Cloud Infrastructure Security

BITS Pilani Syed Aquib

Pilani Campus Security Fundamentals For Cloud
 BITS Pilani
Pilani Campus

CC ZG504, Cloud Security Foundations

Lecture No.5
Agenda

• Part 1: Securing, Hardening, and Patching Virtual Machines (45 minutes)

• Introduction to Virtual Machine Security
• Hardening Virtual Machines
• Patch Management
• Image and Configuration Management
• Part 2: Security at the Network Layer (45 minutes)
• Securing the Network Layer
• Virtual Private Cloud (VPC)
• Firewalls (FW)
• Intrusion Prevention Systems (IPS)
• Part 3: Q&A and Wrap-up (30 minutes)
• Q&A and Discussion
• Conclusion

BITS Pilani, Pilani Campus

Session 4: A Quick Recap
Federated Identities & Protocols
Federated Identities
• Definition: A system enabling users to access multiple services with a single set of credentials, managed by a trusted
identity provider (IdP).
• Benefits:
• Simplified user experience
• Reduced administrative overhead
• Improved security
Types of Federation
• Web-Based: Login to web apps using existing social media or enterprise accounts (e.g., "Sign in with Google").
• Enterprise: Access resources across different departments or organizations within an enterprise using company
credentials.
• Cross-Domain: Extend identity federation across different security domains, enabling secure collaboration between
organizations.
Key Protocols & Technologies
• SAML: XML-based standard for exchanging authentication and authorization data between an IdP and a service
provider.
• OAuth: Open standard for authorization, allowing third-party apps access to user resources without sharing
credentials.
• OpenID Connect: Identity layer on top of OAuth, providing user authentication and information exchange.

BITS Pilani, Pilani Campus

Session 4: A Quick Recap
IAM, Entitlement Management, & Audit
IAM Protocols & Specifications
• Overview: Define the rules for exchanging identity and access information between systems.
• Key Protocols:
• SAML, OAuth, OpenID Connect
• LDAP, Kerberos, RADIUS
Entitlement Management
• Definition: Managing and controlling user access rights to resources based on roles, attributes,
etc.
• Benefits:
• Ensures appropriate access levels.
• Reduces risk of unauthorized access.
• Simplifies access management.
IAM Audit
• Importance: Regular audits ensure IAM policies are effective and compliant.
• Key Focus Areas:
• User access reviews
• Privilege escalation checks
• Log analysis
• Compliance audits

BITS Pilani, Pilani Campus

Introduction to Virtual Machine Security

The Need for VM Security: While VMs offer numerous advantages, they also
introduce potential security challenges. VMs can be susceptible to attacks
from various sources, including malware, network intrusions, and
misconfigurations. Unsecured VMs can lead to data breaches, service
disruptions, and financial losses.
Shared Responsibility: Cloud providers implement robust security measures
to protect the underlying infrastructure. However, securing VMs is a shared
responsibility. Customers play a crucial role in safeguarding their data and
applications within the VMs. This includes implementing strong access
controls, patching vulnerabilities, and monitoring for suspicious activity.

BITS Pilani, Pilani Campus

Hardening Virtual Machines

Definition: Hardening is a proactive security practice that involves reducing the

attack surface of a virtual machine. It's akin to locking all the doors and windows of
your house, making it significantly more difficult for intruders to gain unauthorized
access. We accomplish this by removing any unnecessary software, services, and
open ports that could be exploited by attackers.

