SlideShare una empresa de Scribd logo

Lecture26 cc-security1

A
Ankit Gupta

Cloud computing

Ingeniería
1 de 29
Descargar para leer sin conexión
CLOUD COMPUTING CLOUD SECURITY I PROF. SOUMYA K. GHOSH DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING IIT KHARAGPUR
2 Security - Basic Components  Confidentiality  Keeping data and resources hidden  Integrity  Data integrity (integrity)  Origin integrity (authentication)  Availability  Enabling access to data and resources
3 Security Attacks  Any action that compromises the security of information.  Four types of attack: 1. Interruption 2. Interception 3. Modification 4. Fabrication  Basic model: D Source Destination S
4 Security Attacks (contd.)  Interruption:  Attack on availability  Interception:  Attack on confidentiality S D S D I
5 Security Attacks  Modification:  Attack on integrity  Fabrication:  Attack on authenticity S D S D I I
6 Classes of Threats  Disclosure  Snooping  Deception  Modification, spoofing, repudiation of origin, denial of receipt  Disruption  Modification  Usurpation  Modification, spoofing, delay, denial of service
7 Policies and Mechanisms  Policy says what is, and is not, allowed  This defines “security” for the site/system/etc.  Mechanisms enforce policies  Composition of policies  If policies conflict, discrepancies may create security vulnerabilities
8 Goals of Security  Prevention  Prevent attackers from violating security policy  Detection  Detect attackers’ violation of security policy  Recovery  Stop attack, assess and repair damage  Continue to function correctly even if attack succeeds
9 Trust and Assumptions  Underlie all aspects of security  Policies  Unambiguously partition system states  Correctly capture security requirements  Mechanisms  Assumed to enforce policy  Support mechanisms work correctly
10 Types of Mechanisms secure precise broad set of reachable states set of secure states
11 Assurance  Specification  Requirements analysis  Statement of desired functionality  Design  How system will meet specification  Implementation  Programs/systems that carry out design
12 Operational Issues  Cost-Benefit Analysis  Is it cheaper to prevent or recover?  Risk Analysis  Should we protect something?  How much should we protect this thing?  Laws and Customs  Are desired security measures illegal?  Will people do them?
13 Human Issues  Organizational Problems  Power and responsibility  Financial benefits  People problems  Outsiders and insiders  Social engineering
14 Tying Together Threats Policy Specification Design Implementation Operation
15 Passive and Active Attacks  Passive attacks  Obtain information that is being transmitted (eavesdropping).  Two types:  Release of message contents:- It may be desirable to prevent the opponent from learning the contents of the transmission.  Traffic analysis:- The opponent can determine the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged.  Very difficult to detect.
16  Active attacks  Involve some modification of the data stream or the creation of a false stream.  Four categories:  Masquerade:- One entity pretends to be a different entity.  Replay:- Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.  Modification:- Some portion of a legitimate message is altered.  Denial of service:- Prevents the normal use of communication facilities.
17 Security Services  Confidentiality (privacy)  Authentication (who created or sent the data)  Integrity (has not been altered)  Non-repudiation (the order is final)  Access control (prevent misuse of resources)  Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files
18 Role of Security  A security infrastructure provides:  Confidentiality – protection against loss of privacy  Integrity – protection against data alteration/ corruption  Availability – protection against denial of service  Authentication – identification of legitimate users  Authorization – determination of whether or not an operation is allowed by a certain user  Non-repudiation – ability to trace what happened, & prevent denial of actions  Safety – protection against tampering, damage & theft
19 Types of Attack  Social engineering/phishing  Physical break-ins, theft, and curb shopping  Password attacks  Buffer overflows  Command injection  Denial of service  Exploitation of faulty application logic  Snooping  Packet manipulation or fabrication  Backdoors
20 Network Security…  Network security works like this:  Determine network security policy  Implement network security policy  Reconnaissance  Vulnerability scanning  Penetration testing  Post-attack investigation
21 Step 1: Determine Security Policy  A security policy is a full security roadmap  Usage policy for networks, servers, etc.  User training about password sharing, password strength, social engineering, privacy, etc.  Privacy policy for all maintained data  A schedule for updates, audits, etc.  The network design should reflect this policy  The placement/protection of database/file servers  The location of demilitarized zones (DMZs)  The placement and rules of firewalls  The deployment of intrusion detection systems (IDSs)
22 Step 2: Implement Security Policy  Implementing a security policy includes:  Installing and configuring firewalls  iptables is a common free firewall configuration for Linux  Rules for incoming packets should be created  These rules should drop packets by default  Rules for outgoing packets may be created  This depends on your security policy  Installing and configuring IDSes  snort is a free and upgradeable IDS for several platforms  Most IDSs send alerts to log files regularly  Serious events can trigger paging, E-Mail, telephone
23 Step 2: Implement Security Policy
24 Step 2: Implement Security Policy  Firewall  Applies filtering rules to packets passing through it  Comes in three major types:  Packet filter – Filters by destination IP, port or protocol  Stateful – Records information about ongoing TCP sessions, and ensures out-of- session packets are discarded  Application proxy – Acts as a proxy for a specific application, and scans all layers for malicious data  Intrusion Detection System (IDS)  Scans the incoming messages, and creates alerts when suspected scans/attacks are in progress  Honeypot/honeynet (e.g. honeyd)  Simulates a decoy host (or network) with services
25 Step 3: Reconnaissance  First, we learn about the network  IP addresses of hosts on the network  Identify key servers with critical data  Services running on those hosts/servers  Vulnerabilities on those services  Two forms: passive and active  Passive reconnaissance is undetectable  Active reconnaissance is often detectable by IDS
26 Step 4: Vulnerability Scanning  We now have a list of hosts and services  We can now target these services for attacks  Many scanners will detect vulnerabilities (e.g. nessus)  These scanners produce a risk report  Other scanners will allow you to exploit them (e.g. metasploit)  These scanners find ways in, and allow you to choose the payload to use (e.g. obtain a root shell, download a package)  The payload is the code that runs once inside  The best scanners are updateable  For new vulnerabilities, install/write new plug-ins  e.g. Nessus Attack Scripting Language (NASL)
27 Step 5: Penetration Testing  We have identified vulnerabilities  Now, we can exploit them to gain access  Using frameworks (e.g. metasploit), this is as simple as selecting a payload to execute  Otherwise, we manufacture an exploit  We may also have to try to find new vulnerabilities  This involves writing code or testing functions accepting user input
28 Step 6: Post-Attack Investigation  Forensics of Attacks  This process is heavily guided by laws  Also, this is normally done by a third party  Retain chain of evidence  The evidence in this case is the data on the host  The log files of the compromised host hold the footsteps and fingerprints of the attacker  Every minute with that host must be accounted for  For legal reasons, you should examine a low-level copy of the disk and not modify the original
29 Thank You!

