This activity will build on your understanding of cloud network security by exploring methods to secure cloud networks.
Start by considering some examples of common cloud network attacks, then review the slideshow covering key concepts in cloud network security. Next, watch the video on microsegementation and zero trust models and submit an example of an attack or threat that can be prevented by microsegmentation to the discussion forum. Complete the section by reading the two articles provided.
Click on the hotspots below to read about the most common types of cloud network attacks.
Firewall and network segmentation involve separating the organisation's system from the rest of the world
(perimeter control) and separating a set of systems from one another (internal segmentation).
Most virtual firewall appliances are next-generation appliances that combine whitelisting with additional functionality, such as Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS).
Rules about what is allowed into and out of each network.
Similar to network ACLs but applied at a per-Operating System (OS) or per-pod level instead of per-network.
Accessible Interactive Instructions: Use the arrow keys to navigate between tabs. After selecting a tab, use the Tab key to move to the tab content.
Honeypot detects, identifies, isolates, and analyses attacks by attracting attackers.
Data in motion/transit and remote connections can be encrypted, reducing the possibility that someone who does not have authorised access (such as an external attacker or a malicious insider) will be able to obtain raw data in plain text.
Encryption is a good solution that can prevent attacks but it has challenges. Which of the following are true about encryption? Select the best answer.
The processing overhead with the volume of encrypted data
Some security controls such ID/IPS might not function well because they cannot recognise the content of traffic
Storing keys in a trusted and safe place is difficult
All of the above
None of the above
Creating a secure tunnel across untrusted networks can help to avoid man-in-the-middle attacks and eavesdropping.
Authentication schemes such as the use of robust tokens and requiring multi-factor authentication can reduce the likelihood of unauthorised users gaining access while restricting authorised users to permitted activities.
Cloud providers are responsible for securing the underlying physical infrastructure that the platform is built in.
Cloud providers expose some security controls to the cloud users (in the case of IaaS), such as network ACL, firewalls, transport encryption and security groups, so they can configure and manage their network security.
Some cloud providers, such as AWS, offer Virtual Private Cloud (VPC) and other virtual networks, and it is the cloud users or customers (IaaS users/customers) that ask for this to be added to reasonable security zones and put in the proper rules for access between them.
Learn about how microsegementation and zero trust models for securing cloud networks are performed.
Think of an example of an attack or threat that can be prevented by microsegmentation. Post your response in the discussion forum below.
Feedback
This activity has no formal feedback but will help prepare you for your assessments. If you have questions, please post them in the General Q&A discussion forum on the Communication page.