3.11 Further Attack Vectors

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
now just to wrap up,
you know, kind of a quick review of attack defectors.
New technology is one. We've talked about a lot of attack vectors in the section, but any time technology is emerging,
there's always just unknown risk right there. Just some things that haven't happened yet because we haven't thought about him in the bad guys haven't thought about yet. So just emerging technology is a risk in and of itself. And still,
cloud service is is relatively new to us, right? I mean, cloud service is have been mainstream for maybe the last 10 years.
In the grand scheme of things, that's not all that long. Now we're doing a lot with Federation of Identities today. Singles, um, sign on.
Well, go into my domain, have access to all. My resource is even those outside my internal domain. I have access to my software's of service applications like WebEx and sales Force and all those others.
So with that Federated identity, we have a single log in tow, access everything we need. So we have to think about that idea of keys to the kingdom. One set of credentials, toe access, everything. It's great for me is a user, and Aiken finally remember my password because I got one of them.
However, you get that one password,
there's our compromise. So Federated identities. That's an emerging risk setting that trust relationship between organizations, making sure we're choosing the right AP eyes to allow that authentication token to go across the boundaries. How identities get created. We'll talk about that much more in the next chapter.
Virtual ization brings its own risks. One of those risks is just having over company over confidence in what Virtualization gives me
right? I've heard people say, Well, you know, a virtual machine that's powered office, the same as a physical serve of powerful Oh, it's not
automation automation is great. On one hand, it can eliminate human error, but then it also eliminates human judgment. So you know both sides of the same coin.
The very nature of the cloud is I'm outsourcing. I have a service provider outside of my control, an external provider. Anytime I turned something over to someone else to manage
to me. Yes, there's the element of risk transference. Absolutely. I get a service level agreement that guarantees and compensation, but that doesn't
that doesn't necessarily doesn't by any stretch mean that I have the same degree of assurance if I'm protecting that information myself. Guest breakout We've talked about Veum Escape. How something that happens on one V. M. Um, making sure that what happens?
What happens in Vegas stays in Vegas.
So on one of'em, if one of'em is infected, making sure that that malicious code can't use the virtual network to spread to other virtual systems.
Comic guess Breakout or what's on a virtual machine? Jump out of the V M and infect the host operating system. Identity Compromise that the provider. How does the prop house the provider authenticate?
AP I compromises.
We're using standard based AP eyes. More and more, there's that kind of tried and true but proprietary AP Eyes you know, can can be vulnerable. Standard AP Eyes could be vulnerable in because there's so much based on I a P I. That element that allows one Web service to communicate with another.
The important pieces, making sure that that a P I allows for secure communications between Web ABS
again that comes in the next chapter Attacks on the providers infrastructure, physical infrastructure, carrier Network I mean, we can go on and on, right?
Any time we have information. In a particular environment where networking is part of what we do, we introduce vulnerabilities. Now, our next section that will get to is gonna be some counter measures we can take.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By