SAN'S IT JOURNEY

This week, we went over how Networking works in Cloud Computing. In traditional Networking, there are physical devices like routers and Switches, and the networking models like TCP/IP. In the cloud, Software-defined Networking (SDN) is used to implement some networking concepts. The model that is used in the Cloud for networking is called Cloud Stack model, the model includes physical layer (managed and maintain by the CSP), Virtualization layer (responsibility of CSP), Network layer (this is where the SDN is functional and this is where access control, security and other services are managed), image or OS layer (workload, data processing happens here) and Application layer (firewall and load balancing happens here). Some concepts from traditional networking do carry over, such as IP addresses and subnetting. Although different CSP handles things differently, for example, AWS offers both private and public IP addresses; on the other hand, Azure doesn’t offer that.  There is als...

In Chapter 7, the author covers many attack types, including Injection, Buffer Overflow, Privilege Escalation, Authentication, and Rootkit attacks. ·        An injection attack is when an attacker executes malicious code or an operation in an interpreter, tricking it into executing it. Some examples are SQL Injection and cross-site Scripting.   ·        Buffer Overflow is a type of attack that takes advantage of a software vulnerability by intentionally writing more data to the memory than it can handle, causing the data to spill into another memory location, corrupting the data, and causing the process to crash, crashing the application. ·        Privilege Escalation is when an actor exploits a system vulnerability or human error to gain unauthorized access and elevate their access from low-level to privileged, allowing them to cause damage or steal data. ·     ...

  This week, we learned about the various decision-making processes involved in migrating to the cloud. The book talks about five major phases of the migration process: Assess, Plan, Migrate, Validate, and Manage . While assessing and before initiating the migration process, it is essential to establish a baseline of the network, operating system, and other key performance indicators. It is essential to minimize the impact of downtime and maximize network bandwidth availability during the migration. After the planning process is done, there are various ways to execute it; the common migration processes are P2V, V2V, V2P & P2P. Amazon also provides a migration truck to make the process. The book also discusses deploying the migration and validating it to ensure that it is working through various types of testing, including functional testing, performance testing, load testing, and others. 

    In week 2, the chapter covered the different types of hypervisors and how hardware resources work within them.    The chapter covers type 1 (bare-metal) and type 2 (host-based) hypervisors, explaining their differences. Although most of the information wasn’t new to me, what I like about the book is the depth it delves into discussing why it’s important to understand the allocation of hardware resources and how they function. For example, the virtual allocation of the GPU happens in two approaches: pass-through and virtual or shared. In pass-through, the GPU can only be used by one VM at a time. In virtual or shared mode, the resources are artificially divided into portions that can be allocated simultaneously to multiple VMs. It was interesting to learn about the concept of  ballooning , which is basically when the guest OS releases some of its RAM so the hypervisor can allocate it elsewhere. The chapter also covers alternative VM options, such as serverles...

  In week 2, we learned about vulnerability management activities and tools for managing vulnerabilities. The chapter covered various considerations before running the scans, including defining the scanning parameters and criteria. The chapters focused on many parameters like the risk associated with scanning activities since there are lots of things that need to be done before running the activities, like the data classification, the impact of the scan that can happen in the current business, and ensuring the firewall doesn’t interfere with the scan or the scan doesn’t mess with the firewall settings vice versa. The chapter discusses the remediation of vulnerabilities once the scan is complete, including the remediation process, such as prioritizing vulnerabilities, patching, and hardening them. After reading the chapters, I learned that running a vulnerability scan is not that simple and requires thoughtful, methodical planning involving the entire senior leadership and the c...

Hello everyone, my name is Santosh Pradhan, and I am currently pursuing an undergraduate degree in information technology at Bellevue University. Prior to pursuing my degree, I had no prior experience, except for the basic troubleshooting that everyone learns. So far, I have learned a great deal about networking, basic information technology, and some cybersecurity concepts. I have had prior experience with the security side of studying. I have taken an intro to cyberthreat and Network security class before. Through the class, I have learned about the Zero Trust framework, the CIA triad, and other security concepts. I hope to build on my foundational knowledge, and throughout the semester, I will share my experiences here. 

Hello everyone, my name is Santosh Pradhan, and I am currently pursuing an undergraduate degree in information technology at Bellevue University. Prior to pursuing my degree, I had no prior experience, except for the basic troubleshooting that everyone learns. So far, I have learned a great deal about networking, basic information technology, and some cybersecurity concepts. Although most of the courses have covered virtualization and cloud computing to some extent, none of them have provided full details. I am excited to learn about cloud computing and its governance.  As the semester progresses, I will update the blog on a weekly basis and share my experiences with you.