Cloud Computing terms

confidentiality

the characteristic of something being made accessible only to authorized parties, i.e access is restricted to data in transit and storage

integrity

characteristic of not having been altered by an unauthorized party, i.e if a cloud consumer can guarantee their data that is transmitted matches the data received by the cloud service

authenticity

characteristic of something provided by an authorized source, login fornms, http auth and digest, X.509 certificates, customm methods.

it is non repudiable (can’t deny actions or communications once they are completed) (i.e, actions are uniquely linked to an authorized source)

availability

accesible during certain times

authorization

decides if you have access to a resource

methods: access controls for URL

secure objects and methods

access control lists

measure security

through presence of confidentiality, integrity, authenticity, availability

measure lack of security

through threats, risks, vulnerabilities

threat

security violation that can challenge defenses in an attemtp to break security or cause harm

attacks occur when threats are carried out

vulnerability

weakness that can be exploited because it lacks sufficient security controls or security controls are overcome by an attack

caused by
config deficiencies

policy weaknesses

user errors

hardware/firmware flaws

software bugs

poor security architecture

risk

possibility of loss or harm from doin something

measured according to threat levels and num of vulnerabilities

two metrics to determine

probability of a thhreat that can exploit vulnerabilities

expectation of loss on the resource being comprimised

security controls

countermeasures to prevent/respond to security threats to reduce/avoid risk

security mech

defensive framework that protects it resources

security policies

rules and regulations for security.

defines how regulations and rules are implemented

and how controls and mechanisms are used

support of improving security

controls, mechanisms, policies

hash function

a mathematical function that convert an input value into a compressed numerical value. It takes in data of an arbitrary length and outputs one of a fixed length.

public key infrastructure

framework of encryption and cybersecurity that protects communications between server and client

made up of digital certificates

certifcate authority

registration authority

digital cert

eletronic id for websites

certificate auth (CA)

digitally signed by third party CA like verisign, comodo

Registration auth (RA)

authorized by CA to provide digital certs to users on a case by case access

hardening

process of stripping unneccesary software to limit vulnerabilities that can be exploited

removing redundant programs

closing unnneded ports

disabling unused services, internal root accs, guast access

SSO

mechanism by which architectures with multiple services allow user to transition from one service to another while maintaining authentication

serverless computing

model where cloud provider dynamically manages the allocation and provisioning of servers

devs only write and deploy code

resources allocated upon demand, build for compute time consumed

eliminates need for server management, scaling, patchiing

S3

object storage for imagesam videos, docs. it is scalable and durable

API GATEWAY

manages API

Lambda

runs code wihout provisioning or managing servers. supoorts multi languages

dynamo db

NoSQL db for high performance apps. low latency