Deck 5: Network Access Control and Cloud Security

In using cloud infrastructures, the client necessarily cedes control to the CP on a number of issues that may affect security.

Cloud computing gives you the ability to expand and reduce resources according to your specific service requirement.

The threat of data compromise decreases in the cloud.

The NIST cloud computing reference architecture focuses on the requirements of "what" cloud services provide, not a "how to" design solution and implementation.

The Extensible Authentication Protocol supports multiple authentication methods.

For many clients, the most devastating impact from a security breach is the loss or leakage of data.

Network access control authenticates users logging into the network and determines what data they can access and actions they can perform.

The cloud provider in a private cloud infrastructure is responsible for both the infrastructure and the control.

Access requestors are also referred to as clients.

A network access server does not include its own authentication services.

A cloud broker is useful when cloud services are too complex for a cloud consumer to easily manage.

There is a decreasing trend in organizations to move information technology operations to a cloud computing infrastructure.

VLANs are common NAC enforcement methods.

EAPOL operates at the network layers and makes use of an IEEE 802 LAN, such as Ethernet or Wi-Fi, at the link level.

___________ includes people, processes, and systems that are used to manage access to enterprise resources by assuring that the identity of an entity is verified, and then granting the correct level of access based on this assured identity.

With a ________ infrastructure, the cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

__________ methods are the actions that are applied to ARs to regulate access to the enterprise network.

An __________ is a server computer that negotiates the use of a specific EAP method with an EAP peer, validates the EAP peer's credentials, and authorizes access to the network.

A _________ in an intermediary that provides connectivity and transport of cloud services from CP's to cloud consumers.

A _________ is an entity at one end of a point-to-point LAN segment that seeks to be authenticated by an autheticator attached to the other end of that link.

The ___________ functions as an access control point for users in remote locations connecting to an enterprise's internal network.

NIST defines three service models, which can be viewed as nested service alternatives: software as a service, platform as a service, and _________ as a service.

A __________ provides a form of NAC by allowing or denying network traffic between an enterprise host and an external user.

_________ is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

An _________ is an access point or NAS that requires EAP authentication prior to granting access to a network.

____________ is an EAP method for mutual authentication and session key derivation using a Pre-Shared Key.

__________ are third party audits of cloud services.

The Cloud Security Alliance defines _______ as the provision of security applications and services via the cloud either to cloud-based infrastructure and software or from the cloud to the customers' on-premise systems.

_________ defines how the TLS protocol can be encapsulated in EAP messages.