AI/ML Basics Simply defined, Artificial Intelligence (AI) is a field of Computer Science where Systems are taught and can simulate intelligent and/or predictive behavior and/or activities using programs and technology. Machine Learning (ML) is a subspecialty of AI by which a computer improves its own performance by continuously incorporating new data into its statistical model. An Artificial Neural…
Category: security
QuickGuide: Security on OCI
OCI’s native capability to obtain packet capture and monitor flow data between components Each compute instance in a VCN has one or more Virtual Network Interface Cards (VNICs). The OCI Networking service uses Security Lists to determine what traffic is allowed through a given VNIC. The VNIC is subject to all rules in all security…
The Cloud Management Plane
The management plane controls the entire infrastructure. Parts of it will be exposed to customers independent of network location, so it is a prime resource to protect. Its graphical user interface, command line interface (if any), and API need to have stringent and role-based access control. In addition, logging of all relevant actions in a…
Secure Installation and Configuration of Virtualized Cloud Datacenters
Secure configuration of the virtualization management toolset is one of the most important steps when building a cloud environment. A compromise of the management tools may allow an attacker unlimited access to the virtual machine, the host, and the enterprise network. Therefore, the management tools must be securely installed and configured and adequately monitored. NOTE:…
Cloud Datacenter: Hardware-specific Security Configuration Requirements
The data center should have hardware and virtualization protections at the component level. Virtual private cloud (VPC) protection is a fundamental protection in public cloud consumption as well as a key attribute of security groups. Hardware-based tools that include Trusted Platform Modules also feature in the suite of logical and physical data center security. Best…
Countermeasure Strategies: Cyber Kill Chain
In the world of cybersecurity nefarious acts are often caught after the exploitation of systems has occurred. Depending on the gravity of the exploitation, it can lead to thorough investigations that may be operational (within an organization), criminal, and tort (recovery of financial damages). The findings of the investigation can lead to an assessment that…
Countermeasure Strategies: Zero Trust Model
Before an organization selects specific technology and service solutions, they first need to contemplate a complete enumeration of imperative or critical business functions/services and what threats exist to resiliency of those functions/services. The adoption of a strategy to combat those threats may not mean selecting a specific tool but rather may mean adopting a selected…
Risks Related to the Cloud Environment: Vulnerabilities, Threats, and Attacks
Knowing the top threats to cloud computing, allows an organization to reduce attack surfaces by selecting appropriate countermeasures. Strategies like a Zero Trust architecture and imagining the cyber “kill chain” before an incident occurs can lead to successful protection. As the commoditization of cloud services increases, so does the attention and capability of criminal enterprises…
Uptime Institute’s “Data Center Site Infrastructure Tier Standard: Topology”
The Uptime Institute is an unbiased international advisory organization and a leader in data center design and management. The institute’s “Data Center Site Infrastructure Tier Standard: Topology” document provides the baseline that many enterprises use to rate their data center designs. The document describes a four-tiered architecture for data center design, with each tier including…
Secure Cloud Data Center Design – Part 3
Physical and Environmental Protection ISO/IEC TS 22237-2 Protection and Availability Classes ISO/IEC TS 22237-2 lists multiple layers of security referred to as classes. Each class has a guidance profile that specifies the proper controls that should exist at each layer. Outer layers have less stringent control guidance than inner layers. The two topics of control…