CySA+
  • CySA+ CS0-002 Exam Objectives
  • Threat Intelligence Cycle
  • Intelligence Sources
  • Security Intelligence Sharing
  • Threat Classification and Threat Actors
  • Threat Research and Indicators of Compromise
  • Attack Frameworks and The Cyber Kill Chain
  • Defining Threat Modeling and Threat Hunting
  • Vulnerability Identification and Validation
  • Vulnerability Scan Results and CVSS Scores
  • Nmap and Enumeration
  • Security Controls
  • Defense in Depth Security Baselines
  • Security Trend Analysis
  • Remediation Issues
  • Asset, Change, and Configuration Management
  • Software Development Lifecycle & Development Models
  • Software Assessment and Code Review
  • Mitigating Attack Types Part 1
  • Mitigating Attack Types Part 2
  • Mitigating Attack Types Part 3
  • Password Cracking and Hashing
  • Privilege Escalation & Man-in-the-Middle
  • Network Based IoCs
  • Host Based IoCs
  • Network Architecture and Segmentation
  • Network Traffic, Packet, and Protocol Analysis
  • Pentesting and Active Defense
  • Firewalls
  • URL Analysis & DNS in Malware
  • Network Access Control and Port Security
  • Identity and Access Management (IAM)
  • Web Application Scanners
  • SSL/TLS Digital Certificate Management
  • Mobile Threats
  • Email Threats and Mitigation
  • Data Loss Prevention (DLP)
  • Endpoint Security and Behavior Analysis
  • Hardware Assurance
  • Blackholes and Sinkholes
  • IoT, Embedded Systems & ICS/SCADA Threats
  • Log Analysis & Continuous Security Monitoring
  • SIEM and Event Correlation
  • Malware Analysis
  • Cloud Models and Service Threats
  • Cloud Automation and Other Cloud Threats
  • VDI, Containers, and Microservices
  • CI/CD, IaC, DevOps
  • AI and Machine Learning
  • Digital Forensics
  • Technical Controls for Securing Data
  • Non-Technical Controls for Securing Data
  • Security Policies and Procedures
  • Continuity Planning and Risk Assessment
  • Incident Response Phases and Communication
Powered by GitBook
On this page

Cloud Models and Service Threats

  • Public Cloud

    • Purchased “as a service”, no on prem infrastructure

    • Global distributed infrastructure

    • Virtual resources, no access to hardware (with some exceptions)

    • Resources are shared among tenants

    • Pay per use, rented from CSP

    • Security in-transit and at rest?

    • Hardware, OS, and virtualization layer managed by CSP

    • Apps, data, security policies managed by you

    • Special categories: Community clouds, multiclouds.

  • Private Cloud

    • Virtualized, elastic, self service data center

    • Single tenancy. One owner, one user.

    • Full responsibility from hardware to data

    • Privacy, data localization requirements.

    • CAPEX – upfront investment

    • “Private” security, too.

  • Hybrid Cloud

    • Public + public

    • Reasons

      • Scalability for on prem resources

      • Can pick and choose specific services only

      • Regulations/compliance

    • More difficult security implementations

    • More difficult management and monitoring

  • Cloud Service Models

    • On Prem

      • You manage everything

    • IaaS

      • CSP: Networking, servers, storage, networking

      • Customer: OS, middleware, runtime, Data Applications

    • PaaS

      • CSP: Networking, Storage, Servers, Virtualization, OS, middleware, runtime

      • Customer: Applications, Data

    • SaaS

      • CSP: Networking, Storage, Servers, Virtualization, OS, Middleware, Runtime, Data, Applications

      • Customer: Configuration and backup is still your responsibility.

  • CASB – Cloud access Security Broker

    • Controls access to cloud services

    • Keeps track of user accounts, security policies, permissions

    • SSO between on-prem and cloud

    • Monitor user actions on cloud resources

    • Protects against data exfiltration

    • Modes of operation:

      • Forward proxy

      • Reverse proxy

      • API Based

  • Cloud Infrastructure Assessment Tools

    • ScoutSuite

    • Prowler

    • Pacu

  • Cloud digital forensics

    • Difficult forensics due to:

      • No access to the underlying hardware

      • No visibility onto where data is actually stored

      • Volatility of virtual resources

      • Chain of custody

    • Solution: Involve the CSP

PreviousMalware AnalysisNextCloud Automation and Other Cloud Threats

Last updated 2 years ago