SlideShare a Scribd company logo

Computer Network and Security - Edge Hill Guest Lecture

Download as PPTX, PDF
Michael Pearce
Michael Pearce

Securing Cloud Infrastructure and applications - concepts and popular services for managing traffic, detecting and preventing threats. The cloud enables us to create enterprise grade infrastructure that is scalable, highly available and fault tolerant, often deployed across multiple regions - this needs to be secured with tools and services such as web application firewalls (WAF), intrusion detection systems (IDS), intrusion prevention systems (IPS), DDoS protection, and economic denial of service/sustainability (EDoS) to ensure our data stays private and secure.

Technology
1 of 22
1 © 2021 Peak AI Ltd. All Rights Reserved Confidential 1 Confidential Michael Pearce - Peak AI Michael Pearce - Peak AI Computer Network and Security Current techniques, privacy and data protection Current techniques, privacy and data protection
2 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved Senior Engineering Manager @ Peak 7x AWS Certifications, inc. Security Specialty 2x Linux certifications Cyber Security Analyst (CYSA+) certified About Me Michael Pearce (Mike, for short) Started with Linux Chose a Computing course in final school years Attended Computing for Business Applications @ University of Manchester Made a friend at martial arts training > Summer work > Full time work - Network! Systems configuration & Training > Web development > IT Infrastructure > Cloud Currently building the Peak platform (https://peak.ai)
3 © 2021 Peak AI Ltd. All Rights Reserved Confidential Audience Survey
4 © 2021 Peak AI Ltd. All Rights Reserved Confidential Audience Survey
5 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved Securing Cloud Infrastructure and applications - concepts and popular services for managing traffic, detecting and preventing threats. The cloud enables us to create enterprise grade infrastructure that is scalable, highly available and fault tolerant, often deployed across multiple regions - this needs to be secured with tools and services such as web application firewalls (WAF), intrusion detection systems (IDS), intrusion prevention systems (IPS), DDoS protection, and economic denial of service/sustainability (EDoS) to ensure our data stays private and secure. Module: Emerging Technologies Cutting-edge techniques and their applications Securing the Cloud Agenda
6 © 2021 Peak AI Ltd. All Rights Reserved Confidential What is it? ● Keeping things functioning even when where are errors and faults ● Hardware or software ● Tied in with scalability and high availability Why do we need it? ● It is not useful, if it is not accessible ● Some threats include sabotage ○ e.g. Data loss Common Concepts What is it? ● Elastic Scaling ○ Aided by virtual servers ○ Consider load balancing Why do we need it? ● Making sure infrastructure can: ○ Handle high demands ■ Keep customer service available ■ Keep security tools available! ○ Reduce wasteful usage ■ Reduce attack vectors What is it? ● Making things available across data centres, regions, countries and continents ○ In disaster scenarios ● Part of the CIA Triad ○ Confidentiality, Integrity And Availability Why do we need it? ● It is not useful, if it is not accessible ● Some threats include sabotage ○ e.g. Reputational risk Scalability High Availability Fault Tolerance
7 © 2021 Peak AI Ltd. All Rights Reserved Confidential
8 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved ● Network security device ● Monitors incoming and outgoing network traffic ● Based on a set of security rules ● Establishes a barrier between your internal network and incoming traffic from external sources (such as the internet) ● In order to block malicious traffic like viruses and hackers. ● More of Web based firewalls later… Firewalls
9 © 2021 Peak AI Ltd. All Rights Reserved Confidential NACL (Network Access Control List) Traffic Control ● Operates on the Instance (VM etc.) ● Only used to determine allowed traffic ● Is stateful: Return traffic is automatically allowed, regardless of any rules ● Only applies to an instance if specified, deny by default Security Group ● An optional layer of security for your private cloud ● Acts as a firewall for controlling traffic in and out of one or more subnets ● You might set up Network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC ● Acts on the whole subnet ● Is stateless: Return traffic must be explicitly allowed by rules