Key Steps:
1. Disable Unnecessary Services and Ports
2. Apply Security Configurations and Updates
3. Restrict Administrative Access
4. Implement Strong Password Policies
5. Use Security Tools
BITS Pilani, Pilani Campus
Patch Management
Importance: Patch management is the ongoing process of applying software updates and security patches to address
vulnerabilities and fix bugs in your virtual machines. It's like regularly servicing your car to keep it running smoothly
and prevent breakdowns. Failing to patch can leave your VMs exposed to known exploits, making them an easy
target for attackers.
Challenges:
• Dynamic Cloud Environments: Cloud environments are constantly evolving, with new VMs being spun up and
existing ones being modified or terminated. This dynamic nature can make it challenging to track and patch all VMs
effectively.
• Minimizing Downtime: Patching often requires rebooting VMs, which can lead to service disruptions. It's crucial to
minimize downtime to ensure business continuity.
• Ensuring Compatibility: Patches can sometimes introduce compatibility issues with existing applications or
configurations. Thorough testing is necessary to avoid unintended consequences.
Best Practices:
1. Establish a Patch Management Process: Define clear procedures for identifying, prioritizing, testing, and
deploying patches.
2. Prioritize Critical Patches: Focus on patching vulnerabilities that pose the highest risk to your organization.
3. Test Patches in a Non-Production Environment: Before applying patches to production VMs, test them in a
controlled environment to identify any potential issues.
4. Automate Patch Deployment: Use automation tools to streamline the patching process and reduce the risk of
human error.

BITS Pilani, Pilani Campus

Image and Configuration Management
Golden Images: A golden image is a pre-configured, secure, and standardized
template for creating new virtual machines. It acts as a blueprint, ensuring all VMs
deployed from this image start with a known and hardened configuration. This
reduces the risk of misconfigurations and vulnerabilities that can arise from
manual setups.
Configuration Management Tools: These tools automate the process of
configuring and maintaining VMs, ensuring consistency across multiple instances.
They allow you to define desired configurations (e.g., software installations,
security settings) and automatically apply them to VMs, even as they scale up or
down. This eliminates manual configuration errors and saves significant time and
effort.

BITS Pilani, Pilani Campus

Securing the Network Layer
Why Network Security is Critical for Cloud Security
• Data Protection: Networks act as conduits for sensitive information. Network
security measures like encryption and access controls ensure that data remains
protected both in transit and at rest, preventing unauthorized access and data
breaches.
• System Availability: Network security safeguards against attacks like Distributed
Denial of Service (DDoS) that aim to disrupt services and render systems
unavailable. This ensures uninterrupted access to critical cloud resources.
• Threat Mitigation: By implementing firewalls, intrusion detection systems, and other
network security mechanisms, organizations can proactively identify and mitigate
threats, preventing them from impacting the cloud environment.
• Regulatory Compliance: Many industries have stringent data protection regulations.
A strong network security posture helps organizations comply with these regulations
and avoid penalties.
BITS Pilani, Pilani Campus
Securing the Network Layer
Common Network-Based Threats
• Unauthorized Access: This involves gaining access to network resources
without proper authorization. This can be achieved through techniques like
password cracking, exploiting vulnerabilities, or social engineering.
• Data Interception: Attackers may attempt to intercept data in transit to steal
sensitive information like login credentials, financial data, or personal information.
• DDoS Attacks: These attacks overwhelm network resources with a flood of
traffic, rendering services unavailable to legitimate users.
• Malware: Malicious software can infiltrate networks through various means, like
phishing emails or drive-by downloads. Once inside, malware can steal data,
disrupt operations, or create backdoors for further attacks.

BITS Pilani, Pilani Campus

Securing the Network Layer
Key Network Security Measures
• Firewalls: Act as a barrier between trusted and untrusted networks, controlling
incoming and outgoing traffic based on predefined rules.
• Intrusion Detection and Prevention Systems (IDS/IPS): Monitor network traffic
for suspicious activity and can take automated actions to block threats.
• Virtual Private Networks (VPNs): Create secure, encrypted tunnels for data
transmission over public networks.
• Network Segmentation: Divides the network into smaller segments to isolate
sensitive data and limit the impact of breaches.
• Regular Security Assessments: Conduct vulnerability scans and penetration
tests to identify and address weaknesses before they are exploited.

