policies

Transit Gateway

Between networks

Compare with Jump Servers, which are between security zones.

Virtualization

Hypervisors

Type 1

VMware, Xen, KVM, ESXi, Hyper-V

Type 2

VirtualBox, VMware Player

VM Sprawl

What differentiates a cloud from a virtualized environment is that with a cloud, consumers/users get to self provision their VMs.

This may lead to forgotten or outdated VMs bloating your infrastructure, and requires strict billing and auditing.

VM Escape Protection

The hypervisor adds to your attack surface.

Network Considerations

Special DNS Resolution: Virtual Domain Routing

Special NAT: Routing from Inside a Cloud to Outside