Describe the three models of cloud computing based on NIST clouding computing reference architecture. List advantages and disadvantages of each model.
The National Institute of Science and Technologies (NIST published the Cloud Computing Architecture. The architecture includes three service models as follow:
a. Software as a Service (SaaS):
In this model, users are able to run the software on their own platform and do not need to worry about the lifecycle of the software maintenance.
It is method for conveying software applications to the end-user over the internet.
For example: MS Office suits.
– Lower cost – SaaS is the most cost-effective Cloud service.
– Quick set up and deployment: SaaS requires insignificant arranging and is anything but difficult to set up as applications. They are normally straightforward in use and readymade.
– Rapid deployment as the software is completely provisioned on demand.
– Users do not need to worry about the management of applications, as this is altogether taken care of by the provider.
– Software is typically extremely steady, as it is upheld by the Cloud provider’s large infrastructure and IT group.
– Lack of control: The customer has no control over the system processing of its data.
– No control over the parameters of software, little control over deployment, upgrade and testing methodology.
– Has full access to customers’ data
– In the event that an individual’s web access falls apart, he/she will lose access to their software or data.
– Since SaaS is winding up more mainstream, there are as yet numerous applications that do not offer a hosted platform
– Only a limited number of software solutions are offered as SaaS.
b. Platform as a Service (PaaS): In this model, users do not own the platforms, yet owns software that can be created, tested and deployed on the service provider’s platform. This service model is dedicated to application developers, testers, and administrators. Fundamentally, PaaS is a cloud delivery model for applications made out of services oversaw by a third party.
For example: Google – In this example, users do not need to purchase a computer, yet login to Google utilizing tablet.
– Cost effective in contrast with IaaS.
– You can expedite your own particular software to run on the platform
– Full control over the users getting to the software
– Minimal management
– Improved support for integration with other systems
– There is a major security risk/has no influence over preparing/processing of data
– Possibly no control over platform depending on Cloud provider
– Platform is most likely a shared platform
– Management task can become time consuming and tedious
– Not as financially savvy as SaaS
c. Infrastructure as a Service (IaaS): In this model, consumer does not oversee or control the basic cloud infrastructure – however, it has control over operating systems, storage, deployed applications, and so on.
For example: Web Portal. Here, users own the platform, which has the web server application. However, the users do not need to worry about how clients reach the web server.
– Have full control over everything inside
– A customer can run anything they need to
– Full control of processing its data
– Simplifies integration with enterprise infrastructure
– The customer in essence can run and control its own virtual infrastructure with the overheads of cost and maintenance from running its own hardware.
– Most expensive
– Customer in charge of backups
– Unlike with SaaS or PaaS, customer is in charge of all parts of management
– Still, there is no control over which server
Q2: What are the major network management functions? (10 points)
The major network management functions as follow:
Network management function should include Operation, Accounting/Access Control, Maintenance, and Provisioning/Performance (OAMP). Network Management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of network systems (Wk8).
Planning is a major piece of Operation. Operations are the typical network operations, essentially figures out how to keep the system and administrations up to and running easily. This may incorporate every day and routinely minute care and encouragement of the data network arrange with a particular ultimate goal to ensure that is satisfying its outlines purposes. It moreover includes taking a gander at measured performance against objective and taking corrective action and involving maintenance.
a. Traffic Engineering
b. Availability, Reliability, Fault Tolerance
c. Congestion & Overload Control
Administrations are the assistance techniques performed on a system. The arrangement of exercises engaged with planning the system, preparing orders, assignment address, following with utilization change management and accounting. Basically, it includes observing resources in the network and how they are assigned.
a. Account configuration/billing
b. Accuses control
c. Monitoring, alarm/event notification
Maintenance is concerned with performing repairs and upgrades and performed to keep the network operating smoothly. This involves the unavoidable circumstances that emerge while everything does not function as arranges or when it is imperative to investigate what turned out severely and repair it.
a. Remote Access, Trouble shooting
b. Software/Hardware Upgrades
Provisioning is concerned with configuring resources to support services. This involves installing equipment and facilities, setting, parameters and verifying that the service is operational. It also involves de-installment. Performance measurement allows the IT staff to measure the overall performance and report error while she is willing to drive.
To conclude, the goal of network management is to manage networks, users, end devices, services or applications, media or businesses.
Q3: Compare SNMPv1, SNMPv2, and SNMPv3. (20 points)
Version: the first version of SNMP. Security features are lacking in SNMP v1
SNMP v2 introduced much needed security features.
SNMPv3 is the most current adaption of SNMP.
Added on more security features: authentication, privacy, and access control
SNMP v1 runs over UDP & IP.
SNMPv3 added User -Based Security Model (USM)
For SNMP v1, there are only 5 operations: Get Request, Get Next Request, Set Request, Get Response, and Trap.
