Experiment 4

Aim:
Study Infrastructure as a Service
Theory:
1. Prepare a detailed study of Infrastructure as a Service Infrastructure as
a Service | IaaS is also known as Hardware as a Service (HaaS). It is one of the
layers of the cloud computing platform. It allows customers to outsource their IT
infrastructures such as servers, networking, processing, storage, virtual
machines, and other resources. Customers access these resources on the
Internet using a pay-as-per use model. In traditional hosting services, IT
infrastructure was rented out for a specific period of time, with pre-determined
hardware configuration. The client paid for the configuration and time, regardless
of the actual use. With the help of the IaaS cloud computing platform layer,
clients can dynamically scale the configuration to meet changing requirements
and are billed only for the services actually used. IaaS cloud computing platform
layer eliminates the need for every organization to maintain the IT infrastructure.
IaaS is offered in three models: public, private, and hybrid cloud. The private
cloud implies that the infrastructure resides at the customer-premise. In the case
of public cloud, it is located at the cloud computing platform vendor's data
center, and the hybrid cloud is a combination of the two in which the customer
selects the best of both public cloud or private cloud.
IaaS provider provides the following services -
a) Compute: Computing as a Service includes virtual central processing units and
virtual main memory for the Vms that is provisioned to the end- users.
b) Storage: IaaS provider provides back-end storage for storing files.
c) Network: Network as a Service (NaaS) provides networking components such
as routers, switches, and bridges for the Vms.
d) Load balancers: It provides load balancing capability at the infrastructure layer
Infrastructure as a Service
Some important point about IaaS cloud computing layer
a) IaaS cloud computing platform cannot replace the traditional hosting method,
but it provides more than that, and each resource which are used are predictable
as per the usage.
b) IaaS cloud computing platform may not eliminate the need for an in-house IT
department. It will be needed to monitor or control the IaaS setup. IT salary
expenditure might not reduce significantly, but other IT expenses can be
reduced.
c) Breakdowns at the IaaS cloud computing platform vendor's can bring your
business to the halt stage. Assess the IaaS cloud computing platform vendor's
stability and finances. Make sure that SLAs (i.e., Service Level Agreement)
provide backups for data, hardware, network, and application failures. Image
portability and third-party support is a plus point.
d) The IaaS cloud computing platform vendor can get access to your sensitive
data. So, engage with credible companies or organizations. Study their security
policies and precautions. Top Iaas Providers who are providing IaaS cloud
computing platform.

Advantages of IaaS:
 Reduced Cost:
IaaS provides on-demand computing resources at a fixed cost, which can be used
to run applications and get certain services done. It is beneficial for companies
that have high demand for computing power but do not have the budget for
buying physical infrastructure. IaaS also reduces the time and money spent on
managing the infrastructure, as well as provides scalability and Disaster
Recovery (DR) capabilities. IaaS can also be utilized to host websites, web
applications, and online stores.

 Improved Security:
Cloud computing offers many benefits for business, including improved
productivity and reduced costs. However, one of the most compelling reasons to
move to the cloud is the added security it offers. When your business data is
stored in the cloud, you have the ability to access it from anywhere, on any
device. This provides you with the ability to work from any location, at any time,
with no local reliance on IT.
 Disaster Recovery (DR):
Disaster Recovery (DR) is the process of recovering from a natural or human-
caused event that affects a local area, organization, or data center, and the
ability of the organization to recover data and services within a given amount of
time. DR is a critical function of all IT environments, but especially of cloud
environments, where service provisioning is performed over a network.
 Support:
IaaS (Infrastructure as a Service) is a cloud-based system that stores data in one
or more storage repositories. It offers a web-based interface for managing,
accessing, and transferring data. This allows consumers to access their
information from any device.
 Uptime:
The importance of uptime cannot be overstated. It refers to a cloud service‘s
capacity to be available to your company 24 hours a day, seven days a week.
Cloud companies can guarantee you more than 90% uptime, and the only time
they can’t is if their own server, network, or data centers go down. This is
advantageous to any company.
 Improves business productivity:
Small and medium-sized businesses (SMBs) can benefit from IaaS because they
don’t have to invest in or manage the underlying hardware. It boosts business
productivity by allowing them to scale operations as needed without missing
deadlines. Furthermore, IaaS is a versatile solution that can be tailored to meet
changing business requirements