10 © 2021 Peak AI Ltd. All Rights Reserved Confidential
11 © 2021 Peak AI Ltd. All Rights Reserved Confidential 11 Confidential Private Endpoints ● AWS Private Link / Azure Private Link / Google Service Connect ● Keeping traffic inside the virtual network ● Not out to the outside world and back ● Even when using cloud provider managed services ● Marketplaces of private link compatible services ○ Only within one providers network ● Less hops, less to manage - more stability and security
12 © 2021 Peak AI Ltd. All Rights Reserved Confidential 12 Confidential © 2021 Peak AI Ltd. All Rights Reserved Web Application Firewall (WAF) ● Protects applications from common web exploits, attack patterns or unwanted traffic. ● Block well known threats such as SQL injection or cross-site scripting, as well as custom rules based on the request payload. ● Also used for Monitoring AWS WAF, CloudFlare, Incapsula, Fortinet, Akamai, F5 Intrusion Detection & Prevention
13 © 2021 Peak AI Ltd. All Rights Reserved Confidential 13 Confidential Intrusion Detection System (IDS) ● Monitor a network for malicious activity or policy violations ● Report it and/or collected centrally (SIEM) ● Network or Host based ● Signature of Anomaly based ● Working closely, or combined with IPS ● But there are evasion techniques TrendMicro, Darktrace, Cisco, Palo Alto Networks Intrusion Detection & Prevention
14 © 2021 Peak AI Ltd. All Rights Reserved Confidential 14 Confidential © 2021 Peak AI Ltd. All Rights Reserved Intrusion Detection & Prevention Intrusion Prevention System (IPS) IPS may take action to shut down the threat! ● Restoring log files from storage ● Suspending user accounts ● Blocking IP addresses ● Killing processes ● Shutting down systems ● Starting up processes ● Updating firewall settings ● Alerting, recording, and reporting suspicious activities Checkpoint, Amour, TrendMicro, Palo Alto, CrowdSec
15 © 2021 Peak AI Ltd. All Rights Reserved Confidential < ALARMING QUOTE ABOUT DDoS AND EDoS HERE > 😱
16 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved DDoS - Distributed Denial of Service ● Malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. ● Usually a network of machines - bots - botnets. ● 2.4 Terabytes PER SECOND attack sustained by Microsoft in August 2021. EDoS - Economic Denial of Service (or Sustainability) ● A new twist on the traditional denial of service model ● Attackers purposefully inflate the bills of cloud service users until they can no longer afford service. DDoS & EDoS
17 © 2021 Peak AI Ltd. All Rights Reserved Confidential 17 Confidential Peak The Decision Intelligence Company
18 © 2021 Peak AI Ltd. All Rights Reserved Confidential The Peak Platform We recently announced the general availability of our platform (called Peak) in January 2022. It is a cloud based, multi-tenant platform to give you everything you need to build and deploy Decision Intelligence Solutions at pace and scale. We can build solutions for you, build it with you or you can build it yourself. We are announcing our data science community (a waiting list to find out more) - this will include events and early access to the platform. Go to https://peak.ai/community to sign up! Dock - data management - everything you need to make your data AI ready - includes data connectors and data bridge. Factory - an ML workbench designed by data scientists, for data scientists to create a centralised intelligence for companies. Work - a way for commercial leaders to interact with the intelligence created in Factory - used to power great decisions.
19 © 2021 Peak AI Ltd. All Rights Reserved Confidential The Peak platform Live Example
20 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved Live Demo 🤞
21 © 2021 Peak AI Ltd. All Rights Reserved Confidential Workspace Service Controlling access to internal resources
22 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved Thank You!

