| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 5.99 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
O atual interesse na computação em nuvem tem levado a uma maior adoção deste tipo de soluções por todo o tipo de utilizadores, desde entusiastas até empresas multinacionais. No que toca à implantação de soluções informáticas, este ambiente veio descer consideravelmente a barreira de entrada neste mercado. Porém, com este novo ambiente o utilizador final tem um controlo muito reduzido sobre a sua infraestrutura e os seus recursos na rede, especialmente quando comparado a uma implantação tradicional on-premise. Sendo o perímetro de segurança intangível neste tipo de soluções, a manutenção e operação de um sistema informático na nuvem afugenta muitos potenciais utilizadores e coloca em risco a informação dos seus utilizadores atuais, frequentemente consequência de configurações fracas. Através do trabalho desenvolvido nesta dissertação, pretendem-se identificar controlos de segurança a aplicar em soluções informáticas hospedadas na nuvem, tendo por base os documentos ISO/IEC 27001 e 27017. Com os controlos de segurança levantados, será feito um levantamento do estado da arte atual na manutenção e operação segura de aplicações e sistemas informáticos. Com os controlos de segurança e as boas práticas identificadas no estado da arte claramente delineados, será desenvolvida uma aplicação para efeito de prova de conceito que será implantada em nuvem fundamentada nos controlos de segurança analisados. Finalmente, a prova de conceito será avaliada através de ferramentas de análise de vulnerabilidades, de testes de penetração e o projeto como um todo será avaliado através de um inquérito de satisfação.
A growing interest in cloud computing has led to a greater adoption of this type of solution by all kinds of users, from enthusiasts to multinational corporations. When it comes to deploying IT solutions, this environment has considerably lowered the entry barrier into this market. However, within this new environment the end user has very little control over their infrastructure and their network resources, especially when compared to a traditional onpremise deployment. As the perimeter security of this type of solutions is intangible, the maintenance and operation of an information system in the cloud scares away many potential users and places the information of its current users at risk, often because of weak configurations. Through the work in this dissertation, we intend to identify security controls to be applied in computer solutions hosted in the cloud, based on the ISO/IEC 27001 and 27017 standards documents. Having identified the security controls, a survey on the state of the art will be done on the maintenance and operation of secure IT applications and systems. With the security controls and best practices identified in the state of the art clearly outlined, an application will be developed as a proof of concept, which will be deployed in the cloud founded on the security controls previously analyzed. As the final step, the proof of concept will be evaluated through vulnerability analysis tools, penetration tests and the project as a whole will be evaluated through a satisfaction survey.
A growing interest in cloud computing has led to a greater adoption of this type of solution by all kinds of users, from enthusiasts to multinational corporations. When it comes to deploying IT solutions, this environment has considerably lowered the entry barrier into this market. However, within this new environment the end user has very little control over their infrastructure and their network resources, especially when compared to a traditional onpremise deployment. As the perimeter security of this type of solutions is intangible, the maintenance and operation of an information system in the cloud scares away many potential users and places the information of its current users at risk, often because of weak configurations. Through the work in this dissertation, we intend to identify security controls to be applied in computer solutions hosted in the cloud, based on the ISO/IEC 27001 and 27017 standards documents. Having identified the security controls, a survey on the state of the art will be done on the maintenance and operation of secure IT applications and systems. With the security controls and best practices identified in the state of the art clearly outlined, an application will be developed as a proof of concept, which will be deployed in the cloud founded on the security controls previously analyzed. As the final step, the proof of concept will be evaluated through vulnerability analysis tools, penetration tests and the project as a whole will be evaluated through a satisfaction survey.
Description
Keywords
Computação em nuvem Segurança informática Segurança em profundidade Segurança na nuvem Amazon Web Services Terraform Cloud computing Information Security Defense in depth Cloud Security