9 hours 48 minutes
all right. So as I mentioned, that's just a short little snippet about hyper visors we talked about just a second ago. Much more to come.
And then the last thing we're gonna wrap up this chapter with just some common threats that apply to cloud computing
not specific to hyper visor not specific to this or that is a matter of fact. A lot of these attacks are just common to networking, right? But, you know, that's what we're doing with the clouds. So when we look at these ideas
again, put in the back of your mind Well, OK, it's great to be able to name threats, how we're gonna fix him.
So our first of the notorious nine data disclosure breaches. So that's an attack on confidentiality. We need to think about encryption. We need to look at what type of protocols were using across the network Cloud Service providers shoes.
When we talk about data loss that tends to be focused towards destruction or an issue with availability. My dad has gone ransomware. We're hearing about a lot of issues with ransomware. Just had an instance where the city council of a town in Florida voted to pay something like $60 million.
The creator of Ransomware. Because they're 911 fire police departments were reduced to the point of writing down individual calls on paper. So it just brought their emergency service's to a stand still, So they voted to pay $60 million to the creator of this ransomware.
Now, of course, they're gonna continue investigations,
but that's profound data loss. When you're 911 operators are writing down every phone call. So data loss, big problem. And not just data loss in that instance, but loss of service.
All right, account or service hijacking.
So we talk about, um ah, account of service, hijacking,
being man in the middle, M I T. M's what that stands for. And a man in the middle of cat can just be as basic as sniffing. I'm just watching. And that's how a lot of service hijacks begin by sniffing out watching the connection between the two. You know, entities that are communicating,
gaining information that shouldn't be across the wire,
So if you look at http, we've already said not secure. There's a lot of session based information that goes across the wire with http. That might lend lead an attacker to be able to commit a session. Hijack. So what do we think about doing? Stop using unscored protocols. Moved https
distributed denial of service or just plain old denial of service.
Not unique to cloud service. You know, cloud computing. Of course. We've been talking about denial of service attacks since the dawn of time. It seems like
so. Redundancy, Redundancy, redundancy,
malicious insiders. You know, one of the things I hear about cloud computing all the time is well, they could manage our data better than we can. Bacon secure data better than we can.
Right? I mean, you know, I'm not saying they can't, but show me in the service level agreement. Show me in their audits. Show me in their process is how they vet employees. Because the greatest threat to any organization comes from the inside
malicious or even accidental insider breaches. Right? Those happen. So we've got to consider just on boarding in the boarding process is a swell You gotta think about How did they check
and verify resource references and all those different pieces? What sort of policies do they have in place like separation. Judy's. How did they help us ensure that they don't have malicious instructors?
Abuse of cloud service is, you know, they're just inherent weaknesses and communicating across the Internet. The very nature of the Internet is to share throughout the world.
So any time you open up an environment that is that widely accessible, you know, we've we've got to think about just those inherent weaknesses data going up to our Internet service provider, whether Internet service provider does
what sort of element would sort of tools are out there that we're unaware of
just again. Just the very nature of hosting resource is on the Internet brings in a higher degree of risk,
making sure our cloud service provider uses due care and due diligence just like we have to do
right. We have to make sure that we do our research are two diligence and that we put what we learn from our research in the action, which is due care. And again, I don't really need you to take this tow law school, but that's the difference. Due diligence is research. Do care is action
finding out what policies have should have in place diligence implementing and enforcing those policies do care.
Okay. And then the last bullet point that common threats
shared technology, multi tenancy. And we talked about that just a few minutes ago. Unknown entities sharing the same physical resource is will always again increase the risks.
All right, so these are some of the common threats that we think about it as you'll go through again. Most of these are not unique to cloud computing. They're just unique, you know? I mean, they just exist within the world today of computing and networking. And that's true. You know, on this exam,
some of your questions are just specific
to cloud and some of your questions air. Just you've gotta have a high degree of understanding of the threats that are out there from a general perspective, because it's those same threats that could cause us to lose or have data breaches on the cloud service provide. All right, So those are the notorious night
Certified Cloud Security Professional (CCSP)
This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.