Enterprise Cloud Security and Governance

封面

版权信息

Credits

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

The Fundamentals of Cloud Security

Getting started

Service models

Software as a service

Platform as a service

Infrastructure as a service

Deployment models

Cloud security

Why is cloud security considered hard?

Our security posture

Virtualization – cloud's best friend

Understanding the ring architecture

Hardware virtualization

Full virtualization with binary translation

Paravirtualization

Hardware-assisted virtualization

Distributed architecture in virtualization

Enterprise virtualization with oVirt

Encapsulation

Point in time snapshots

Isolation

Risk assessment in cloud

Service Level Agreement

Business Continuity Planning – Disaster Recovery (BCP/DR)

Business Continuity Planning

Disaster Recovery

Recovery Time Objective

Recovery Point Objective

Relation between RTO and RPO

Real world use case of Disaster Recovery

Use case to understand BCP/DR

Policies and governance in cloud

Audit challenges in the cloud

Implementation challenges for controls on CSP side

Vulnerability assessment and penetration testing in the cloud

Use case of a hacked server

Summary

Defense in Depth Approach

The CIA triad

Confidentiality

Integrity

Availability

A use case

Understanding all three aspects

The use case

Introducing Defense in Depth

First layer – network layer

Second layer – platform layer

Third layer – application layer

Fourth layer – data layer

Fifth layer – response layer

Summary

Designing Defensive Network Infrastructure

Why do we need cryptography?

The TCP/IP model

Scenario

The Network Transport Layer

The Internet Protocol Layer

The Transport Layer

The Application Layer

Firewalls

How a firewall works?

How does a firewall inspect packets?

3-way handshake

Modes of firewall

Stateful packet inspection

Stateless packet inspection

Architecting firewall rules

The deny all and allow some approach

The allow all and deny some approach

Firewall justification document

A sample firewall justification document

Inbound rules

Outbound rules

Tracking firewall changes with alarms

Best practices

Application layer security

Intrusion Prevention Systems

Overview architecture of IPS

IPS in a cloud environment

Implementing IPS in the cloud