Recomendados

Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 
mobile/wireless telephony
mobile/wireless telephonymobile/wireless telephony
mobile/wireless telephonyShaurya
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
 

Recomendados

Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 
mobile/wireless telephony
mobile/wireless telephonymobile/wireless telephony
mobile/wireless telephonyShaurya
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
 
Distributed System - Security
Distributed System - SecurityDistributed System - Security
Distributed System - SecurityHarshana Madusanka Jayamaha
 
Fog computing document
Fog computing documentFog computing document
Fog computing documentsravya raju
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN SecurityAbu Rayhan Ahmmed Rimu
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Distributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communicationDistributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communicationMNM Jain Engineering College
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationBSheghembe
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Cloud computing and Cloud Enabling Technologies
Cloud computing and Cloud Enabling TechnologiesCloud computing and Cloud Enabling Technologies
Cloud computing and Cloud Enabling TechnologiesAbdelkhalik Mosa
 
System security
System securitySystem security
System securitysommerville-videos
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Distributed web based systems
Distributed web based systemsDistributed web based systems
Distributed web based systemsReza Gh
 
Handover in Mobile Computing
Handover in Mobile ComputingHandover in Mobile Computing
Handover in Mobile ComputingKABILESH RAMAR
 
Virtual machine security
Virtual machine securityVirtual machine security
Virtual machine securityJacob Zvirikuzhe
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
Steganography
Steganography Steganography
Steganography Uttam Jain
 
Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressVallie Joseph
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 

