Administering Middleware
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Administration of middleware.
00:00
>> In this lesson,
00:00
>> we're going to talk about what is middleware,
00:00
>> what's the importance of
00:00
middleware in Cloud environments,
00:00
and then also talk about this relationship between how
00:00
the Cloud provider and the customer
00:00
must manage the administration of middleware,
00:00
the operating system, and other components.
00:00
Overall, let's start with what is middleware?
00:00
Middleware is really a software that
00:00
acts as a bridge between
00:00
the operating system or databases or applications,
00:00
especially on the network.
00:00
Now we talked about the Cloud provider
00:00
needing to maintain the physical hardware.
00:00
However, the middleware
00:00
is especially important in the software as
00:00
a service and platform as a service offerings.
00:00
Because the first thing is that in order
00:00
to administer into
00:00
all these various applications or connect things,
00:00
there needs to be secure
00:00
operating system configurations and baselines.
00:00
The first is making sure that
00:00
the operating system is secure.
00:00
Now when we talk about a platform as a service,
00:00
the operating systems are
00:00
really maintained by the provider.
00:00
But in software as a service,
00:00
where in some of the other service models
00:00
the customer is picking
00:00
which operating system they want to use.
00:00
So it's really up to them to do
00:00
a lot of the configurations.
00:00
Now the typical things you want to do when
00:00
securing the operating system baseline,
00:00
removing all these unnecessary ports,
00:00
limiting administrative access,
00:00
making sure that default accounts are removed,
00:00
and make sure you have a proper logging
00:00
and monitoring setup.
00:00
Now one of the other difficulties
00:00
that comes with enforcing
00:00
a secure operating system baseline in
00:00
Cloud environments is that, as we've talked about,
00:00
many customers may be sharing or at least
00:00
having different virtual images of
00:00
their operating system that's deployed
00:00
on various virtual machines by the hosting provider.
00:00
The customer may be tailoring what they
00:00
need in their virtual environments,
00:00
and when virtual environments aren't in use,
00:00
they're stored as files.
00:00
Now, in [inaudible] networking environment,
00:00
you'd be able to patch,
00:00
push out patches to ensure that things are
00:00
securely configured or that
00:00
vulnerabilities that need to be addressed are done.
00:00
However, in the Cloud environment in a virtual and a VM,
00:00
when it's in a file,
00:00
it can't be patched.
00:00
So you really have to ensure that whenever
00:00
a virtual environment is activated,
00:00
that there's a configuration check to
00:00
ensure that it is up to date with
00:00
the most appropriate security configurations and patches.
00:00
Now another complicating factor in this is that
00:00
different development environment or
00:00
applications may be reading different versions,
00:00
less secure versions of a piece of software.
00:00
Now in some instances that's all right.
00:00
In a limited sense, you may have
00:00
customers that are still using previous versions,
00:00
or there are dependencies between
00:00
how things that are within
00:00
an application in older versions of
00:00
software which always be striving to
00:00
use the most up-to-date version
00:00
and things that are most well patched.
00:00
One of the other things that
00:00
comes with the administration
00:00
of Middleware is version control,
00:00
change management, and third party licenses.
00:00
We talked about how
00:00
there's this distinction between when the customer
00:00
is in charge of the operating system
00:00
and when the provider is.
00:00
But there really needs to be a negotiated sense of who
00:00
is really administering the version control,
00:00
who is really setting
00:00
the configuration baseline for
00:00
these operating systems and maintaining that.
00:00
Third party licenses are also important to consider.
00:00
You don't want to be using
00:00
unlicensed software or violating
00:00
the intellectual protection on
00:00
the software that you use within your environments.
00:00
Quiz question. Which of the following is not
00:00
true about virtual images?
00:00
Virtual images provide a solution for
00:00
backing up customer operating systems and configurations.
00:00
Virtual images restoration needs to
00:00
be tested regularly to ensure that it works.
00:00
Virtual images can be patched
00:00
easily because the data is compressed.
00:00
The last one is obviously not true.
00:00
When a virtual image is it's
00:00
file for compressed file format,
00:00
it can't be brought up
00:00
to the latest standard and patches cannot be applied.
00:00
That's why it's really important to check
00:00
the configuration baseline when a virtual machine
00:00
is activated to ensure that it is
00:00
appropriately patched and not
00:00
operating in unsecure state.
00:00
In summary, we talked
00:00
about the administration of middleware,
00:00
we talked about the need to maintain
00:00
secure configurations for the baseline
00:00
of the operating system and the applications,
00:00
and we talked about
00:00
the shared responsibility of middleware.
00:00
Figuring out what's the balance between ensuring that
00:00
a Cloud customer can run their applications
00:00
in potentially older versions when necessary,
00:00
but at the same time meeting
00:00
the best quality and standards
00:00
when it comes to security.
00:00
>> See you in the next lesson.
Up Next
Instructed By
Similar Content
