Answer To: NATIONAL COLLEGE OF IRELAND National College of Ireland PGD/MSC CYB_JAN20O – Cloud Security –...
Deepti answered on Aug 25 2021
NATIONAL COLLEGE OF IRELAND
National College of Ireland
PGD/MSC CYB_JAN20O – Cloud Security – Terminal Assignment Based Assessment
Release Date: Thursday 12th of August 2021 – 10am
Submission Date: Tuesday 26h August 2021 – 11pm
______________________________________________________________________
Cloud Security
Dr Nhien An Le Khac / Sean Heeney
Answer All Questions
Academic Honesty Declaration
I declare the following to be true for this submission:
· I have completed the task during the designated time window and declare it to be exclusively my own work.
· I have not received, or attempted to receive assistance in preparing this response from any other person during the assessment window.
· I have not provided, or offered to provide, assistance to any other student by any means during the assessment window.
· All Assessments are submitted through Turnitin to establish potential Similarities
· Removal of the above Academic Honesty Declaration from any submission will result in Zero Grade.
Question One
Intrusion Detection Systems remain a fundamental requirement especially within a multi-cloud or federated cloud environment. Explain the purpose of such systems, their composition and approaches of implementation. Conclude your detailed explanation of IDS with 2 examples of enterprise level SIEMs which may support Intrusion Detection.
[7 Marks]
The purpose of IDS in cloud environment is to monitor servers, network, workstations and all IT assets against any malicious or suspicious activities. A cloud IDS is crucial to identify minor incidents and curb their transformation into major breach. It captures the data from network under examination and notify the network manager by mail or logging the event. Cloud based IDS is composed of
· Network based IDS- This IDS captures the network traffic and analyzes it to identify intrusions such as DoS, port scanning, etc. It depicts the relationship of captured packets or the user’s behavior with signatures of known attacks.
· Host-based IDS- It detects unauthorized events by analyzing the captured information of system logs of operating system. Any change in the program or system is reported to network manager, notifying the danger and thus protecting the integrity of the software.
· Distributed IDS- This system contains number of IDS like HIDS, NIDS that are deployed to analyze network traffic for intrusion detection. Each IDS has a detection component and a correlation manager.
· Hypervisor-based IDS- This IDS allows VMs to interact among themselves. It is located at the hypervisor layer and it analyzes the information for detection of suspicious or anomalous activities.
A Multi-Tenancy environment is an inherent characteristic within a public cloud environment and has the potential to become a major security risk should the correct precautions and countermeasures not be addressed and implemented.
Highlight and discuss these key risks and concerns within a multi-tenancy public cloud environment, in conclusion highlight specific counter-measures which should be implemented. E.g Isolation Mechanisms
1. Lack of efficient bandwidth and traffic isolation- Attackers can attack co-resident tenants that reside in the same data center. Access control on clouds lack scaling according to multitenancy requirements. Competitive tenants who are collocated on the cloud may access data or interfere with applications of others in case the barriers are broken.
2. Side-Channel Attacks- These attacks are based on information received from techniques like bandwidth monitoring. These attacks happen due to lack of authorization mechanisms when resources are shared among several consumers. Covert channels having flawed access control policies allow unauthorized access and cause interference among tenants.
3. Risk of assigning resources to consumers whose identities and intentions are unknown. If the virtualization layer of virtual platforms is compromised, it causes the virtual machines on the physical host to be compromised. Thus, the activity on virtual machine cannot be monitored and attackers can alter the state of the VM.
Countermeasures:
· To counter the data access or interference from collocated tenants, the measures include platform attestation, vigilance from cloud service provider to maintain, patch and upgrade hypervisor software and use of workload planning approach
· Initial performance evaluation
· Tenant Replacement
· Batch job planning
· Data collection and analysis for re-planning
· Auditing administrative access to systems.
· Applying appropriate governance, control and auditing
· Role based access control
· Use of predicate ad homomorphic encryption
[8 Marks]
Business Decision to Migrate to Cloud Environment
You have been tasked during the exploratory stages of a cloud Migration project to justify the move of major businesses processes and current on-prem technological resources to a public cloud environment. As part of this task, you are to educate and vocalize the potential beneficial capabilities of the migration project to key stakeholders within the enterprise.
The scope of the enterprise and its technological requirements are summarized below:
· Development Department
· HR Processes Both Internal/External
· Customer Support / Engineering Department
· Marketing / Sales / Analytics Departments
· Remote Engineering and Sales Teams
· Storage Infrastructure
You are to address the requirement areas above regarding potential suitable cloud services.
General Recommendation for length 400 words.
· HR processes should plan resource training with estimated time required, probable impact on operations and training required to adapt to the new cloud environment. HR Management Software (HRMS) is recommended to save cost and time and it is customizable and comprehensive.
· Storage infrastructure should be chosen such that the object, file or block storage services should be scalable and available on-demand. Unlimited data should be stored at low cost, with resiliency, durability and data security. IBM cloud storage is recommended to accomplish storage infrastructure requirements.
· Remote engineering and sales team should be able to log in to shared cloud securely and view data. They can connect through VPN along with additional access, security and control. Cloud based storage systems should make the most updated information available to remote sales team exactly when needed. The team should employ a robust suite of advanced data and AI tools.
· Customer support/engineering department should constantly update software, exploit it on-demand and customize according to needs. The design should have an omnichannel perspective so that information can be shared in real time from multiple devices. Integration of hybrid cloud and cognitive computing is recommended to create value to the business by offering customers an all-digital end-to-end experience.
· Analytics department should employ cloud-based business intelligence and analytics software to enhance business growth. It will transform self-service analytics and BI through data preparation, discovery and analysis using natural language processing. Analytics cloud shall offer modern, AI powered, self service analytics capabilities for data preparation, visualization and predictive analytics.
· Cloud application services should provide end-to-end services to cover cloud application implementation with development department. This shall include cloud app development and testing, clous app consulting, security services, app integration with other clouds or with other on-premises apps and cloud infrastructure management. Development team should be able to migrate legacy...