Securing Cloud Infrastructure and applications - concepts and popular services for managing traffic, detecting and preventing threats.
The cloud enables us to create enterprise grade infrastructure that is scalable, highly available and fault tolerant, often deployed across multiple regions - this needs to be secured with tools and services such as web application firewalls (WAF), intrusion detection systems (IDS), intrusion prevention systems (IPS), DDoS protection, and economic denial of service/sustainability (EDoS) to ensure our data stays private and secure.
Computing Networking and Security is not just reserved for the cloud, but I will stick to what I know best these days, and something that is definitely relevant and here to stay.
Computing Networking and Security is not just reserved for the cloud, but I will stick to what I know best these days, and something that is definitely relevant and here to stay.
I won’t cover WHY we need to secure the cloud… But the highlevel aim is to keep data private and protected.
On premise vs Cloud - many concepts are the same or transferable and good reasons for both. I will focus on what I know best.
The cloud did not introduce these concepts, but they do make things a lot easier to manage! In many cases it has made things more cost effective and in some cases better for the environment.
However there are still challenges, such as architectural decisions and potential compromises or mistakes that may be made.
There are some key features and functionalities that we need to include in our cloud estate to make sure things are locked down. These are general principles, which may be considered Counter measures when viewing from a security standpoint. There can also be a lot of crossover, so please forgive the repetition. I have tried to add different examples for the same points as they are repeated.
Public Subnet - Public facing - as little as possible - A load balancer to handle the traffic
Private Subnet - Your application servers, databases, data warehouses etc.
Broken down into separate Subnets - Sub Networks, for different availability zones (data warehouses situated in different geographic locations)
Load balancer directs traffic to the Autoscaling groups, that scale in and out depending on demand
What happens if:
The instance is down? Go to another
The Availability Zone is down? Go to the other
A whole network e.g. a whole region? Go to the other! (Fault tolerance)
The next session is about Controlling where packet traffic can go and Provide Isolation.
Namely Security Group in the AWS world!
Signature-based: Signature-based IDS detects possible threats by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. This terminology originates from antivirus software, which refers to these detected patterns as signatures. Although signature-based IDS can easily detect known attacks, it is impossible to detect new attacks, for which no pattern is available.
Anomaly-based: a newer technology designed to detect and adapt to unknown attacks, primarily due to the explosion of malware. This detection method uses machine learning to create a defined model of trustworthy activity, and then compare new behavior against this trust model. While this approach enables the detection of previously unknown attacks
it can suffer from false positives: previously unknown legitimate activity can accidentally be classified as malicious.
CrowdSec is free and open source - known as incredibly easy to use, powerful suite of security technologies
DDoS protection, and economic denial of service/sustainability (EDoS).
I was going to fill this place holder in, but where were too many to choose from…
Github, Banks, BBC, COUNTRIES!
DDoS and EDoS are things I know you will hear of if not already, things I hope you never have to deal with.
ANNOUNCED GENERAL AVAILABILITY COMING JAN 2022
CLOUD BASED
MULTI TENANT
EVERYTHING TO BUILD AND DEPLOY DECISION INTELLIGENCE
PACE AND SCALE
WE BUILD FOR YOU, WITH YOU OR YOU BUILD YOURSELF
DOCK (DATA) - FACTORY (EXPLORATION) - WORK (EXPOSE)
DATA COMMUNITY - EVENTS AND EARLY ACCESS