Infrastructure Protection

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
19 hours 19 minutes
Difficulty
Intermediate
CEU/CPE
20
Video Transcription
00:00
>> Hey everybody and welcome back.
00:00
In this lecture we're going to talk
00:00
about infrastructure protection.
00:00
Learning objectives are really going to be to
00:00
describe shared responsibility model.
00:00
We'll talk a little bit about why that's important,
00:00
and then we'll talk a little bit about
00:00
the security controls and security concerns we
00:00
have pertaining to our part
00:00
as the consumers or the customers.
00:00
The shared responsibility model,
00:00
it is basically this.
00:00
AWS is going to be in charge of
00:00
the security of the cloud.
00:00
As a customer, we're going to be responsible for
00:00
the security in the cloud. Well, what does that mean?
00:00
That basically means that anything that
00:00
deals with the building of
00:00
the cloud; any managed services,
00:00
the network, the physical location,
00:00
making sure that the services are
00:00
available despite natural disasters and stuff like that.
00:00
That is the security of
00:00
the cloud. They're taking care of that.
00:00
They're taking care of the confidentiality,
00:00
the integrity, the availability.
00:00
They want you to not have to worry about that.
00:00
That's the beauty of the cloud.
00:00
It's supposed to be hands-off,
00:00
and it's supposed to help us have
00:00
that peace of mind so that we can leverage
00:00
their resources hence we
00:00
don't have to pay out-of-pocket for a lot of that stuff.
00:00
Now, what does it mean for us?
00:00
Well, what you put in the cloud and
00:00
how you use the cloud is your responsibility.
00:00
If there's any legal concerns,
00:00
if you get hacked,
00:00
any of those risky things
00:00
that could happen in the real-world,
00:00
you are responsible for as the customer.
00:00
AWS makes it very
00:00
clear when you're signing up and you're checking
00:00
all the terms and conditions and making sure that you
00:00
accept that they are not liable for that stuff.
00:00
You try to take them to court,
00:00
probably not going to get anywhere.
00:00
They have an eye on cloud process
00:00
to make sure that they are protected.
00:00
When you stick your data in the cloud,
00:00
you are responsible for it.
00:00
Now let me tell you an example.
00:00
This even goes as far as you sticking
00:00
your information on an EC2 instance
00:00
that is not dedicated,
00:00
and another person who happens to be
00:00
using a shared EC2 instance on the same blade,
00:00
if they do something,
00:00
and they make a mistake,
00:00
your data can still be taken by
00:00
the government or whatever
00:00
the regulation body is
00:00
as they're doing their digital forensics,
00:00
to find out what happened on the other customer side.
00:00
Because your data was shared on those partitions,
00:00
your information will be
00:00
seen by whoever the forensics analysts is.
00:00
Keep that in mind. You may be totally in the clear,
00:00
but if somebody else makes a mistake,
00:00
you could still be responsible.
00:00
Now, because of this reason,
00:00
this is why the United States federal government doesn't
00:00
allow for any shared services.
00:00
They don't allow for us to use any shared services.
00:00
If you want to use the cloud,
00:00
has to be dedicated.
00:00
You better buy or rent out
00:00
the entire box because we don't want to
00:00
be dealing with any type of mishaps
00:00
of maybe somebody else being dumb and making a mistake,
00:00
and obviously government information
00:00
getting leaked to digital forensics person,
00:00
not the best idea.
00:00
That breaks confidentiality on that slide.
00:00
To avoid that, we use dedicated resources to do that.
00:00
That's something that it is
00:00
recommended depending on what your regulation is.
00:00
Of course, more expensive,
00:00
so you have to account for that,
00:00
but you can also ensure better security that way as well.
00:00
Here is our shared responsibility model.
00:00
You saw this when we were perusing
00:00
through the security pillar a few lessons ago.
00:00
I do recommend you go through that,
00:00
make sure you understand what this is.
00:00
But as you can see here,
00:00
dark blue represents
00:00
the cloud services provider's responsibility.
00:00
It's everything that they're going to take care of.
00:00
If we look at the top,
00:00
if we look at the y-axis,
00:00
you can see Infrastructure as a Service,
00:00
Platform as a Service, and Software as
00:00
a Service going down.
00:00
If we look at the different layers,
00:00
so we have security and compliance or
00:00
security governance, risk and compliance.
00:00
You have data security, Ap Sec,
00:00
platform security, infrastructure
00:00
security, and physical security.
00:00
If we break it down like this,
00:00
you can see that the enterprise or the customer
00:00
owns most of that responsibility
00:00
if they're using an IaaS service.
00:00
What's an example of an IaaS service? EC2 instance.
00:00
That's a Infrastructure as a Service.
00:00
If we move over to platform,
00:00
we can see that the platform security,
00:00
the operating system,
00:00
the virtualization, the VM,
00:00
all that stuff that's already being taken care
00:00
of mostly by the cloud service provider.
00:00
There is still some responsibility
00:00
that we have if we're using Platform as a Service.
00:00
But a good example of this could be
00:00
like DynamoDB or something like that.
00:00
It's a managed service.
00:00
We still have to set
00:00
up some of the underlying dependencies
00:00
in order to run our code,
00:00
but at the end of the day,
00:00
the cloud service provider is
00:00
handling most of that virtualization,
00:00
so we don't have to be concerned about that.
00:00
The rest of it,
00:00
application security and the actual application itself,
00:00
that data and the governance risk and compliance,
00:00
that is going to fall on us as the customer.
00:00
Then Software as a Service is
00:00
the least security responsibility that we have.
00:00
However, what you put in
00:00
the cloud is going to be your responsibility.
00:00
That is always the case,
00:00
just keep that in mind.
00:00
That about wraps up this lecture.
00:00
This is a very basic intro
00:00
on infrastructure security protections.
00:00
But it's something that we need to keep in mind.
00:00
We've talked about the different security services,
00:00
and if you look at how these play into our environment,
00:00
that helps you understand,
00:00
we can use AWS Shield
00:00
for protection against distributed denial of service.
00:00
We can leverage that on our infrastructure
00:00
whenever we are building out a network,
00:00
or building out an application, and we're hosting it,
00:00
whatever the situation may be,
00:00
you need to apply appropriate security controls
00:00
at the appropriate layers.
00:00
That about wraps up this lecture.
00:00
If you guys have any questions,
00:00
feel free to reach out to me.
00:00
If not, I'll see you in the next lecture.
Up Next