adam's notes

Cloud Network Security Controls

  • In the context of CCSP

Firewalls

  • in cloud environments, security groups are typically the first firewall capability deployed
  • in cloud and virtual environments, systems are often ephemeral and scale quickly
    • so firewalls and rules need to account for those changes by either:
      • adjusted by same code that adds systems or scaled inside the rules themselves
      • or load balancers and other tools used to account for changes in the infra without requiring new rules
  • firewall technologies include a broad range of solutions
    • ACLs
    • NACLs
    • stateful firewalls
    • NGFW

IDS/IPS

  • designed to detect malicious traffic, alert on it, and take action
  • each cloud provider has third parties that provide IDS and IPS services
  • generally the same as on-prem environments, just virtualized and cloud enabled

Honeypots

  • used to detect, identify, isolate, and analyze attacks
  • cloud environments usually charge per IP, so running a honeypot/honeynet adds cost
  • need to determine cost/value of honeypot in design

Vulnerability Assessment Tools

  • available in cloud environments as native tools
    • e.g.,
      • Azure Defender for Cloud
      • Amazon Inspector service
  • third-party vulnerability scanners are also available from cloud provider marketplaces
  • many systems are ephemeral,
    • so need to ensure scanners account for the original system and any changes that occur from IaC updates

Bastion Hosts

  • used to allow administrators to access a private network from a lower security zone
  • has network interfaces in lower and higher security zones
    • requires greater security attention
  • aka jump servers or jump boxes

Identity Assurance in the Cloud and Virtual Environments

  • Identity assurance challenges in the cloud:
    1. identity proofing is nearly impossible when allowing users to bring own identities
      • e.g., identity proofing a users own Gmail account
      • less of a challenge if org handles its own identity proofing through normal onboarding process
    2. validating that users are legitimately the person who is supposed to use the credential
      • i.e., compromised credentials
      • audit logs need to contain the relevant information to identify indicators

Graph View

Backlinks