For SNMPv2, there are also similar 5 operations: Get Request, Get Next Request, Set Request, Get Response, and Trap.
Other enhancements are: new data type, Structure of Management Information (SMI), manager-to-manager communication, Bulk Request, the Agent provides “Inform” notification, the Manager provides “Response” for acknowledgement, richer error codes, run over many protocol stacks, and enhanced table operations.
SNMPv3 uses SNMPv2 operations and its PDU message format
SNMPv1 do not allow SNMP Manager Processes to communicate with one another and also the SNMP Agent Process cannot communicate with one another.
SNMP Manager Process can communicate with one another
SNMP Manager Process can communicate with one another.
Totally based on Community-based design
Another big enhancement is that SNMPv3 added View-Based Access Control Model(VACM)
Performance and security limitations
More powerful but more complex than SNMPv1
SNMPv3 focuses on improving the security aspect.
Q4: Describe DiffServ Code Point (DSCP) (10 points)
Diff Serv is a computer networking architecture that specifies a simple, scalable and coarse-grained class-based mechanism for arranging, overseeing network traffic and providing QOS guarantees on Internet.
Differential Services (DiffServ) indicates the traffic characteristics, for example, real-time or none real-time, priority, preemption, etc. DiffServ ensures that important traffic is processed immediately.
DiffServ Code Point is a method for ordering and overseeing system activity and of giving nature of administration in current Layer 3 IP networks.
DiffServ Code Point (DSCP) is the 6 Least Significant bits (LSP) of the Class of Service field in the IP header. The other two bits of the DSCP is the Explicit Congestion Notification (ECN).
Q5: Describe the major Web application security issues and mitigation mechanisms. (10 points)
Web application have turned into a vital piece of a great many individual’s life in recent years. Individuals invested huge energy in Web application from computers and cell phones, look for data, speak with companions over web-based social networking, playing music or video clips, web-based saving money, and so on.
The Organization for Advancement of Structured Information Standard (OASIS) characterizes a gathering of standards to facilitate efficient usage of web services.
The standards are as follow:
a. WS- Policy
b. WS – Trust
c. WS – Privacy
d. WS- Authentication
e. WS – Federation
f. WS – Security Conversation
g. WS- Confidentiality, the languages (SAML) to characterize web services, and more.
The Simple Object Access Protocol (SOAP) is one the components to permit Web services to speak with each other. SOARP is an XML based lightweight protocol, defines message formats and methods for applications to communicate with one another, such as messaging systems, Remote Procedure Call (RPC), and Hypertext Transfer Protocol (HTTP).
Web services are the most favorable administration to the end users over the internet. They are additionally the most powerless substances, added to the dominant part of security incidents.
OASIS characterizes the Web-security benefits as recorded above are to improve the web security. XML is the language charactering the show and record positions for web administrations. XML firewalls or security entryways give the protection to the web administrations. XML firewalls or security gateways give the protection to the web administration. XML firewalls go about as proxies to approve or filter web administrations demands and shields the web servers from being attacked.
Q6: Describe the major Web peer to peer application security issues and mitigation mechanisms. (Hint: Wk4 lecture notes (10 points)
The major Web peer to peer application security issues as follow:
Applications are regularly named as Peer- to Peer mode.
The dominant part of applications is CS model. Consequently, there are moderately a couple of P2P applications and institutes are prohibiting P2P applications for the security downsides of P2P applications.
In Peer- to Peer model, each node can be a client, a server, or both. Right when a node initiates a service request, it is as a client. The node respond is a server.
There are no fixed connections or topologies. Nodes in and out of services dynamically. In most P2P systems, there is no configurations of the nodes. The biggest drawback is its less secure. It is failure to identify management, privacy, open ports, encryption, configuration, inspection, and sharing data. It is hard to oversee.
Peer – to – peer (P2P) applications are exceptionally unreliable. Government organizations use to deny P2P applications installed in their networks. The common P2P security concerns are:
a. Open ports
b. Real-time applications opening the ports in the firewall
c. Difficult to exchange security information
d. User identity and privacy
e. Sharing data
f. Improper configuration and no examination of the media.
Q7: Describe cellular mobile network and device management functions, (20 points) (week 9)
With contrasting both the MDM’s and cell devices, both have internal security benefits. However, having a service provider, for example, Verizon, T-Mobile or At&T will keep on providing added security efforts to these items for additional cost.
Mobile Devise Management: this can be utilized as a SaaS or an on premises solution to businesses. MDM’s provide distribution of applications, data and configuration settings for all types of mobile devices. On account of the request to cut cost in providing mobile devices to employees, BYOD has turned into the solution to many businesses. MDM provide a sense of security to the business enterprise of the mobile device while also maintaining the user’s personal privacy of the device (Week-11).
Comparisons of MDM’s and cell devices:
Samsung Galaxy 5s Android
Nokia Lumia Icon Windows phone