Recommended

MLOps - Getting Machine Learning Into Production
MLOps - Getting Machine Learning Into ProductionMLOps - Getting Machine Learning Into Production
MLOps - Getting Machine Learning Into Production
Michael Pearce
 
Linux CLI Primer
Linux CLI PrimerLinux CLI Primer
Linux CLI Primer
Michael Pearce
 
Look mum, no hands! AWS Systems Manager for server management and automation.
Look mum, no hands! AWS Systems Manager for server management and automation.Look mum, no hands! AWS Systems Manager for server management and automation.
Look mum, no hands! AWS Systems Manager for server management and automation.
Michael Pearce
 
IaC: Tools of the trade
IaC: Tools of the tradeIaC: Tools of the trade
IaC: Tools of the trade
Michael Pearce
 
Sage Advice: Getting started with Amazon SageMaker
Sage Advice: Getting started with Amazon SageMakerSage Advice: Getting started with Amazon SageMaker
Sage Advice: Getting started with Amazon SageMaker
Michael Pearce
 
Learning, Losing & Lessons Learnt: Cloud Certification the 2nd time around
Learning, Losing & Lessons Learnt: Cloud Certification the 2nd time aroundLearning, Losing & Lessons Learnt: Cloud Certification the 2nd time around
Learning, Losing & Lessons Learnt: Cloud Certification the 2nd time around
Michael Pearce
 
Git Primer
Git PrimerGit Primer
Git Primer
Michael Pearce
 
Building Scalable Data Ingestion
Building Scalable Data Ingestion Building Scalable Data Ingestion
Building Scalable Data Ingestion
Michael Pearce
 

Recommended

MLOps - Getting Machine Learning Into Production
MLOps - Getting Machine Learning Into ProductionMLOps - Getting Machine Learning Into Production
MLOps - Getting Machine Learning Into Production
Michael Pearce
 
Linux CLI Primer
Linux CLI PrimerLinux CLI Primer
Linux CLI Primer
Michael Pearce
 
Look mum, no hands! AWS Systems Manager for server management and automation.
Look mum, no hands! AWS Systems Manager for server management and automation.Look mum, no hands! AWS Systems Manager for server management and automation.
Look mum, no hands! AWS Systems Manager for server management and automation.
Michael Pearce
 
IaC: Tools of the trade
IaC: Tools of the tradeIaC: Tools of the trade
IaC: Tools of the trade
Michael Pearce
 
Sage Advice: Getting started with Amazon SageMaker
Sage Advice: Getting started with Amazon SageMakerSage Advice: Getting started with Amazon SageMaker
Sage Advice: Getting started with Amazon SageMaker
Michael Pearce
 
Learning, Losing & Lessons Learnt: Cloud Certification the 2nd time around
Learning, Losing & Lessons Learnt: Cloud Certification the 2nd time aroundLearning, Losing & Lessons Learnt: Cloud Certification the 2nd time around
Learning, Losing & Lessons Learnt: Cloud Certification the 2nd time around
Michael Pearce
 
Git Primer
Git PrimerGit Primer
Git Primer
Michael Pearce
 
Building Scalable Data Ingestion
Building Scalable Data Ingestion Building Scalable Data Ingestion
Building Scalable Data Ingestion
Michael Pearce
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practices
Michael Pearce
 
Building scalable infrastructure for AI & ML
Building scalable infrastructure for AI & MLBuilding scalable infrastructure for AI & ML
Building scalable infrastructure for AI & ML
Michael Pearce
 
Infrastructure as Code (IaC): Introduction to scripted infrastructure
Infrastructure as Code (IaC): Introduction to scripted infrastructureInfrastructure as Code (IaC): Introduction to scripted infrastructure
Infrastructure as Code (IaC): Introduction to scripted infrastructure
Michael Pearce
 
Cloudphrase: AWS basics
Cloudphrase: AWS basicsCloudphrase: AWS basics
Cloudphrase: AWS basics
Michael Pearce
 
Introduction to AWS VPC & Networking
Introduction to AWS VPC & NetworkingIntroduction to AWS VPC & Networking
Introduction to AWS VPC & Networking
Michael Pearce
 
