3. Agenda
Cloud Computing
• What is cloud computing?
• Cloud Computing Infrastructure Models
• Architecture layers of Cloud Computing
• Cloud Computing characteristics
Network/Security Aspects of Cloud Computing
• Network/Security issues based on architecture types
• Network issues on cloud computing
• Security issues on cloud computing
4. What is Cloud Computing?
• services that provide common business applications online,
which are accessed from a Web browser, while the
software and data are stored on the servers; a style of
computing in which dynamically scalable and often
virtualized resources are provided as a service over the
Internet
Source: Wolfram Alpha
• Cloud computing is the use of computing resources
(hardware and software) that are delivered as a service
over a network (typically the Internet).
Source: Wikipedia
6. Cloud Computing
Infrastructure Models
• Public Cloud
• AWS, Google App Engine
Win Azure
• Private Cloud
• Premised or external hosted
• For one client
• Control data, security & QoS
• Hybrid Cloud
• Cloud Bursting
• Provide on-demand, externaly provisioned scale
7. Architectural Layers of
Cloud Computing
• Saas (Software As A Service)
• Provides resources (apps or storage)
• Free or pay-per–usage model
• Gmail, Github, Dropbox
• PaaS (Platform As A Service)
• Provides development platform
• Heroku, OpenShift, Google App Engine, Win Azure
• IaaS (Infrastructure As A Service)
• Offer hardware related services
• Amazon EC2, Rackspace, Flexiscale
10. Software As A Service
Application
Application
Middleware Database
Server
Operating System
Hypervisor
Storage
CPU Networking Backup
YOUR DATA
Datacenter (Power, Cooling, Physical Security)
Your Their
Problem Problem
11. Platform As A Service
Your Application
Application
Middleware Database
Server
Operating System
Hypervisor
CPU Networking Storage Backup
Datacenter (Power, Cooling, Physical Security)
Your Their
Problem Problem
12. Infrastructure As A Service
Your Application
Your
Your Your
Application
Middleware Database
Server
Your Operating System
Hypervisor
CPU Networking Storage Backup
Datacenter (Power, Cooling, Physical Security)
Your Their
Problem Problem
13. Network Issues
• DoS ( Denial of Service or Distributed denial-of-attack)
• overflows a server with
frequent request of services
Methods
- Smurf attack
- SYN flood
- Teardrop attacks
14. Network Issues(cont.)
• Man in the Middle Attack
• An attacker splits connection and rejoin with the
attackers own computer system
• SSL is not properly configured
15. Network Issues(cont.)
• Network Sniffing
• hack passwords that are not properly encrypted during
communication
• a self contained software program or a hardware device
16. Network Issues(cont.)
• Port Scanning
• sends client requests to a range of server port addresses
on a host
• To search an active port and vulnerable services
17. Security Issues
• XML Signature Element Wrapping (Wrapper attack)
• Attacker rewrite SOAP request that already signed by using a
wrapper block
• Well known web service attack
19. Security Issues(cont.)
• Data Stealing Problems
• User account and password are stolen by any means
• Accountability Check Problem
• “No use No bill” payment method
• an attacker has engaged the cloud with a malicious
service or runs malicious code
First part- intro about the architecture, infrastructure, characteristic of cloud computing.After that, explain about the security concerns of cloud computing
CC & Virtualization-buzz word in the world of web technologyCan access anywhere without no installationCentralized data storage and bandwidth
1-monotholic2.Client server3.Web based4.SOA-serice oriented architecture: application to communicate over standard-based web protocols 2006-amazon web services 2007-resarch by google and ibm 2010-MS azure5.CC
Public clouds are run by third parties, and applications from different customers are likely to be mixed together on the cloud’s servers, storage systems, and networks. Public clouds are most often hosted away from customer premises, and they provide a way to reduce customer risk and cost by providing a flexible, even temporary extension to enterprise infrastructure.Private clouds are built for the exclusive use of one client, providing the utmost control over data, security, and quality of service. The company owns the infrastructure and has control over how applications are deployed on it. Private clouds may be deployed in an enterprise datacenter, and they also may be deployed at a co-location facility.Hybrid clouds combine both public and private cloud models. They can help to provide on-demand, externally provisioned scale. The ability to augment a private cloud with the resources of a public cloud can be used to maintain service levels in the face of rapid workload fluctuations.
Saas-broad market, most of the stuffs use by browser- SaaSUsers can access a software application hosted by the cloud vendor on pay-per-use basisIaas- hardware-server, storage
interxion1.Preventing data loss2. preventing outages3. keeping security up to dateAttack in cloudsMulti tanency and resource pooling modelsBased on the deployment models we choose, the problems or the component you have control over is different.Cloud computing runs on network infrastructure.so, it is open to network attack. some of the wellknown attacks are
Dos-Server can’t respond to normal userspurpose is to decrease server performance by using computational resources,Smurf attack- icmpflooding broadcast to a victim’s network using broadcast addressSyn- flood tcp/syn packets with a faked address, half-open connectionTeardrop-sending invalidpackets with overlapped ip fragment and crash the systemPrevent-setup firewall,IPS,switches,routers ,reduce the privileges of users
Man In the Middle attack refers to a technique where a malicious attacker splits a connection between two computers and rejoins the connections with the attackers own computer systemin this attack, the attacker takes over the role of a device between you and the system you are talking to. This device could be a router, where the attacker confuses the switch ARP table and has data destined for the router to be sent to her. Then she relays the data to the router.To prevent-use mutual authentication techniques such as PKI, one-time pads
It’s a diagnosis tool for network engineersmethods-install sniffing tool to network devices or programTo prevent: anti-sniffer software to find
Purpose is to find an active port Countermeasure -port scan attack detector and firewall
SOAP- envelope structured First, envelope with plain header and body requesting serverServer reply with header info and signatureHTTPS is hardly ever used when these methods of securing the data in transit are in place. It is also not very common for the whole request to be encrypted or signed because it can have an effect on performance.To fix this, apply W3C’s “XML Signature Best Practices” and STAMP bit
Counter measure for this attack isauthenticity check for received messages.
Send email to customer every session ends with next login password