Chapter 10: Virtualization and Cloud Security
Traditional Models (not cloud)
On-premises
Hosting
Cloud Models
See diagram p. 161.
IaaS
PaaS
SaaS
XaaS
Level of Control in each of the above
Cloud Ownership
Public – eg. Amazon
Community – eg. the Realtors MLS
Private – eg. PNM
Hybrid – eg. Hybrid Cloud with AWS
Cloud Service Providers
MSP: Managed Service Provider
MSSP: Managed Security Service Provider
On-Premises vs. Off-Premises
Fog Computing
Edge Computing
Thin Clients
Containers
The Docker revolution
Microservices and APIs
REST
SOAP
Infrastructure as Code
SDN: Software Defined Networking
https://en.wikipedia.org/wiki/Software-defined_networking
SDV: Software Defined Visibility – Managing access through network configuration, rather than domain permissions.
Serverless Architecture
Services Integration
Resource Policies
Transit Gateway
Between networks
Compare with Jump Servers, which are between security zones.
Virtualization
Hypervisors
Type 1
VMware, Xen, KVM, ESXi, Hyper-V
Type 2
VirtualBox, VMware Player
VM Sprawl
What differentiates a cloud from a virtualized environment is that with a cloud, consumers/users get to self provision their VMs.
This may lead to forgotten or outdated VMs bloating your infrastructure, and requires strict billing and auditing.
VM Escape Protection
The hypervisor adds to your attack surface.
Network Considerations
Special DNS Resolution: Virtual Domain Routing
Special NAT: Routing from Inside a Cloud to Outside