Cloud computing security
•Transferir como PPTX, PDF•
2 gostaram•1,679 visualizações
network and security aspects related to cloud computing!!
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (20)
Semelhante a Cloud computing security
Semelhante a Cloud computing security (20)
Mais de Aung Thu Rha Hein
Mais de Aung Thu Rha Hein (18)
Último
Último (20)
Cloud computing security
- 2. Cloud Computing Network/Security Threats Aung Thu Rha Hein(g5536871)
- 3. Agenda Cloud Computing • What is cloud computing? • Cloud Computing Infrastructure Models • Architecture layers of Cloud Computing • Cloud Computing characteristics Network/Security Aspects of Cloud Computing • Network/Security issues based on architecture types • Network issues on cloud computing • Security issues on cloud computing
- 4. What is Cloud Computing? • services that provide common business applications online, which are accessed from a Web browser, while the software and data are stored on the servers; a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet Source: Wolfram Alpha • Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). Source: Wikipedia
- 5. 5th generation of Computing 1970s •Monolithic 1980s •Client-Server 1990s •Web-based 2000s •SOA 2010 •Cloud Computing
- 6. Cloud Computing Infrastructure Models • Public Cloud • AWS, Google App Engine Win Azure • Private Cloud • Premised or external hosted • For one client • Control data, security & QoS • Hybrid Cloud • Cloud Bursting • Provide on-demand, externaly provisioned scale
- 7. Architectural Layers of Cloud Computing • Saas (Software As A Service) • Provides resources (apps or storage) • Free or pay-per–usage model • Gmail, Github, Dropbox • PaaS (Platform As A Service) • Provides development platform • Heroku, OpenShift, Google App Engine, Win Azure • IaaS (Infrastructure As A Service) • Offer hardware related services • Amazon EC2, Rackspace, Flexiscale
- 9. Network/Security Aspects of Cloud Computing
- 10. Software As A Service Application Application Middleware Database Server Operating System Hypervisor Storage CPU Networking Backup YOUR DATA Datacenter (Power, Cooling, Physical Security) Your Their Problem Problem
- 11. Platform As A Service Your Application Application Middleware Database Server Operating System Hypervisor CPU Networking Storage Backup Datacenter (Power, Cooling, Physical Security) Your Their Problem Problem
- 12. Infrastructure As A Service Your Application Your Your Your Application Middleware Database Server Your Operating System Hypervisor CPU Networking Storage Backup Datacenter (Power, Cooling, Physical Security) Your Their Problem Problem
- 13. Network Issues • DoS ( Denial of Service or Distributed denial-of-attack) • overflows a server with frequent request of services Methods - Smurf attack - SYN flood - Teardrop attacks
- 14. Network Issues(cont.) • Man in the Middle Attack • An attacker splits connection and rejoin with the attackers own computer system • SSL is not properly configured
- 15. Network Issues(cont.) • Network Sniffing • hack passwords that are not properly encrypted during communication • a self contained software program or a hardware device
- 16. Network Issues(cont.) • Port Scanning • sends client requests to a range of server port addresses on a host • To search an active port and vulnerable services
- 17. Security Issues • XML Signature Element Wrapping (Wrapper attack) • Attacker rewrite SOAP request that already signed by using a wrapper block • Well known web service attack
- 18. Security Issues(cont.) • Cloud Malware Injection Attack • Upload virus Program to the cloud
- 19. Security Issues(cont.) • Data Stealing Problems • User account and password are stolen by any means • Accountability Check Problem • “No use No bill” payment method • an attacker has engaged the cloud with a malicious service or runs malicious code
- 20. Conclusion & Thank You!
Notas do Editor
- First part- intro about the architecture, infrastructure, characteristic of cloud computing.After that, explain about the security concerns of cloud computing
- CC & Virtualization-buzz word in the world of web technologyCan access anywhere without no installationCentralized data storage and bandwidth
- 1-monotholic2.Client server3.Web based4.SOA-serice oriented architecture: application to communicate over standard-based web protocols 2006-amazon web services 2007-resarch by google and ibm 2010-MS azure5.CC
- Public clouds are run by third parties, and applications from different customers are likely to be mixed together on the cloud’s servers, storage systems, and networks. Public clouds are most often hosted away from customer premises, and they provide a way to reduce customer risk and cost by providing a flexible, even temporary extension to enterprise infrastructure.Private clouds are built for the exclusive use of one client, providing the utmost control over data, security, and quality of service. The company owns the infrastructure and has control over how applications are deployed on it. Private clouds may be deployed in an enterprise datacenter, and they also may be deployed at a co-location facility.Hybrid clouds combine both public and private cloud models. They can help to provide on-demand, externally provisioned scale. The ability to augment a private cloud with the resources of a public cloud can be used to maintain service levels in the face of rapid workload fluctuations.
- Saas-broad market, most of the stuffs use by browser- SaaSUsers can access a software application hosted by the cloud vendor on pay-per-use basisIaas- hardware-server, storage
- interxion1.Preventing data loss2. preventing outages3. keeping security up to dateAttack in cloudsMulti tanency and resource pooling modelsBased on the deployment models we choose, the problems or the component you have control over is different.Cloud computing runs on network infrastructure.so, it is open to network attack. some of the wellknown attacks are
- Dos-Server can’t respond to normal userspurpose is to decrease server performance by using computational resources,Smurf attack- icmpflooding broadcast to a victim’s network using broadcast addressSyn- flood tcp/syn packets with a faked address, half-open connectionTeardrop-sending invalidpackets with overlapped ip fragment and crash the systemPrevent-setup firewall,IPS,switches,routers ,reduce the privileges of users
- Man In the Middle attack refers to a technique where a malicious attacker splits a connection between two computers and rejoins the connections with the attackers own computer systemin this attack, the attacker takes over the role of a device between you and the system you are talking to. This device could be a router, where the attacker confuses the switch ARP table and has data destined for the router to be sent to her. Then she relays the data to the router.To prevent-use mutual authentication techniques such as PKI, one-time pads
- It’s a diagnosis tool for network engineersmethods-install sniffing tool to network devices or programTo prevent: anti-sniffer software to find
- Purpose is to find an active port Countermeasure -port scan attack detector and firewall
- SOAP- envelope structured First, envelope with plain header and body requesting serverServer reply with header info and signatureHTTPS is hardly ever used when these methods of securing the data in transit are in place. It is also not very common for the whole request to be encrypted or signed because it can have an effect on performance.To fix this, apply W3C’s “XML Signature Best Practices” and STAMP bit
- Counter measure for this attack isauthenticity check for received messages.
- Send email to customer every session ends with next login password