New Solution-CMIT-280 Assignment: Cloud Computing Security
$149.99$199.99
New Solution-CMIT-280: Cloud Computing Security
| CMIT-280 Assignment Week 1: Discussion – OWASP Top 10 Web Application Security Threats , |
| CMIT-280 Assignment Week 1: Assignment – Applying Cloud Concepts , |
| CMIT-280 Assignment Week 2: Discussion – Threat , |
| CMIT-280 Assignment Week 2: Assignment 1 – Lab 1 – Cloud Security Mechanisms , |
| CMIT-280 Assignment Week 3: Discussion – Cloud Infrastructure Risks , |
Description
Week 1: Assignment – Applying Cloud Concepts
Company A’s IT department has a hosting platform specifically for systems used by the company’s large marketing department. This platform provides critical, high-availability hosted IT resources and services. However, the IT department has started to receive complaints about the time it takes to start new marketing campaigns, primarily due to how long it takes to provision new servers within this platform. Also, as a result of a recent set of mergers and acquisitions, the consumers of the services hosted by this platform have become more distributed, with service consumers accessing services from a large variety of locations, and with increasingly different types of devices.
What to submit:
- Problem Statement:
- In response to these complaints, Company A is considering using a cloud-based hosting platform. Which specific characteristics of a cloud will be helpful for Company A to address its Problems? Please list at least 3.
- Submission should not exceed 2 pages.
Week 2: Assignment 1 – Lab 1 – Cloud Security Mechanisms
- Due Sep 12 by 11:59pm
- Points 100
- Submitting a file upload
Please review the network diagram and scenario in detail. After you have completed your review, please choose the most appropriate statement that describes a legitimate source of the malicious data.
Cloud Service Consumer A sends a message to Cloud Service X (1), but it is first intercepted by Service Agent A (2) before actually being forwarded to Cloud Service X. Cloud Service X is hosted on Virtual Server X. Whenever an IT resource on Virtual Server X is accessed, the physical server that hosts Virtual Server X writes a log entry into Database A. After processing the request, Cloud Service X replies to Service Consumer A with a response message (4). Cloud Service Consumer B sends a message to Cloud Service Y (5), which is hosted by Virtual Server Y. This virtual server is hosted by the same physical server as Virtual Server X and therefore when Cloud Service Y is accessed, a log entry is again written into Database A (6). After processing the request, Cloud Service X replies to Service Consumer A with a response message (7). After being in use for several weeks, Cloud Service Consumer B unexpectedly shuts down. An investigation reveals that a response message sent by Cloud Service Y contained malicious data that successfully attacked and disabled Cloud Service Consumer B and its underlying implementation.
Part I: SELECT ALL THAT APPLY
Which of the following statements describes a legitimate source of the malicious data?
- The source of the malicious data was Service Agent A. Upon intercepting the message from Cloud Service Consumer A, the service agent altered its contents prior to forwarding the message to Cloud Service X. Because Cloud Service X and Cloud Service Y share the same underlying physical server, this data compromised IT resources on that physical server which further compromised Virtual Server Y and Cloud Service Y.
- The source of the malicious data was Database A. This database was independently attacked and made inaccessible by the physical server. Because the physical server was unable to write its log entries, it raised errors that affected the performance and behavior of Cloud Service Y.
- The source of the malicious data was Cloud Service Consumer A. This program forwarded malicious data in the message it sent to Cloud Service X. Because Cloud Service X and Cloud Service Y share the same underlying physical server, this data compromised IT resources on that physical server that further compromised Virtual Server Y and Cloud Service Y.
- The source of the malicious data was Virtual Server Y. This virtual server was independently attacked. The attacker managed to place malicious software on the virtual server which inserted malicious data into the message sent by Cloud Service Y to Cloud Service Consumer B.
Part II: SELECT ALL THAT APPLY
Which of the following can be deployed to help ensure the confidentiality of the data in the cloud? (Choose two)
- Encryption
- SLA’s
- Masking
- Continuous Monitoring
The digital signature mechanism is a means of providing data authenticity and integrity through authentication and non-repudiation. A message is assigned a digital signature prior to transmission, which is then rendered invalid if the message experiences any subsequent, unauthorized modifications. A digital signature provides evidence that the message received is the same as the one created by its rightful sender. Would a digital signature have prevented Cloud Service Consumer B from being essentially attacked and shut down?