Alexa, call SageMaker!
Alexa, call SageMaker!Alexa, call SageMaker!
Alexa, call SageMaker!
Michael Pearce
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
Jennifer Lim
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
FIDO Alliance
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
FIDO Alliance
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Mark Billinghurst
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
FIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
FIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
UXDXConf
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
CzechDreamin
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
confluent
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
TopCSSGallery
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
marcuskenyatta275
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Stephanie Beckett
 

More Related Content

More from Michael Pearce

More from Michael Pearce (6)

Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practices
 
Building scalable infrastructure for AI & ML
Building scalable infrastructure for AI & MLBuilding scalable infrastructure for AI & ML
Building scalable infrastructure for AI & ML
 
Infrastructure as Code (IaC): Introduction to scripted infrastructure
Infrastructure as Code (IaC): Introduction to scripted infrastructureInfrastructure as Code (IaC): Introduction to scripted infrastructure
Infrastructure as Code (IaC): Introduction to scripted infrastructure
 
Cloudphrase: AWS basics
Cloudphrase: AWS basicsCloudphrase: AWS basics
Cloudphrase: AWS basics
 
Introduction to AWS VPC & Networking
Introduction to AWS VPC & NetworkingIntroduction to AWS VPC & Networking
Introduction to AWS VPC & Networking
 
Alexa, call SageMaker!
Alexa, call SageMaker!Alexa, call SageMaker!
Alexa, call SageMaker!
 

Recently uploaded

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
UXDXConf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 

