Cloud Computing Security
You can classify security threats into two main categories. These are:
Infrastructure and host-related threats that could end up affecting the entire cloud operation and infrastructure. There are also service provider related security threats, that can affect any customers who are actively using or searching for a service in the cloud. There are also generic threats that can affect each of the previous classifications.
Infrastructure and host threats
There are a number of threats under this classification, they can include natural disasters, that can affect the critical infrastructure. There are tools available to help manage this risk, CRAMM, and Octave. Both are deployed to help soften the impact that any natural disasters may have.
Unauthorized physical access to facilities or equipment is also an important threat to be aware of. This can be unauthorized users that may try to access the facilities of the cloud system. Again, you can manage the risks of this with a good access policy, and monitoring software.
Something that can get overlooked is the negligence of employees. This can happen because of bad training and poor management reporting skills. It’s important in this very technical field, that you ensure your staff are trained up to the highest standard to deal with difficult challenges.
Known as dumpster diving, this is when people are able to access important and sensitive information from the trash, or from what you recycle. Many information leaks have happened with equipment being discarded or sometimes even lost.
Social engineering is another form of risk to the cloud system. This can help with unauthorized users gaining access to systems, via successful insider access requests. Passwords can easily be guessed from retaining some information about the internal employee, who may be a bit lax in their password writing skills, or in opening an infected email attachment.
Another aspect of security that you probably deal with, but might have missed for the potential of being compromised is security logs. Especially if you are part of an administration team that may have multiple users system-level access, this can be a real issue. As if the security logs aren’t correct, then you can’t trust any part of the system.
Privilege Escalation is also a real concern. People can access another VM if they escalate the rights of their existing users, again, through either social engineering or malicious software control.
Ineffective data deletion is something not considered by system & IT administrators. Most operating systems do not wipe data completely from unused or deleted VM accounts, instead they merely reference the data to be available to be overwritten. This can also happen with hardware and data migrations, where a cloud provider is upgrading equipment.
Malicious scanning. This can be where someone is using some sort of scraping or network probing tools, and costing you dearly in system resources. It’s easy for a hacker to obtain images behind a firewall, for example, using some simple URL parameters on a host address.
Obsolete or insecure cryptography is another vulnerability that you have to be careful to watch out for. Many cloud providers don’t implement any sort of encryption protocols on their cloud system, so unless you are sure that a vendor does, your data might be at an even bigger risk than usual.
Economic denial of service (EDoS) is a relatively new term, yet it is just as dangerous as any other risk. It can include identity theft, where a malicious user has free access to another user’s service, and for example, sends millions of spam emails via the email portal. The cloud provider might also come under pressure with being able to operate freely and evenly among its customers if one particular user takes up all the system resources. Distributed denial of service (DDoS) attacks are often popular to nowadays, with many notorious hacker groups seeing this as a right of passage. This is when the host has so many requests for information, that it can’t cope, and stops processing requests.
Service Provider Threats
The replay attack is when an attacker intercepts the saves the message that has been transmitted. After they spoof, (create fake, but real-looking) these messages, the attacker will resend them to the service. This can be overcome using a couple of countermeasures, most notably, the timestamp, which indicates when a message was sent.
Data interception is another threat that because of the scalable nature of cloud systems, makes this problem also just as scaleable. The techniques to data interception are The man in the middle, where the attacker can impersonate the victim by changing their user association, or public key. This means any message can be forwarded to look like a genuine message. There is also eves dropping, which can include keystroke monitoring, shoulder surfing, or data scavenging. This information found can be used to aid in an attack later.
Browser security is a common threat in cloud systems, because of the nature of accessing them using a browser. Since it is different tech companies that develop browsers, the cloud provider has no control over any vulnerabilities found in its browsers. You are at the mercy of the update or fix from the browser company.
As well as cloud systems being attacked, web services can be attacked via XML signature element wrapping. This attack on the protocols that use XML signatures is a great threat to cloud services. Amazon’s EC2 services succumbed to this type of attack.
Injection Vulrnabilites are a big risk, especially since almost every cloud company relies on some sort of SQL database. These can also take the form of script attacks to though. They are among the most popular type of attack since there are so many YouTubes explaining how exactly to do it.
Customers’ negligence is a risk factor that you have to account for in some way, yet you are almost powerless to control it. This is when an unauthorized user has access to a client’s cloud system, and they cause damage. It’s difficult to trace these back, if they only copy material out, but staying alert, having easy to understand security policies in place is among the best way to minimize this risk.
© 2020 Kit