- Yes
- No
Week 3: Assignment – Writing Assignment – Amazon GuardDuty
- Due Sep 19 by 11:59pm
- Points 100
- Submitting a file upload
- Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats
- Please go to the link below and view the GuardDuty video.
https://aws.amazon.com/guardduty/?c=sc&sec=srv (Links to an external site.)
- In this assignment, students are expected to perform some research on Amazon GuardDuty. Submit a proposal to your leadership on why you think your company should start using GuardDuty. Please keep this assignment to no more than one page. Use the below headers to assist you.
- Amazon Guard Duty Description
- Pro’s
- Cons
- Potential Use Cases that would be applicable and why (see benefits on the web link above)
Week 4: Assignment 1 – Lab 2 – Cloud Security Mechanisms
- Due Sep 26 by 11:59pm
- Points 100
- Submitting a file upload
From the readings and lectures, we have learned about cloud security mechanisms and common security threats. This lab will have students perform an exercise where they match up security threats against the cloud mechanism used to counter them.
Under each cloud security mechanism listed below, students are to list which one of the cloud security threats this mechanism can be used to counter / defend against (if any).
Cloud Security Mechanisms:
- Encryption
- Digital Signatures
- Identity and Access Management
- Single Sign on
- Cloud Based Security Groups
- Hardened Virtual Server Images
Cloud Security Threats:
- Malicious Intermediary
- Denial of Service
- Insufficient Authorization
- Virtualization Attack
- Overlapping Trust Boundary
Week 5: Assignment 1 – Lab 3 – Cloud Vulnerability
- Due Oct 3 by 11:59pm
- Points 100
- Submitting a file upload
In this lab, students will create a free account on the Cloud Security Alliance website and download a Top Threats study. Students will be asked to analyze a vulnerability, choose an appropriate control, and perform a little more research to back that selection up with facts.
This lab will give students exposure to the Cloud Security Alliance top threat program.
- Students should go to the CSA page / Knowledge Center / Research Library (Links to an external site.) and create a free account.
- Sign in and open the following document: Top Threats to Cloud Computing: Deep Dive
- Scroll down to the Cloudbleed vulnerability and read the one page details.
Students are to select one of these two categories – Preventative Controls or Detective Controls. Under this category, choose which control you believe to be the most effective and explain why.
What to submit in your Lab Report:
- Vulnerability: Cloudbleed
- Select one – Preventative or Detective:
- Most Important Control and Why:
- Research: Do some research and try to find an example of where your chosen control could have prevented CloudBleed from being impactful.
Week 6: Assignment – Amazon CloudWatch Writing Assignment
- Due Oct 10 by 11:59pm
- Points 100
- Submitting a file upload
- Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers.
- The Amazon CloudWatch monitors activity in the cloud and issues notifications or alarms based on preconfigured thresholds.
- Please go to the link below and view the CloudWatch video. https://aws.amazon.com/cloudwatch/ (Links to an external site.)
- In this assignment, students are expected to perform some research on Amazon CloudWatch. Submit a proposal to your leadership on why you think your company should start using CloudWatch. Please keep this assignment to no more than one page. Use the below headers to assist you.
- CloudWatch Description
- Pro’s
- Cons
- Potential Use Cases that would be applicable and why (see web link above).
Week 7: Assignment – Final Project
- Due Oct 15 by 11:59pm
- Points 100
- Submitting a file upload
- Please review the below diagram, as well as refer to the course notes and text, and complete section 3.
- The diagram below illustrates interaction between two cloud service consumers (A and B) and two virtual servers (A and B) hosted on a cloud.
3. Based on the limited information provided in the depicted scenario, list 3 types of attacks that could potentially be carried out if any of the programs outside of the cloud were malicious. Provide a brief explanation justifying the threat of each proposed attack.
Here are some choices:
- Traffic Eavesdropping
- Malicious Intermediary
- Denial of Service
- Insufficient Authorization
- Virtualization Attack
- Overlapping Trust Boundaries
**Chapter 6 of the Erl book will help you greatly in completing this assignment.
Chapter 6 of the Erl book will help you greatly in completing this assignment. CMIT-280 Assignment Introduce Yourself , CMIT-280 Assignment Week
