Types of Cloud Computing Services
Offers software to subscribers on demand over the internet
Software as a Service
A person or organization providing services to interested parties.
Cloud Provider
A type of security testing that evaluates an organizations ability to protects its infrastructure
Penatration Test
Three broad categories for penetration strategies
Black box, white box, gray box
This is a methodological approach to security assessments that emncompass a security audit and a vulnerability assessment, and demonstrates whether a system's vulnerabilities can be exploited
Penetration Test
Provides penetration testing, authentication, intrusion detection, etc.
A party for making independent assessments of cloud services controls and taking an opinion thereon
Cloud Auditor
A package of an application/software, including all its dependencies that run independently of other processes in the cloud environment
Container
This checks whether an organization follows a set of standard security policies and procedures.
Security Audit
This is a data storage medium used to store digital data in logical pools using a network
Cloud storage
Offers development tools, configuration management, and deployment platforms on demand that can be used by subribers to develop custom applications
Platform as a Service (PaaS)
An entity that manages cloud services in terms of use, performance, and delivery, and maintains the relationship between cloud providers and consumers.
Cloud Broker
The cloud storage architecture consists of three main layers which are:
Front-end, Middleware, and back-end
This step in the Penetration Testing process includes defining the extent of testing, states what will be tested, where testing will be performed and who will be performing the test.
Defining the Scope
These connect multiple containers and services
Dockers
This provides virtual machines and other abstracted hardware and operating systems which may be controlled through a service API
Infrastructure as a service (IaaS)
An intermediary for providing connectivity and transport services between cloud consumers and providers.
Cloud Carrier
An open-source technology used for developing, packaging, and running applications and all its dependencies in the form of containers, to ensure that the application works in a seamless environment.
Docker
This step in the Pen Testing process includes listing vulnerabilities, categorizing risks, and recommending repairs if vulnerabilities are found.
Reporting and Delivering results
This provides application portability across heterogeneous infrastructures.
Container Network Model (CNM)
Provides a platform for developing, running and managing application functionalities for microservices
Container as a Service (CaaS)
Components of the NIST Cloud Deployment Architecture
Cloud Consumer Cloud Provider Cloud Carrier Cloud Auditor
Cloud Broker
In what instances should a pen test be performed? List four.
Changes to infrastructure
Changes to policies
Updated/reinstalled hardware/software
Discovery of a new threat
Name the three steps, in order, of the pen testing process.
Defining the scope, performing the pen test, and reporting/delivering results
What is the difference between a container and virtualization?
Virtualization is the ability to run multiple operating systems on a single physical system while containers are placed on the top of one physical server and host OS and share the operating system's kernel binaries and libraries.