Mcafee hacker intercepting traffic message

Cloud Computing

Chapter 9

Securing the Cloud

Learning Objectives

List the security advantages of using a cloud-based provider.

List the security disadvantages of using a cloud-based provider.

Describe common security threats to cloud-based environments.

Physical Security

IT data centers have been secured physically to prevent users who do not have a need to physically touch computers, servers, and storage devices from doing so.

A general security rule is that if an individual can physically touch a device, the individual can more easily break into the device.

Advantages of Cloud Providers with Respect to Security

Immediate deployment of software patches

Extended human-relations reach

Hardware and software redundancy

Timeliness of incident response

Specialists instead of personnel

Disadvantages of Cloud-Based Security

Country or jurisdiction issues

Multitenant risks

Malicious insiders

Vendor lock in

Risk of the cloud-based provider failing

Real World: McAfee Security as a Service

McAfee now offers a range of security solutions that deploy from the cloud. The solutions protect e-mail (spam, phishing, redirection, and virus elimination), websites, desktop computers, mobile devices, and more.

Data Storage Wiping

Within a cloud-based disk storage facility, file wiping overwrites a file’s previous contents when the file is deleted.

Denial of Service Attacks

A denial-of-service attack is a hacker attack on a site, the goal of which is to consume system resources so that the resources cannot be used by the site’s users.

The motivation for and the implementation of denial-of-service attacks differ.

Simple Denial of Service

:Loop

ping SomeSite.com

GOTO Loop

While responding to the ping message, the server can handle fewer other requests.

Distributed Denial of Service (DDOS) Attack

A distributed denial-of-service (DDoS) attack uses multiple computers distributed across the Internet to attack a target site

Packet Sniffing Attacks

Network applications communicate by exchanging network packets. Each computer within a wired network examines the message address to determine if the message is for an application it is running.

Packet Sniffing Continued

A hacker can write code that lets his system examine the content of each packet that travels past it.

Within a wireless network, hackers can simply monitor the airways to intercept packets.

The cloud, because it allows users to connect to applications from anywhere, increases potential risks. Users may connect from an insecure network or a network in which the wireless traffic is being monitored.

The best defense against a packet sniffing attack is to use secure (encrypted) connections.

Man-in-the Middle Attack

Within a man-in-the-middle attack, a hacker intercepts the messages a user and system are exchanging. The hacker can view and/or change the message contents.

Monitoring Device Screens

Years ago, when employees accessed sensitive or confidential data only from within their office, the data was better physically protected from prying eyes.

The cloud, however, extends the delivery of such data to users who are any place, at any time, and often to any device.

The net result is that within a busy coffee shop or an airport, strangers can see data ranging from human-relations information or customer sales data to student grades, and more.

Malicious Employees

Companies spend considerable amounts of money trying to protect their data and communications from hackers.

IT staffs deploy firewalls, use encryption, monitor network traffic for intrusion, and much more. With all of these security features in place, the most difficult challenge for a company to defend itself against is a malicious employee.

Malicious Employees Continued

Developers, for example, have access to databases, and IT staff members have access to various system passwords, which means that each may have access to human-relations data, payroll data, e-mail content, and so on.

By shifting data to the cloud, you move sensitive data away from your own employees.

Hypervisor Attack

When you virtualize a server, each server operating system runs on top of special virtualization software called the hypervisor.

Hypervisor developers such as VMware and Microsoft constantly focus on ways to lock down and secure the hypervisor to reduce risks.

The hypervisor will remain an attractive hacker target as companies continue to virtualize solutions.

Hypervisor Attack Continued

Hackers refer to the process of taking over the hypervisor as a hyperjacking attack.

To reduce the chance of a hypervisor being taken over by malicious code the underlying hardware may assign a state value, like a cyclic redundancy check (CRC), to the hypervisor. If this value changes, the hardware can detect that the hypervisor has been attacked or replaced.

Guest Hopping Attack

Hackers refer to an attack from one guest operating system to another as a guest hopping attack.

Real World: Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization, the goal of which is to promote education of cloud security issues.

The Cloud Security Alliance consists of a large coalition of cloud practitioners, companies, associations, and other cloud stakeholders.

SQL Injection Attack

Many web applications present forms that users must complete by filling in fields and then submitting the form contents for processing.

The application that receives the form data often stores the data within an SQL database.

SQL Injection Attack Continued

An SQL-injection attack occurs when a malicious user inserts one or more SQL queries within one or more of the fields. For example, rather than simply typing in his or her last name, the hacker might type the following:

Smith; DROP DATABASE EMPLOYEES;

Depending on how the database uses the user input, the processing may result in the execution of the injected SQL, which in this case would delete the database of the company’s employees.

SQL Injection Attack Continued

Many cloud-based software as a service (SaaS) solutions are multitenant applications, which means different customers may share underlying resources such as a database.

If the SaaS application falls victim to SQL injection, it might be possible for a user in one company to view, change, or destroy the data of another company.

Real World: ENISA

The European Network and Information Security Agency (ENISA), based in Greece, promotes cybersecurity best practices. Within the ENISA website, you will find a broad range of papers and reports on a variety of security topics.

Improving Physical Security through Colocation

By using colocated, replicated hardware and software, cloud solution providers reduce many threats to IT resources.

Key Terms

Chapter Review

List the security advantages of cloud-based solutions.

List the security disadvantages of cloud-based solutions.

Define and discuss the data wiping process.

Discuss how a cloud-based solution provider may reduce the risk of a DDoS attack.

Define and discuss hyperjacking attacks.

Define and discuss guest-hopping attacks.