CCSK

Expand all | Collapse all

Cloud Security Infrastructure Weaknesses?

  • 1.  Cloud Security Infrastructure Weaknesses?

    Posted Nov 06, 2020 05:20:00 PM

    Hello all!

    As I've continued to go through the CCSK training, one part piqued my interest in Module 2 Unit 2 which talked about securing cloud infrastructure. 

    My question is, are there certain elements within the cloud infrastructure that are more vulnerable than others to attacks? Or are hacked more frequently? If so which ones?


    Additionally I've been hearing the term: 'Topology' and wanted a clearer understanding of what this means as it relates to cloud security.


    Thank you!



    ------------------------------
    Jenna Morrison
    Intern
    Cloud Security Alliance
    ------------------------------


  • 2.  RE: Cloud Security Infrastructure Weaknesses?

    Posted Nov 09, 2020 07:30:00 AM
    The layout pattern of the interconnections between computers in a network is called network topology. You can think of topology as the virtual shape or structure of the network. ... There are a number of different types of network topologies, including point-to-point, bus, star, ring, mesh, tree and hybrid.

    ------------------------------
    Victoria Arkhurst
    Founder
    IRM Consulting & Advisory
    ------------------------------



  • 3.  RE: Cloud Security Infrastructure Weaknesses?

    CSA Instructor
    Posted Nov 10, 2020 07:57:00 AM
    Which parts of the cloud infrastructure are more vulnerable than others?

    Half-jokingly: the parts that are managed by the cloud consumer are typically more vulnerable than the ones that are managed by the provider.

    ------------------------------
    Peter HJ van Eijk
    CCSK & CCAK trainer
    ------------------------------



  • 4.  RE: Cloud Security Infrastructure Weaknesses?

    Posted Nov 10, 2020 08:00:00 AM
    Couldn't agree more. Lol

    ------------------------------
    Keith Patterson
    President
    Malpaso Consulting
    ------------------------------



  • 5.  RE: Cloud Security Infrastructure Weaknesses?

    Posted Nov 10, 2020 07:29:00 AM
    Hi Jenna
    The easiest to hack and probably something you've heard of quite often are publicly accessible S3 buckets. 
    However, AWS has locked these down more tightly now by default.
    I'd say that youd have to specify whether you are talking SaaS, IaaS, PaaS as they are very different cloud operating models and are susceptible to different threat vectors.
    Would be interested to hear what are common vulnerabilities for each.
    Thanks. 


    ------------------------------
    Keith Patterson
    President
    Malpaso Consulting
    ------------------------------



  • 6.  RE: Cloud Security Infrastructure Weaknesses?

    Posted Nov 17, 2020 09:24:00 AM

    Thank you for your reply!

    Since SaaS is currently the most commonly used, in your opinion 
    which threat vector, programming or social engineering, is more frequently used to hack SaaS?



    ------------------------------
    Jenna Morrison
    Intern
    Cloud Security Alliance
    ------------------------------



  • 7.  RE: Cloud Security Infrastructure Weaknesses?

    Posted Nov 11, 2020 02:43:00 PM
    One of my clients had gone to extremes to harden his app, implement rigid IAM & access controls, encrypt file & database, implement hardware security keys, and hand wire least privilege HTTPS communications among all services and microservices.  BUT on review, he had not disabled the unrestricted HTTP connection to the S3 buckets where he automatically backed up critical data.

    Yet again this demonstrates that the most vulnerable components are also the ones that are most fallible... the human.

    ------------------------------
    Paul Deaver CISSP, CCSP
    Anodyne Enterprise Security, LLC
    ------------------------------