Disadvantages of IaaS:
 Security Risks:
It is easy for hackers to break into a cloud computing environment because it is
not as secure as a physical server. If the system is on a local network, then it is
far more secure. However, this advantage of a cloud computing environment
also has its disadvantages, such as lack of control over the resources.
 Unexpected Cost:
IaaS is typically cheaper than buying the same services in a packaged format.
However, the cost of using IaaS services can increase unexpectedly, which can
make IaaS appear even more expensive than traditional services. For example,
IaaS providers typically use a formula to calculate how much bandwidth you use
each month. If your usage increases, your bill can increase even if you’ve never
used more services.
 Dependency on Third-Party Service Provider:
IaaS is a great choice for many organizations, but it comes with its own set of
challenges. One of the biggest challenges is how dependent you are on the
provider. In the case of Amazon Web Services (AWS), the company owns the
hardware, so it is the sole provider of your computing resources. When you use
IaaS, you are paying for the computing resources in addition to paying for the
operating system, software applications, and data storage.
 Technical Problems:
The technical problems of IaaS are caused by the lack of a standardization of the
cloud environment. Cloud service providers have not yet standardized on the
following aspects of their cloud environments: networking, service models,
security, and network architectures

3. Study security issues in IaaS

Misconfiguration. In my experience, this is one of the most common cloud
security missteps around: when setting up a new cloud server or even a simple
storage bucket, IT staffers often don’t properly configure their authentication or
security standards, leaving potentially sensitive information vulnerable to
unauthorized access. This is almost always a question of user error, typically on
the part of the client – so always remember to double-check all security settings
with your new IaaS provider for optimal cloud data protection… and if you’re not
sure if you’ve properly configured things? Ask an expert.
Changes in visibility. This isn’t necessarily a risk unto itself but is rather a
compounder of other risks. For an IT team, you will never have as much visibility
into an IaaS environment as an on premises one that is completely controlled by
your organization. Even the most transparent IaaS providers cannot offer the full
visibility of an on-premises server, which means your ability to detect and
respond to threats may be impaired or delayed. I recommend protecting your
organization by partnering with a cloud service provider with a proven track
record of rapid response to newly found threats and vulnerabilities.
Blocking data exfiltration. Because a client is not in full control of the server
environment, it may be difficult to block exfiltration to someone without
legitimate credentials – or who is using legitimate credentials illicitly. Mitigate
this risk by having additional control measures in place to monitor the use of
privileged accounts and movement of data outside of an established baseline.
Cloud email isn’t as secure. Cloud email platforms have many of the same
vulnerabilities as other email products – chief among them is a vulnerability for
human error. These email platforms also typically offer less robust protection
than secure email gateway products, which don’t typically translate well to the
cloud. I can count scores of times recently where emails that clearly should have
never made it to my inbox ends up with me having to report it to the cloud email
provider as a phishing email.
Different points of vulnerability. When transitioning to a cloud environment, it’s
very popular for developers to do what’s called a “lift-and-shift,” i.e., simply
deploying all existing apps and solutions on the cloud as though it were the on-
premises server. This is common because it is cheaper to use extant solutions
rather than adopt or develop new ones. It also results in fewer interruptions to
productivity as employees can continue using tools to which they’re accustomed.
However, a lift-and-shift deployment neglects to account for there being different
points of vulnerability in a cloud environment as opposed to an on-premises one.
Specialized tools may not work as well, if at all. Consequently, any infosec team
used to rely on a given set of tools may find themselves blindsided by things
they didn’t expect and scrambling to respond.
Physically different locations. Every single interaction from a team working in an
IaaS environment goes over the Internet. An environment can become
exponentially more complex if the cloud servers aren’t in the same data center.
For example, suppose an enterprise expects a sudden need for extra capacity
and purchases more from their platform provider, but there is no more room in
their extant data center so the new applications and computers must be in a
physically different one. In theory, employees should notice little to no
difference, but these additional locations mean that there must be additional
firewall or routing rules to handle traffic accordingly. Complexity is the enemy of
security – more points for failure, especially given point #1.
Compliance and regulation differences. This is particularly true for business that
does business internationally or with governments around the world and may be
required to follow certain regulations or compliance protocols that their cloud
providers might not be. If your IaaS provider isn’t in compliance, you might not
comply, and so it’s imperative to check. For example, certain nations require the
use of sovereign crypto algorithms that aren’t in use elsewhere. Does your IaaS
provider support them? Ask. You’re responsible for your IaaS provider’s mistakes.
This isn’t so much one of our cloud security challenges as it is a closely related
PR problem. If a cloud provider security breach that puts your business’ data at
risk – more specifically, your customers’ data at risk – then the fact that it wasn’t
your fault may be cold comfort. Your customers will be angry at you for exposing
them to potential fraud, and regulatory bodies aren’t likely to care much whose
fault it was, only that the data that you were supposed to protect has been
exposed. Thus, it is critical that in each step in the process, you focus on IaaS
cloud data protection as much as is feasible.

Activity
Use AWS EC2, to create a Linux/Windows VM and configure it.
a) Login to the AWS account