Más contenido relacionado

La actualidad más candente

Fog computing document
Fog computing documentFog computing document
Fog computing documentsravya raju
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Distributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communicationDistributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communicationMNM Jain Engineering College
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationBSheghembe
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Cloud computing and Cloud Enabling Technologies
Cloud computing and Cloud Enabling TechnologiesCloud computing and Cloud Enabling Technologies
Cloud computing and Cloud Enabling TechnologiesAbdelkhalik Mosa
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Distributed web based systems
Distributed web based systemsDistributed web based systems
Distributed web based systemsReza Gh
 
Handover in Mobile Computing
Handover in Mobile ComputingHandover in Mobile Computing
Handover in Mobile ComputingKABILESH RAMAR
 
Steganography
Steganography Steganography
Steganography Uttam Jain
 

La actualidad más candente (20)

Distributed System - Security
Distributed System - SecurityDistributed System - Security
Distributed System - Security
 
Fog computing document
Fog computing documentFog computing document
Fog computing document
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN Security
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Distributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communicationDistributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communication
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentation
 
Network security
Network securityNetwork security
Network security
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Cloud computing and Cloud Enabling Technologies
Cloud computing and Cloud Enabling TechnologiesCloud computing and Cloud Enabling Technologies
Cloud computing and Cloud Enabling Technologies
 
System security
System securitySystem security
System security
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Distributed web based systems
Distributed web based systemsDistributed web based systems
Distributed web based systems
 
Handover in Mobile Computing
Handover in Mobile ComputingHandover in Mobile Computing
Handover in Mobile Computing
 
Virtual machine security
Virtual machine securityVirtual machine security
Virtual machine security
 
Network security
Network security Network security
Network security
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
Steganography
Steganography Steganography
Steganography
 

Similar a Lecture26 cc-security1

Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressVallie Joseph
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network securityKhaled Omar
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptxRavikumarVadana
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...NISHASOMSCS113
 
Research Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docxResearch Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docxronak56
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical HackingJennifer Wood
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 

Similar a Lecture26 cc-security1 (20)

Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World Congress
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network security
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
 
Network Security
Network SecurityNetwork Security
Network Security
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Module 3.pdf
 
Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & Security
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
Research Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docxResearch Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docx
 
Network Security
Network Security Network Security
Network Security
 
Intro
IntroIntro
Intro
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 

Más de Ankit Gupta

Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningAnkit Gupta
 
Week2 cloud computing week2
Week2 cloud computing week2Week2 cloud computing week2
Week2 cloud computing week2Ankit Gupta
 
Week 8 lecture material
Week 8 lecture materialWeek 8 lecture material
Week 8 lecture materialAnkit Gupta
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Ankit Gupta
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material ccAnkit Gupta
 
Week 1 lecture material cc
Week 1 lecture material ccWeek 1 lecture material cc
Week 1 lecture material ccAnkit Gupta
 
Mod05lec25(resource mgmt ii)
Mod05lec25(resource mgmt ii)Mod05lec25(resource mgmt ii)
Mod05lec25(resource mgmt ii)Ankit Gupta
 
Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Ankit Gupta
 
Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Ankit Gupta
 
Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Ankit Gupta
 
Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Ankit Gupta
 
Lecture29 cc-security4
Lecture29 cc-security4Lecture29 cc-security4
Lecture29 cc-security4Ankit Gupta
 
Lecture28 cc-security3
Lecture28 cc-security3Lecture28 cc-security3
Lecture28 cc-security3Ankit Gupta
 
Lecture27 cc-security2
Lecture27 cc-security2Lecture27 cc-security2
Lecture27 cc-security2Ankit Gupta
 
Lecture 30 cloud mktplace
Lecture 30 cloud mktplaceLecture 30 cloud mktplace
Lecture 30 cloud mktplaceAnkit Gupta
 
Week 7 lecture material
Week 7 lecture materialWeek 7 lecture material
Week 7 lecture materialAnkit Gupta
 
Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Ankit Gupta
 
Microprocessor full hand made notes
Microprocessor full hand made notesMicroprocessor full hand made notes
Microprocessor full hand made notesAnkit Gupta
 
Transfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptxTransfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptxAnkit Gupta
 
Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Ankit Gupta
 

Más de Ankit Gupta (20)

Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learning
 
Week2 cloud computing week2
Week2 cloud computing week2Week2 cloud computing week2
Week2 cloud computing week2
 
Week 8 lecture material
Week 8 lecture materialWeek 8 lecture material
Week 8 lecture material
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
 
