16.0 Cloud EH

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 47 minutes
Video Transcription
Hi. Welcome back to the course. In the last module, we talked about the Internet of things
in this section. We're gonna talk about cloud computing. So in this particular video, we're gonna start off by talking about what cloud computing is
different. Cloud deployment models, some of the benefits of cloud computing and some of the threats. And then in the next video, we're gonna talk about different cloud computing attacks.
So we're gonna start off with our pre assessment. Just a couple of questions. Here's a question. Number one. This type of cloud service is targeted mostly towards software development purposes.
So if you guess it be platform grabs a service, you would be correct.
Now A is software's the server, so that's more of a down demand type of thing. So, for example, I would just want to use on There's a There's a software out there called Click Funnels likes You could build out Basically, sales funnels online, right? You can have a landing page, that sort of stuff, and then we're not gonna dive into this. This is a security course, but
essentially, that's a software as a service, right? So I can
I can sign up with them, and then I can build out whatever I want to you. But I'm using their software to do so. So it's offers a service is pretty much that,
Uh l A s is actually made up. Answer said, Just ignore that one answer. Is he there?
And then D The infrastructure is a service. So thinking the aspect of I'm tryingto I have a company and I'm trying to put everything on the cloud, right? So I'm putting on my service and everything like that, whereas platform is the service is more so of. I want to develop my applications on the cloud. And so I want to be able to scale up or down
and basically host all my programming clothes out in the cloud
as opposed to trying to keep it on my own servers.
So question number two this which So which one of these would be the individual or organization that uses the Cloud service is
all right. So if you guess clock is somewhere, that was this was kind of an easy one. You would be correct.
So now the cloak carrier answer they a there. Excuse me? Basically, they're kind of that intermediary between for the connective transport between the subscriber and the provider. So if you think of like an electric company, so to speak, So you've got the whole electric grid,
and then the electric company is kind of an intermediary between you and like the actual, like physical,
cloud brokers. Basically, the managed to use performance and delivery of cloud service is they also maintain that relationship between the providers and the subscriber. So and I think in the context of, like, a real estate broker, they're maintained. That relationship there kind of broken that deal, so to speak. And so a similar thing here with a cloud broker
And we've got cloud auditor, these air gonna be your basic independent assessors of Cloud Service is and security control. So they're essentially there to try to help you stay a little safer in the cloud.
All right, So the cloud, What is it? Well, in a nutshell, it's really just you taking all your data and put it on somebody else's computers on guys kind of brash there, but that's that's reality. You're putting your data on someone else's stuff, but it's more than that, right? it's It's basically a foundation of virtual ization
and on, you know, actual physical machines and then at scale. Right? So
if you think of like Amazon aws like they've got huge data centers, you know, Microsoft is your huge data centers, you know, same with Google. Google Cloud, huge data centers, you know? So they're doing it on scale. So that way, everyone can essentially using the quote unquote cloud now. And it does not look like this photo here.
So we mentioned separation of responsibility. So this is really what it is, right? So if I've got a company and I'm running everything locally there, you know, in my building, so I'm running my network servers and running my database storage servers I'm running virtual ization of running. Different os is
I'm running. You know, my software applications, I'm doing development. All that stuff,
basically the resourcefulness for all those are kind of responsible for all that stuff, right? Whereas when we put it in the cloud based on the model where subscribed to we may or may not it's a subscriber have certain responsibilities, right? So, for example, and infrastructures of service
Isa subscriber, my company is a subscriber were responsible for applications data, the runtime, the middleware and the operating system. Whereas the provider is responsible for the virtual ization software, they're giving us the servers in the storage capacity and then also the foundational networking.
You know, you see their platform is a service. We're only responsible for applications and data, and then they're responsible for everything else that's offers a service. Again. I kind of mentioned that sat on demand type of model where they handle everything. And there were just basically clicking a mouse or doing some actions there were able to do exactly what we want to do, whereas they're taking kind of the full brunt of everything.
So there's different types of Claude deployment models. You've got private community hybrid in public hybrids, pretty self explanatory. That's a combination of all of those. Public is also self explanatory. Basically, it's anyone public can access those anybody out there can access those. Now Private Cloud is gonna be something that's managed just by that one organization. So,
for example, I have a company and I
go ahead and set up a private cloud, and I host my Internet there and other types of information that I only want people in my company to know about.
Then we've also got the community cloud. So that's gonna be cos with the organization's with a similar type of either mission or compliance consideration. So think of something like a health care companies. So maybe a couple different doc types of doctor's offices. So maybe somebody's infectious disease
and, you know, maybe someone is, Ah, guess rich gastroenterology.
You know, something like that. So just different types of specialty practices. But they all have the same compliance considerations, like under HIPAA and hi tech and stuff like that. So it's kind of that, like shared responsibility thing, and we're keeping it all up in a shared cloud infrastructure.
And we all have similar type of either compliance or policy or missions, et cetera,
that we have to follow.
So then this cloud computing reference architectures just kind of breaks down a lot of stuff we already talked about with Cloud Auditor. The different service layers software's of service Platform is the service and infrastructures a service, but also discusses the cloud brokering that we talked about and then also the clock service manager, A cz well
so some of the benefits of cloud computing. This is not an all inclusive list by any means, but faster software developments a weekend. If we have no releases, we could just push those out instead of the traditional model of like, Okay, you know, once a year we have our new release to fix any bugs. Now we can actually turn that out a lot faster and in some cases, get it out weekly.