BITS Pilani, Pilani Campus

Virtual Private Cloud (VPC)
1. Network Isolation and Segmentation
A VPC acts as a virtual fence, segregating your cloud resources from those of other cloud users.
This isolation ensures that your applications and data remain secure and protected from
unauthorized access. You can further enhance isolation by segmenting your VPC into multiple
subnets, each serving specific purposes or hosting different types of workloads.
2. Control Over IP Address Ranges, Subnets, and Routing Tables
Within your VPC, you have full autonomy to define the IP address ranges, create subnets, and
configure routing tables. This granular control allows you to design a network topology that
perfectly suits your application architecture and facilitates efficient communication between your
resources.
3. Enhanced Security and Privacy
VPCs offer robust security features to safeguard your cloud environment. You can implement
security groups (virtual firewalls) to control inbound and outbound traffic, define network access
control lists (ACLs) to filter traffic at the subnet level, and leverage VPN connections for secure
access to your VPC resources from on-premises networks. These security measures help protect
your data and applications from unauthorized access and potential threats.

BITS Pilani, Pilani Campus

Firewalls (FW)
Purpose: A firewall is a network security system that acts as a barrier between a trusted internal
network and an untrusted external network (such as the internet). Its primary function is to
monitor and control incoming and outgoing network traffic based on a set of predefined
security rules. These rules dictate which types of traffic are permitted or blocked, helping to
prevent unauthorized access and malicious activities.
Types of Firewalls:
• Network Firewalls: These firewalls operate at the network layer, inspecting packets based on
their source and destination IP addresses, ports, and protocols. They can filter traffic based on
specific criteria, such as allowing or blocking certain types of traffic (e.g., HTTP, FTP, SSH) or
restricting access to specific IP addresses or port ranges.
• Web Application Firewalls (WAFs): WAFs are specialized firewalls designed to protect web
applications from attacks that exploit vulnerabilities in application code or protocols. They
analyze HTTP/HTTPS traffic and can detect and block malicious requests, such as SQL
injection attacks, cross-site scripting (XSS), and cross-site request forgery (CSRF). WAFs
provide an additional layer of security beyond traditional network firewalls.

BITS Pilani, Pilani Campus

Real-World Examples of Firewalls (FW)
Home Router Firewall: Most home routers come equipped with a built-in firewall that
protects your home network from unauthorized access and malicious traffic from the
internet. It typically blocks incoming connections from the internet unless specifically
configured to allow them.
Corporate Network Firewall: Large organizations often use sophisticated firewalls at
the edge of their network to protect against external threats. These firewalls filter
traffic based on complex rules, ensuring that only authorized access is granted to
internal resources.
Cloud Firewall: Cloud providers offer virtual firewalls to protect cloud-based resources
and applications. These firewalls can be configured to control traffic between different
cloud instances or between the cloud and the internet.
Web Application Firewall (WAF): A WAF protects web applications by filtering,
monitoring, and blocking HTTP/HTTPS traffic. It can detect and prevent attacks such
as SQL injection and cross-site scripting (XSS). A popular WAF example is
Cloudflare's WAF service, used by many websites to protect against malicious web
requests.

BITS Pilani, Pilani Campus

Intrusion Prevention Systems (IPS)
Purpose:
Intrusion Prevention Systems (IPS) serve as proactive network security solutions, designed to
not only detect but also prevent malicious network activity in real time. While traditional
firewalls act as a barrier, allowing or blocking traffic based on predefined rules, IPS goes a
step further by actively analyzing network traffic and taking immediate action to thwart threats
as they occur.
How IPS Works:
IPS employs a multi-pronged approach to identify and neutralize threats:
1. Signature-Based Detection: IPS maintains a database of known attack signatures,
representing patterns or characteristics associated with specific exploits or malware. By
continuously scanning network traffic against this database, IPS can identify and block
malicious packets before they reach their intended targets.
2. Anomaly-Based Detection: IPS also utilizes anomaly-based detection techniques to identify
unusual or suspicious behavior that deviates from established network baselines. This helps
to detect new or unknown attacks that may not have a corresponding signature.
3. Real-Time Prevention: When IPS detects a potential threat, it takes immediate action to
prevent the attack from succeeding. This may involve dropping malicious packets, blocking
the source IP address, or resetting the connection.

