Security in Cloud Computing & Virtualization

LRP BASED ON
Speeches & Workshops attended White Papers & Friends
Institute of Electronics & Telecommunications Engineers

Computer Society of India

Institution of Engineers

If you can't explain it simply……

….you have not UNDERSTOOD it well enough

Conclude

Types & Applications

20 – 25 Min drive

SECURITY

Basic Introduction

CLOUD COMPUTING
• Offers Computing as a Service • Provisions service in a timely on demand manner

VIRTUALISATION
• Provisions running multiple OS on a single Physical System and share underlying hardware resources

Security in Virtualisation & Cloud Computing

speed

performa nce

Traditional Server

slow

efficiency

Purana zamana?

APPLN OS STORAGE

APPLN OS STORAGE

APPLN OS STORAGE

APPLN OS STORAGE

HW PLATFORM EMAIL WINDOWS EXCHANGE

HW PLATFORM WEB SERVER WINDOWS IIS

HW PLATFORM APP SERVER LINUX GLASSFISH

HW PLATFORM DB SERVER LINUX MYSQL

APPLN OS STORAGE

APPLN OS STORAGE

APPLN OS STORAGE

APPLN OS STORAGE

HW PLATFORM EMAIL WINDOWS EXCHANGE

HW PLATFORM WEB SERVER WINDOWS IIS

HW PLATFORM APP SERVER LINUX GLASSFISH

HW PLATFORM DB SERVER LINUX MYSQL

SYSTEM ADMINISTRATORS
• Servers taken as a whole unit that incl Hardware, the OS,the Storage and the Applications

SERVERS
• Often referred to by their functions ie the Exchange server, the SQL Server or the File Server etc.

OVERTAXED?
• If any of the servers is overtaxed,then the System Administrator must add in a new server.

MULTIPLE SERVERS
• Unless there are multiple servers,if a service experiences a HW failure, then the service is down.

CLUSTERING ?
• Clustering can be implemented to make them more fault tolerant. However, even clusters have limits on their scalability and not all applications work in a clustered environment.

-Easy to Conceptualize - Fairly easy to deploy -Easy to backup

-Under utilized HW

-Vulnerable to HW outrages
-Not Very scalable -Difficult to replicate -Redundancy issues -Expensive

-Virtually any appln / service can be run from this type of setup

Virtual servers seek to encapsulate the server software away from hardware
Servers end up as mere files stored on a physical box

Can be serviced by one/more hosts & one host may house one/more virtual servers
If built correctly,not affected by the loss of host

Host may be removed and introduced at will to accommodate maint

-Resource Pooling - Highly reduntant -High Avail

-Harder to conceptualise
-Slightly costly

-Rapid and easy dply -Reconfigurable -Optimisation

Offerings from many companies

Hardware Support

Fits well with the move to 64 bit

Virtualization is now a well established technology

Platform Virtualization

Desktop Virtualization

Network Virtualization

Storage Virtualization

Resource Virtualization

No need to own the Hardware

Rent as needed

Option of Public Cloud

Can go for a Private Cloud

Security in Virtualisation & Cloud Computing
Private

Types of Cloud Models

Public

Hybrid

Based on the standard cloud computing model

Service provider makes resources, such as applications and storage, available over the Internet

Services may be free or offered on a pay-per-usage model

Limited service providers like Microsoft, Google etc own all Infrastructure at their Data Center and the access allowed through Internet mode only

Cloud infrastructure operated solely for a single organization

Users "still have to buy, build, and manage them"

Designed to offer the same features and benefits of cloud systems

Removes a number of objections to the cloud computing model including control over enterprise and customer data, worries about security

Various Providers let u create Virtual Servers

• Setup with a Credit Card

U can create a Virtual Server

• Choose the OS • Choose the Software • Instant start/Instant Close

U Get the Bill

Cost Control
• Many systems have variable demands • Web sites at peak Hours Reduce Risk • No need to buy HW