Week 1 lecture material cc
Week 1 lecture material ccWeek 1 lecture material cc
Week 1 lecture material cc
 
Mod05lec25(resource mgmt ii)
Mod05lec25(resource mgmt ii)Mod05lec25(resource mgmt ii)
Mod05lec25(resource mgmt ii)
 
Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)
 
Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)
 
Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)
 
Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)
 
Lecture29 cc-security4
Lecture29 cc-security4Lecture29 cc-security4
Lecture29 cc-security4
 
Lecture28 cc-security3
Lecture28 cc-security3Lecture28 cc-security3
Lecture28 cc-security3
 
Lecture27 cc-security2
Lecture27 cc-security2Lecture27 cc-security2
Lecture27 cc-security2
 
Lecture 30 cloud mktplace
Lecture 30 cloud mktplaceLecture 30 cloud mktplace
Lecture 30 cloud mktplace
 
Week 7 lecture material
Week 7 lecture materialWeek 7 lecture material
Week 7 lecture material
 
Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16
 
Microprocessor full hand made notes
Microprocessor full hand made notesMicroprocessor full hand made notes
Microprocessor full hand made notes
 
Transfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptxTransfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptx
 
Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2
 

Último

2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projectssmsksolar
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...HenryBriggs2
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersMairaAshraf6
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfsmsksolar
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.Kamal Acharya
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwaitjaanualu31
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesMayuraD1
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTbhaskargani46
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesChandrakantDivate1
 
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...Health
 

Último (20)

Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdf
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
 