BITS Pilani, Pilani Campus

Intrusion Prevention Systems (IPS)
Key Benefits of IPS:
• Proactive Threat Detection and Prevention: IPS acts as a first line of defense,
actively blocking threats before they can cause damage. This proactive approach
significantly reduces the risk of successful attacks and data breaches.
• Enhanced Security Posture: By adding an additional layer of security beyond
traditional firewalls, IPS strengthens your overall security posture. It provides
comprehensive protection against a wide range of network threats, including known
and unknown attacks.
• Real-Time Visibility: IPS provides real-time visibility into network traffic and security
events, allowing you to identify and respond to threats quickly. Detailed logs and
alerts enable you to track attack patterns and trends, helping you stay ahead of
emerging threats.
• Regulatory Compliance: IPS can assist in meeting regulatory compliance
requirements by demonstrating proactive measures to protect sensitive data and
prevent security incidents.
BITS Pilani, Pilani Campus
Real-World Examples of
Intrusion Prevention Systems (IPS)
Snort: Snort is a widely used open-source IPS that can detect and block various types
of network attacks. It uses a combination of signature-based and anomaly-based
detection techniques to identify threats.
Suricata: Another popular open-source IPS, Suricata, provides similar capabilities to
Snort and is often used in high-performance network environments.
Cisco Firepower: Cisco's Firepower product line includes both firewalls and IPS
capabilities. It offers advanced threat detection and prevention using a combination
of signature-based, anomaly-based, and reputation-based analysis.
Next-Generation Firewall (NGFW): Many NGFWs incorporate IPS functionality
alongside traditional firewall capabilities. This allows for a more integrated and
efficient approach to network security. Palo Alto Networks and Fortinet are examples
of vendors offering NGFW solutions with built-in IPS.
Endpoint Protection Platform (EPP): Some EPPs include host-based IPS
components to protect individual endpoints from malicious network traffic. These
solutions complement network-based IPS by providing an additional layer of security
at the device level.

BITS Pilani, Pilani Campus

Trends and Future Directions

BITS Pilani, Pilani Campus

Gartner Hype Cycle

BITS Pilani, Pilani Campus

Hype Cycle for
Workload and Network Security

BITS Pilani, Pilani Campus

Trends and Future Directions

1. The Rise of CNAPP

• Cloud-Native Application Protection Platforms (CNAPP) are gaining
significant traction, moving closer to mainstream adoption.
• CNAPP integrates various security capabilities, including Cloud Security
Posture Management (CSPM), Cloud Workload Protection Platforms
(CWPP), and Kubernetes Security Posture Management (KSPM).
• This consolidation simplifies security for cloud-native environments.
2. The Maturing of ZTNA
• Zero Trust Network Access (ZTNA) is moving towards the "Slope of
Enlightenment" phase, indicating growing understanding and acceptance.
• ZTNA is vital for secure remote access and aligns with the broader shift
towards Zero Trust security principles.

BITS Pilani, Pilani Campus

Trends and Future Directions

3. The Growing Importance of API Security

• API Security is recognized as crucial, with a focus on protecting APIs throughout
their lifecycle.
• Increased API adoption and associated risks drive this emphasis.
4. The Continued Relevance of SASE
• Secure Access Service Edge (SASE) remains a prominent technology, converging
network and security functions.
• SASE simplifies security for distributed workforces and cloud-based resources.
5. The Emergence of XDR
• Extended Detection and Response (XDR) is gaining visibility, offering unified threat
detection and response across various security tools.
• XDR improves threat visibility and incident response capabilities.

BITS Pilani, Pilani Campus