Scribd
Upload
31 views

Revision Notes

Uploaded by

Sam Chan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
31 views

Revision Notes

Uploaded by

Sam Chan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Domain 14 – Big data, IoT, Serverless

Big data, high volume, high velocity, high variety


3 components: Distributed data collection; Distributed storage; distributed
processing
Data collection use intermediary storage properly secured
Key management
IAM
IoT: key security issues:
Secure data collection and sanitization
Device registration authentication authorization, API security, encrypted
communication, patch
Mobile:
Device registration authentication authorization, API security,
Serverless computing:
- Object storage
- Cloud load balancers
- Cloud databases
- Machine learning
- Message queues
- Notification services
- Code execution environment
- API gateways
- Webs servers
- Will not access to the log and monitoring, need integration with logging
Cloud provider: must clearly state which PaaS services have been assessed against
which compliance or standard
Cloud user: must only use serverless services that match their compliance and
obligations

Domain 7 –
Micro-segmentation  operational expenses up
SOP:
1. SDP client for connecting asset
2. SDP controller for authentication and authorization, configuring connect tion to
SDP gateways
3. SDP gateway for terminating SDP traffic
When used, virtual appliances should support auto-scaling to match the elasticity of
the resources they protect. Depending on the product, this could cause issues if the
vendor does not support elastic licensing compatible with auto-scaling.

IP addresses will change far more quickly than on a traditional network, which
security tools must account for. Ideally they should identify assets on the network by
a unique ID, not an IP address or network name.

Software container systems always include three key components: • The execution
environment (the container). • An orchestration and scheduling controller (which can
be a collection of multiple tools). • A repository for the container images or code to
execute. • Together, these are the place to run things, the things to run, and the
management system to tie them together.

A deep understanding of container security relies on a deep understanding of


operating system internals, such as namespaces, network port mapping, memory,
and storage access

Domain 9: Incident Responses


4 phases (NIST-800-61)
Preparation: “Establishing an incident response capability so that the organization is
ready to respond to incidents.”
Detection and Analysis: Detection and analysis in a cloud environment may look
nearly the same (for IaaS) and quite different (for SaaS). In all cases, the monitoring
scope must cover the cloud’s management plane, not merely the deployed assets

Containment, Eradication, recovery


Post-mortem
External threat intelligence may also be useful, as it is with on-premises incident
response, in order to help identify indicators of compromise and to get adversary
information. Be aware that there are potential challenges when the information that
is provided by a CSP faces chain of custody questions. There are no reliable
precedents established at this point. Forensics and investigative support will also
need to adapt, beyond understanding changes to data sources. Always factor in what
the CSP can provide and whether it meets chain of custody requirements. Not every
incident will result in legal action, but it’s important to work with your legal team to
understand the lines and where you could end up having chain of custody issues

Some examples of tasks you can automate include: • Snapshotting the storage of the
virtual machine. • Capturing any metadata at the time of alert, so that the analysis
can happen based on what the infrastructure looked like at that time. • If your
provider supports it, “pausing” the virtual machine, which will save the volatile
memory state.

Domain 10
Cloud computing
Opportunities
- Higher baseline security (significant economic incentives to maintain higher
baseline security)
- Responsiveness
- Isolated environments
- Independent virtual machines
- Elasticity
- DevOps
- Unified Interface
Challenges
- Limited detailed visibility
- Increased application scope (management plane, meta-structure)
- Changing threat models
- Reduced transparency

SSDLC
- Training: secure coding practice, writing security tests. Provider technical training
- Define: code standards, security functional requirements
- Design: threat modelling, secure design
- Develop: code review, unit testing, static analysis, dynamic analysis
- Test: Vulnerability Assessment, Dynamic Analysis, Functional tests, QA
-
Training: Three different roles will require two new categories of training.
Development, operations, and security should all receive additional training on cloud
security fundamentals (which are not provider specific), as well as appropriate
technical security training on any specific cloud providers and platforms used on their
projects. There is typically greater developer and operations involvement in directly
architecting and managing the cloud infrastructure, so baseline security training
that’s specific to the tools they will use is essential.

10.1.7.1 Security Implications and Advantages • Standardization: With DevOps,


anything that goes into production is created by the CI/CD pipeline on approved code
and configuration templates. Dev/Test/Prod are all based on the exact same source
files, which eliminates any deviation from known-good standards. • Automated
testing: As discussed, a wide variety of security testing can be integrated into the CI/
CD pipeline, with manual testing added as needed to supplement. • Immutable:
CI/CD pipelines can produce master images for virtual machines, containers, and
infrastructure stacks very quickly and reliably. This enables automated deployments
and immutable infrastructure. • Improved auditing and change management: CI/CD
pipelines can track everything, down to individual character changes in source files
that are tied to the person submitting the change, with the entire history of the
application stack (including infrastructure) stored in a version control repository. This
offers considerable audit and change-tracking benefits. • SecDevOps/DevSecOps and
Rugged DevOps: These two terms are emerging to describe the integration of
security activities into DevOps. SecDevOps/DevSecOps sometimes refers to the use
of DevOps automation techniques to improve security operations. Rugged DevOps
refers to integration of security testing into the application development process to
produce harder, more secure, and more resilient applications.

You might also like