Lecture26 cc-security1

  • 1. CLOUD COMPUTING CLOUD SECURITY I PROF. SOUMYA K. GHOSH DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING IIT KHARAGPUR
  • 2. 2 Security - Basic Components  Confidentiality  Keeping data and resources hidden  Integrity  Data integrity (integrity)  Origin integrity (authentication)  Availability  Enabling access to data and resources
  • 3. 3 Security Attacks  Any action that compromises the security of information.  Four types of attack: 1. Interruption 2. Interception 3. Modification 4. Fabrication  Basic model: D Source Destination S
  • 4. 4 Security Attacks (contd.)  Interruption:  Attack on availability  Interception:  Attack on confidentiality S D S D I
  • 5. 5 Security Attacks  Modification:  Attack on integrity  Fabrication:  Attack on authenticity S D S D I I
  • 6. 6 Classes of Threats  Disclosure  Snooping  Deception  Modification, spoofing, repudiation of origin, denial of receipt  Disruption  Modification  Usurpation  Modification, spoofing, delay, denial of service
  • 7. 7 Policies and Mechanisms  Policy says what is, and is not, allowed  This defines “security” for the site/system/etc.  Mechanisms enforce policies  Composition of policies  If policies conflict, discrepancies may create security vulnerabilities
  • 8. 8 Goals of Security  Prevention  Prevent attackers from violating security policy  Detection  Detect attackers’ violation of security policy  Recovery  Stop attack, assess and repair damage  Continue to function correctly even if attack succeeds
  • 9. 9 Trust and Assumptions  Underlie all aspects of security  Policies  Unambiguously partition system states  Correctly capture security requirements  Mechanisms  Assumed to enforce policy  Support mechanisms work correctly
  • 10. 10 Types of Mechanisms secure precise broad set of reachable states set of secure states
  • 11. 11 Assurance  Specification  Requirements analysis  Statement of desired functionality  Design  How system will meet specification  Implementation  Programs/systems that carry out design
  • 12. 12 Operational Issues  Cost-Benefit Analysis  Is it cheaper to prevent or recover?  Risk Analysis  Should we protect something?  How much should we protect this thing?  Laws and Customs  Are desired security measures illegal?  Will people do them?
  • 13. 13 Human Issues  Organizational Problems  Power and responsibility  Financial benefits  People problems  Outsiders and insiders  Social engineering
  • 15. 15 Passive and Active Attacks  Passive attacks  Obtain information that is being transmitted (eavesdropping).  Two types:  Release of message contents:- It may be desirable to prevent the opponent from learning the contents of the transmission.  Traffic analysis:- The opponent can determine the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged.  Very difficult to detect.
  • 16. 16  Active attacks  Involve some modification of the data stream or the creation of a false stream.  Four categories:  Masquerade:- One entity pretends to be a different entity.  Replay:- Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.  Modification:- Some portion of a legitimate message is altered.  Denial of service:- Prevents the normal use of communication facilities.
  • 17. 17 Security Services  Confidentiality (privacy)  Authentication (who created or sent the data)  Integrity (has not been altered)  Non-repudiation (the order is final)  Access control (prevent misuse of resources)  Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files
  • 18. 18 Role of Security  A security infrastructure provides:  Confidentiality – protection against loss of privacy  Integrity – protection against data alteration/ corruption  Availability – protection against denial of service  Authentication – identification of legitimate users  Authorization – determination of whether or not an operation is allowed by a certain user  Non-repudiation – ability to trace what happened, & prevent denial of actions  Safety – protection against tampering, damage & theft
  • 19. 19 Types of Attack  Social engineering/phishing  Physical break-ins, theft, and curb shopping  Password attacks  Buffer overflows  Command injection  Denial of service  Exploitation of faulty application logic  Snooping  Packet manipulation or fabrication  Backdoors
  • 20. 20 Network Security…  Network security works like this:  Determine network security policy  Implement network security policy  Reconnaissance  Vulnerability scanning  Penetration testing  Post-attack investigation
  • 21. 21 Step 1: Determine Security Policy  A security policy is a full security roadmap  Usage policy for networks, servers, etc.  User training about password sharing, password strength, social engineering, privacy, etc.  Privacy policy for all maintained data  A schedule for updates, audits, etc.  The network design should reflect this policy  The placement/protection of database/file servers  The location of demilitarized zones (DMZs)  The placement and rules of firewalls  The deployment of intrusion detection systems (IDSs)
  • 22. 22 Step 2: Implement Security Policy  Implementing a security policy includes:  Installing and configuring firewalls  iptables is a common free firewall configuration for Linux  Rules for incoming packets should be created  These rules should drop packets by default  Rules for outgoing packets may be created  This depends on your security policy  Installing and configuring IDSes  snort is a free and upgradeable IDS for several platforms  Most IDSs send alerts to log files regularly  Serious events can trigger paging, E-Mail, telephone
  • 23. 23 Step 2: Implement Security Policy
  • 24. 24 Step 2: Implement Security Policy  Firewall  Applies filtering rules to packets passing through it  Comes in three major types:  Packet filter – Filters by destination IP, port or protocol  Stateful – Records information about ongoing TCP sessions, and ensures out-of- session packets are discarded  Application proxy – Acts as a proxy for a specific application, and scans all layers for malicious data  Intrusion Detection System (IDS)  Scans the incoming messages, and creates alerts when suspected scans/attacks are in progress  Honeypot/honeynet (e.g. honeyd)  Simulates a decoy host (or network) with services
  • 25. 25 Step 3: Reconnaissance  First, we learn about the network  IP addresses of hosts on the network  Identify key servers with critical data  Services running on those hosts/servers  Vulnerabilities on those services  Two forms: passive and active  Passive reconnaissance is undetectable  Active reconnaissance is often detectable by IDS
  • 26. 26 Step 4: Vulnerability Scanning  We now have a list of hosts and services  We can now target these services for attacks  Many scanners will detect vulnerabilities (e.g. nessus)  These scanners produce a risk report  Other scanners will allow you to exploit them (e.g. metasploit)  These scanners find ways in, and allow you to choose the payload to use (e.g. obtain a root shell, download a package)  The payload is the code that runs once inside  The best scanners are updateable  For new vulnerabilities, install/write new plug-ins  e.g. Nessus Attack Scripting Language (NASL)
  • 27. 27 Step 5: Penetration Testing  We have identified vulnerabilities  Now, we can exploit them to gain access  Using frameworks (e.g. metasploit), this is as simple as selecting a payload to execute  Otherwise, we manufacture an exploit  We may also have to try to find new vulnerabilities  This involves writing code or testing functions accepting user input
  • 28. 28 Step 6: Post-Attack Investigation  Forensics of Attacks  This process is heavily guided by laws  Also, this is normally done by a third party  Retain chain of evidence  The evidence in this case is the data on the host  The log files of the compromised host hold the footsteps and fingerprints of the attacker  Every minute with that host must be accounted for  For legal reasons, you should examine a low-level copy of the disk and not modify the original