Chapter 7
By Susan Rokicki
Summary
Cloud Computing is a flexible computing service that provides shared data storage, applications or services to multiple clients over the internet. There are 4 different cloud computing service which are IaaS, PaaS, SaaS, and XaaS. There are 4 type of deployment models, which is public cloud, private cloud, community cloud, and hybrid cloud. It’s possible to connect to a network through remote access through 3 methods, which is Point-to-Point, VPNs, and Remote Terminal Emulation. Serial Line Internet Protocol (SLIP), which was an earlier protocol, is replaced by PPP Protocol. VPNS can be categized into two models which is site-to-site VPN and client-to-site VPN. A device called VPN concentrator can maintain more than a few continuous, instant VPN connections. There are two current primary encryption techniques that the VPN use which is IPsec and SSL/TLS. VPN is an encryption device. A VPN tunnel is an encrypted connection between your device and the server of your VPN service. There are a couple of VPN tunneling protocols which is Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Generic Routing Encapsulation(GRE). PPTP is no longer considered secure, therefore it’s best to use L2TP in combination with IPsec or SSTP. Terminal Emulations allows the client to control the host or server across a network connection, and an example of terminal emulation is join.me. Cloud computing and remote access both require the use of encryption techniques. The most popular type of encryption involves encoding the original bits using a key, and then generating a unique data block. There are two types of key encryption which is Private and Public. IPSEC (Internet Protocol Security) involves five steps that must be taken to create secure connection which is IPsec initiation, key management, security negotiations, data transfer, and termination. Secure Sockets Layer(SSL) and Transport Layer Security(TLS) are both methods that involve encrypting TCP/IP transmissions through a route between the client and server which uses the public key encryption technology. SSL VPN is a VPN that is shaped to support SSL transmissions to and from services that run on its own protected network. SSH (Secure Shell) can encrypt data and do some similar like Telnet, which is it can securely log into a host, execute commands on the host, and copy files to or from that host. Secure File Transfer Protocol (STFP) uses SSH for its encryption. Hashing is not the same thing as encryption; it transforms data from one format to another. There are two types of Hashes which is MD5 and SHA. There is a group of protocols which are referred to as AAS (authentication, authorization, and accounting. The most popular AAS protocol is RADIUS. Other types of AAS protocols is TACAS+, CHAP. CHAP can operate over PPP. EAP cannot perform encryption or authentication on its own. The 802.1X(EAPoL) is replaced by 802.11i to include the subset standard WPA (WPA2 replaces it). WPA relies on an encryption and management structure called TKIP which gets replaced by AES. There is a process called MFA that requires 2 or more information to verify your identify is who you claim it to be, which is a good security measure. It’s best to use a long, and secure password not an easy-to-remember password.