Computer Network and Security - Edge Hill Guest Lecture

  • 1. 1 © 2021 Peak AI Ltd. All Rights Reserved Confidential 1 Confidential Michael Pearce - Peak AI Michael Pearce - Peak AI Computer Network and Security Current techniques, privacy and data protection Current techniques, privacy and data protection
  • 2. 2 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved Senior Engineering Manager @ Peak 7x AWS Certifications, inc. Security Specialty 2x Linux certifications Cyber Security Analyst (CYSA+) certified About Me Michael Pearce (Mike, for short) Started with Linux Chose a Computing course in final school years Attended Computing for Business Applications @ University of Manchester Made a friend at martial arts training > Summer work > Full time work - Network! Systems configuration & Training > Web development > IT Infrastructure > Cloud Currently building the Peak platform (https://peak.ai)
  • 3. 3 © 2021 Peak AI Ltd. All Rights Reserved Confidential Audience Survey
  • 4. 4 © 2021 Peak AI Ltd. All Rights Reserved Confidential Audience Survey
  • 5. 5 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved Securing Cloud Infrastructure and applications - concepts and popular services for managing traffic, detecting and preventing threats. The cloud enables us to create enterprise grade infrastructure that is scalable, highly available and fault tolerant, often deployed across multiple regions - this needs to be secured with tools and services such as web application firewalls (WAF), intrusion detection systems (IDS), intrusion prevention systems (IPS), DDoS protection, and economic denial of service/sustainability (EDoS) to ensure our data stays private and secure. Module: Emerging Technologies Cutting-edge techniques and their applications Securing the Cloud Agenda
  • 6. 6 © 2021 Peak AI Ltd. All Rights Reserved Confidential What is it? ● Keeping things functioning even when where are errors and faults ● Hardware or software ● Tied in with scalability and high availability Why do we need it? ● It is not useful, if it is not accessible ● Some threats include sabotage ○ e.g. Data loss Common Concepts What is it? ● Elastic Scaling ○ Aided by virtual servers ○ Consider load balancing Why do we need it? ● Making sure infrastructure can: ○ Handle high demands ■ Keep customer service available ■ Keep security tools available! ○ Reduce wasteful usage ■ Reduce attack vectors What is it? ● Making things available across data centres, regions, countries and continents ○ In disaster scenarios ● Part of the CIA Triad ○ Confidentiality, Integrity And Availability Why do we need it? ● It is not useful, if it is not accessible ● Some threats include sabotage ○ e.g. Reputational risk Scalability High Availability Fault Tolerance
  • 7. 7 © 2021 Peak AI Ltd. All Rights Reserved Confidential
  • 8. 8 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved ● Network security device ● Monitors incoming and outgoing network traffic ● Based on a set of security rules ● Establishes a barrier between your internal network and incoming traffic from external sources (such as the internet) ● In order to block malicious traffic like viruses and hackers. ● More of Web based firewalls later… Firewalls
  • 9. 9 © 2021 Peak AI Ltd. All Rights Reserved Confidential NACL (Network Access Control List) Traffic Control ● Operates on the Instance (VM etc.) ● Only used to determine allowed traffic ● Is stateful: Return traffic is automatically allowed, regardless of any rules ● Only applies to an instance if specified, deny by default Security Group ● An optional layer of security for your private cloud ● Acts as a firewall for controlling traffic in and out of one or more subnets ● You might set up Network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC ● Acts on the whole subnet ● Is stateless: Return traffic must be explicitly allowed by rules
  • 10. 10 © 2021 Peak AI Ltd. All Rights Reserved Confidential
  • 11. 11 © 2021 Peak AI Ltd. All Rights Reserved Confidential 11 Confidential Private Endpoints ● AWS Private Link / Azure Private Link / Google Service Connect ● Keeping traffic inside the virtual network ● Not out to the outside world and back ● Even when using cloud provider managed services ● Marketplaces of private link compatible services ○ Only within one providers network ● Less hops, less to manage - more stability and security
  • 12. 12 © 2021 Peak AI Ltd. All Rights Reserved Confidential 12 Confidential © 2021 Peak AI Ltd. All Rights Reserved Web Application Firewall (WAF) ● Protects applications from common web exploits, attack patterns or unwanted traffic. ● Block well known threats such as SQL injection or cross-site scripting, as well as custom rules based on the request payload. ● Also used for Monitoring AWS WAF, CloudFlare, Incapsula, Fortinet, Akamai, F5 Intrusion Detection & Prevention
  • 13. 13 © 2021 Peak AI Ltd. All Rights Reserved Confidential 13 Confidential Intrusion Detection System (IDS) ● Monitor a network for malicious activity or policy violations ● Report it and/or collected centrally (SIEM) ● Network or Host based ● Signature of Anomaly based ● Working closely, or combined with IPS ● But there are evasion techniques TrendMicro, Darktrace, Cisco, Palo Alto Networks Intrusion Detection & Prevention
  • 14. 14 © 2021 Peak AI Ltd. All Rights Reserved Confidential 14 Confidential © 2021 Peak AI Ltd. All Rights Reserved Intrusion Detection & Prevention Intrusion Prevention System (IPS) IPS may take action to shut down the threat! ● Restoring log files from storage ● Suspending user accounts ● Blocking IP addresses ● Killing processes ● Shutting down systems ● Starting up processes ● Updating firewall settings ● Alerting, recording, and reporting suspicious activities Checkpoint, Amour, TrendMicro, Palo Alto, CrowdSec
  • 15. 15 © 2021 Peak AI Ltd. All Rights Reserved Confidential < ALARMING QUOTE ABOUT DDoS AND EDoS HERE > 😱
  • 16. 16 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved DDoS - Distributed Denial of Service ● Malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. ● Usually a network of machines - bots - botnets. ● 2.4 Terabytes PER SECOND attack sustained by Microsoft in August 2021. EDoS - Economic Denial of Service (or Sustainability) ● A new twist on the traditional denial of service model ● Attackers purposefully inflate the bills of cloud service users until they can no longer afford service. DDoS & EDoS
  • 17. 17 © 2021 Peak AI Ltd. All Rights Reserved Confidential 17 Confidential Peak The Decision Intelligence Company
  • 18. 18 © 2021 Peak AI Ltd. All Rights Reserved Confidential The Peak Platform We recently announced the general availability of our platform (called Peak) in January 2022. It is a cloud based, multi-tenant platform to give you everything you need to build and deploy Decision Intelligence Solutions at pace and scale. We can build solutions for you, build it with you or you can build it yourself. We are announcing our data science community (a waiting list to find out more) - this will include events and early access to the platform. Go to https://peak.ai/community to sign up! Dock - data management - everything you need to make your data AI ready - includes data connectors and data bridge. Factory - an ML workbench designed by data scientists, for data scientists to create a centralised intelligence for companies. Work - a way for commercial leaders to interact with the intelligence created in Factory - used to power great decisions.
  • 19. 19 © 2021 Peak AI Ltd. All Rights Reserved Confidential The Peak platform Live Example
  • 20. 20 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved Live Demo 🤞
  • 21. 21 © 2021 Peak AI Ltd. All Rights Reserved Confidential Workspace Service Controlling access to internal resources
  • 22. 22 © 2021 Peak AI Ltd. All Rights Reserved Confidential © 2021 Peak AI Ltd. All Rights Reserved Thank You!