You know, monthly whatever the case might be. In any event, it doesn't take years to get stuff done anymore.
Reduced infrastructure costs. So and that's pretty self explanatory when we get all those hardware devices at our company and put it out on someone else is making someone else's problem that we can significantly reduce our infrastructure costs, which is what a lot of companies
are using the cloud for.
We got elasticity, right? So if I've got a smaller start up and I go through a gross burger, I take on some more funding, and then I we nail a bunch of projects and we,
you know, we're just cranking amount of stuff like that. So we have to hire people, hire people you know, our data uses goes up and everything, so we can, with the cloud, weaken the store. You know, basically expand that right. Whereas if we had our own infrastructure locally, we would have to go by the server, get configure,
you know? And hopefully we have the right people trained, etcetera, etcetera. And instead of that now, in the cloud, where we can do is just say Okay, well, you know what we knew Scale about 50 users and, you know, 400 terabytes of data. And let's just do it, bam! And so you sure are Price goes up. Of course, right, because we're on a subscription model, but
we're able to go up or even down if we need to write. If we start laying off people or something, we can scale up or down pretty easily.
Reliability. Right. So the cloud is essentially 24 7 and in most cases, over 99% up time, right? So, you know, if the power goes out of my building, you know, and you know, hopefully I have a generator, right? But if I don't, then eventually my service, we're gonna go down with the UPS units fail after a couple hours,
whereas in the cloud, you know, more than likely. If you know, if one day to center is failing, that is going to just roll up my stuff over to another one. Right? So in most cases, like I know Amazon AWS, they stored and all. You know, you could determine essentially where you want your stuff story, so I could sort of multiple locations and then that we have one goes down,
I can always immediately access my data from this other one
mobility. So that's more someone along the lines of employees. So instead of them having to try to VPN to your particular network and everything that can actually just access through the cloud, whatever they might need to access resource wise
disaster recovery and then business continuity planning both of those are, you know, tied him with the cloud here. So disaster recovery. So let's say, for example, here in the United States, a lot of hurricanes have been hitting here in 2018. So if a hurricane hits your area part of the disaster recovery plan and could be that Hey, we had some remote employees and, you know, up in
New York City or whatever. So
because we're in the cloud, they can continue working and stuff like that and even a disaster recovery. We can, actually, if our buildings destroyed, we can go to either another town or something like that.
You know, here, here in the Southern United States. And we could just set up shop again and get moving again because we already have it in the cloud. And same with the business continuity planning. So again we can maintain operations as a business continuity planning by just having it up in the cloud and so our employees can essentially work from anywhere.
So virtualization I touched that. I talked about it before, but essentially the difference between that and the clouds to think of virtual ization as it's really it's physically touching the hardware machine, right? So the way virtual ization works is we take one piece of hardware so like a you know, a server or something like that. And then we use that to run multiple simulated environments. So we're
we're setting up that virtual ization
on, then stacked on top of all that is essentially the cloud, right? So we again we're doing this on scale, right? I don't just have my computer on filming this on, and then I you know, I throw virtualization on it, and then poof. Now I have a huge, massive cloud. It doesn't work like that, but a data center, for example. They're putting virtualization on it.
They're scaling it up and then proof the clouds on top of that. And then all of us can,
you know, use the cow. The cloud Excuse me, depending on what type of description we want, because it's on scale. So just keep that in mind. Virtualization. Just remember for your certified ethical hacker exam that it's
actually touching the hardware in some capacity, and then the cloud is essentially, you know, floating on top of that, if you will.
So cloud threats. We've got kind of the main ones. They're so data breach, your data loss and depending on the source he used or might be, you know, 12 or 15 or even 20 of these things. These are kind of the main ones that that you'll want to consider. So, data breach loss. That kind of goes without saying you started threats. So if your employees air up there doing something nefarious or stealing your data
account hijacking. So if there,
you know, somehow losing their log in credentials and criminals taken advantage of that,
uh, distributed denial of service in and denial of service attacks, that's a definite worry in the cloud, because you want to be able to get availability of your data. And again, availability is part of the CIA tree. Odd, we talked about a macho one
and then, of course, also insecure. Ap I. So, essentially, if you have insecure AP eyes, you're allowing the public, or at least you know the outside world to take a look at yourself for applications.
So let's just follow up with a couple questions on our post assessment here. So question number one more rapid software releases or benefit of cloud computing. So is that true or false?
All right, so that's true. We actually talked about that where we can, you know, basically turn out new ah software releases either monthly or every few months or whatever instead of several years later.
Question Number two, the cloud deployment model listed below here that has an infrastructure that is shared by several organizations that have shared concerns
is which,
All right, so we talked about that as well. That's community cloud deployment model. So again, private is, you know, just my company, and I've got my stuff set up. Their public is anybody can access it. And then hybrid is a combination of any one of these combinations here.
All right, so in this video, we just went over kind of the basics of the cloud. In the next video, we're gonna go ahead and talk about some actual cloud computing attacks.
Up Next
Penetration Testing and Ethical Hacking

If the idea of hacking as a career excites you, you will benefit greatly from completing this training here on Cybrary. You will learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them. Those interested in earning their Certified Ethical Hacker (CEH) will want to start by taking this course

Instructed By