Scalability@Business Agility

• Business Expansion • Business change
Elasticity

• Scaling Back =Scaling Up

Stick to Business

Y should TOI worry about IT

Avoid getting into NW Problems & issues

Security in Virtualisation & Cloud Computing

IaaS

SaaS

Deployment Models

PaaS

CaaS

MaaS

Communication as a Service
Infrastructure as a Service Monitoring as a Service

Platform as a Service
Software as a Service Crime Ware as a Service

IT as a Service

Many cloud deployments virtualised platforms

are

build

on

However it is not a requirement

Some SaaS dply are not virtualised

Virtualization is not a requirement of cloud computing, its ability to efficiently share resources makes it an excellent foundation.

Hypervisor, also called Virtual Machine Manager (VMM)

One of many virtualization techniques Multiple Operating Systems

hardware allowing

Conceptually one level higher than a Supervisory program

Manages the execution of the guest operating systems

Used to describe the interface provided by the specific cloud computing functionality infrastructure as a service (IaaS)

100% SECURITY IS A MYTH COL S K KAPOOR …..Off course our answer sheets also came out to be myth

Crime as a Service (CaaS) is just like Software as a Service (SaaS)

……………but instead of offering legal and helpful services though the Internet, criminal syndicates are offering illegal and detrimental services

…such as infecting large quantities of computers, sending spam and even launching direct denial of service (DDoS) attacks

Infrastructure As (Crime) Service or Iaa(C)S, in which the criminals offer malicious services (or infrastructures) to attack specified targets, services may include complex “traditional” infrastructures such as botnets

Security in the Cloud – Dealing with AAS HOLES

….but also “innovative” large scale fashioned services such as DDoS or also sharper services such as password cracking. Try to surf the web and you will discover how easy it is to purchase such a criminal kind of services.

Software As a (Crime) Service or Saa(C)S, in which the criminals offer malicious software (and the needed support) as a service.

An example? The latest Zeus Variant dubbed Citadel provides the purchaser with help desk and even a dedicated Social Network

Loose Control Over Assets
Trust ur data to Cloud Service Provider? Loose control over Physical Security

In a Public Cloud u share with others!!!!
No knowledge of what runs where? Sticky Services!!!!@incompatibility

Control over Encryption/Decryption Keys

No Stds yet!!!@OCC is there working
Internally developed Code in cloud? Loose control over Physical Security

Msn critical applications in public cloud?
Audit Logs accessible to service provider PCI DSS
Payment Card Industry Data Security Standard

Constant up gradation!!!

Data Residency in SaaS
Banking data to reside within country!! Citizen data not on shared servers

Easier for attackers!!!
Double edged- Cloud & Virtualization Patch Maintenance

Bharosa & Trust

Privileged User Access
• Inquire about who has spl access to data • Who are the administrators and how r they hired?

Regulatory Compliance
• Is vendor willing to undergo external audits • Security classification?

Data Location
• Does the provider allow any control over loc of data

Data Segregation
• Encryption policy, schemes and design

Recovery
• What happens in case of disaster • Restoration Policies and Business Continuity Plans

Investigative Support
• Vendor’s ability to investigate any inappropriate or illegal activity ?

Long term Viability
• What happens if company goes out of Business? • Risk Management

Security Monitoring and IR
• Notification of Sec Vulnerabilities • IR Teams?

Data in Transit

Data at Rest

Data in Processing

Data Lineage@mapping

Data Remanence

Security in Virtualisation & Cloud Computing
AWS

Few Cases.....u should know

Google Docs

Cevin

Internet Assigned Numbers Authority & RIR

Stealing keys to access and manage hosts

Attacking unpatched,vulnerable services

Hijacking accounts with weak pwds

Weak Firewalls

Deploying Trojans

Langot’s@Microsoft, Windriver

CSI

IETE

Institution of Engineers,Kolkatta

Sign up to vote on this title
UsefulNot useful