Editor's Notes

  1. Computing Networking and Security is not just reserved for the cloud, but I will stick to what I know best these days, and something that is definitely relevant and here to stay.
  2. Computing Networking and Security is not just reserved for the cloud, but I will stick to what I know best these days, and something that is definitely relevant and here to stay.
  3. I won’t cover WHY we need to secure the cloud… But the highlevel aim is to keep data private and protected. On premise vs Cloud - many concepts are the same or transferable and good reasons for both. I will focus on what I know best.
  4. The cloud did not introduce these concepts, but they do make things a lot easier to manage! In many cases it has made things more cost effective and in some cases better for the environment. However there are still challenges, such as architectural decisions and potential compromises or mistakes that may be made. There are some key features and functionalities that we need to include in our cloud estate to make sure things are locked down. These are general principles, which may be considered Counter measures when viewing from a security standpoint. There can also be a lot of crossover, so please forgive the repetition. I have tried to add different examples for the same points as they are repeated.
  5. Public Subnet - Public facing - as little as possible - A load balancer to handle the traffic Private Subnet - Your application servers, databases, data warehouses etc. Broken down into separate Subnets - Sub Networks, for different availability zones (data warehouses situated in different geographic locations) Load balancer directs traffic to the Autoscaling groups, that scale in and out depending on demand What happens if: The instance is down? Go to another The Availability Zone is down? Go to the other A whole network e.g. a whole region? Go to the other! (Fault tolerance)
  6. The next session is about Controlling where packet traffic can go and Provide Isolation. Namely Security Group in the AWS world!
  7. Signature-based: Signature-based IDS detects possible threats by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. This terminology originates from antivirus software, which refers to these detected patterns as signatures. Although signature-based IDS can easily detect known attacks, it is impossible to detect new attacks, for which no pattern is available. Anomaly-based: a newer technology designed to detect and adapt to unknown attacks, primarily due to the explosion of malware. This detection method uses machine learning to create a defined model of trustworthy activity, and then compare new behavior against this trust model. While this approach enables the detection of previously unknown attacks it can suffer from false positives: previously unknown legitimate activity can accidentally be classified as malicious.
  8. CrowdSec is free and open source - known as incredibly easy to use, powerful suite of security technologies
  9. DDoS protection, and economic denial of service/sustainability (EDoS). I was going to fill this place holder in, but where were too many to choose from… Github, Banks, BBC, COUNTRIES! DDoS and EDoS are things I know you will hear of if not already, things I hope you never have to deal with.
  10. ANNOUNCED GENERAL AVAILABILITY COMING JAN 2022 CLOUD BASED MULTI TENANT EVERYTHING TO BUILD AND DEPLOY DECISION INTELLIGENCE PACE AND SCALE WE BUILD FOR YOU, WITH YOU OR YOU BUILD YOURSELF DOCK (DATA) - FACTORY (EXPLORATION) - WORK (EXPOSE) DATA COMMUNITY - EVENTS AND EARLY ACCESS