Professional Documents
Culture Documents
The Brightening Future of Cloud Security
The Brightening Future of Cloud Security
session, the virtual layer can be reset and the user’s PC unless the user specifically References
scrubbed to a clean state. solicits them.
It protects the user’s PC from the 1. Krebs, Brian. “Network Solutions
“The latest generation of web- moment of connection. As web-based Hack Compromises 573,000 Credit,
based attacks need a solution attacks can occur the moment the user Debit Accounts,” July 24 2009.
that supplements and goes encounters a web site, the shield approach <http://voices.washingtonpost.com/
beyond the best of traditional does not passively wait for malware to securityfix/2009/07/network_solu-
endpoint defences, including transfer from the internet to the PC. The tions_hack_comprom.html>
signature-based security, virtualisation layer shields the user imme- 2. Messmer, Ellen. “Nine Ball attack
diately and through the whole session. strikes 40,000 websites”, 16 June
updates to virus and spyware
It’s unobtrusive. No special setup or 2009 <http://www.networkworld.
eradication mechanisms, and maintenance on the part of the enter- com/news/2009/061609-nineball-
firewalls” prise administrator is needed, and all vir- websense-attack.html?hpg1=bn>
Without this approach, user accounts tualisation activity is invisible to the user 3. Broersma, Matthew. “ ‘Gumblar’
often run with administrative privileges, and requires zero maintenance. attacks spreading quickly” 19 May
giving applications freedom to read and The latest generation of web-based 2009 <http://news.cnet.com/8301-
write to the operating system and kernel. attacks need a solution that supple- 1009_3-10244529-83.html>
This allows malicious code to directly ments and goes beyond the best of 4. Web Hacking Incidents Database,
access and harm the operating system. traditional endpoint defences, includ- 2 February 2009 <http://www.
ing signature-based security, updates to xiom.com/whid/2009/14/
The benefits of web virus and spyware eradication mecha- My.BarackObama.com_Infects_
nisms, and firewalls. It needs to shield Visitors_With_Trojan>
shielding the browser – the user’s point of contact 5. Web Hacking Incidents Database, 22
To conclude, placing a virtual shield with the internet – from the endpoint’s February 2009 <http://www.xiom.
around the browser has three core secu- operating system and file system, to com/whid/2009/22/federal_travel_
rity benefits. stop unauthorised changes. booking_site_spreads_malware>
It is signature independent. It’s a After all, if you’re going to put armour on 6. Web Hacking Incidents Database, 16
zero-hour system that employs a simple your endpoints, why not do what our medi- September 2008 <http://www.xiom.
firewall-like rule: reject all changes to eval ancestors did, and use a shield as well? com/whid-2008-35>
7
October 2009 Network Security
CLOUD SECURITY
8
Network Security October 2009
CLOUD SECURITY
simulate user behaviour (such as pressing mark a website as suspicious, but just Behaviour-based
OK buttons) through them. being suspicious is not sufficient grounds
for blocking access to a website, as many inspection
Identifying a suspicious legitimate websites make use of other- If a website is in some way suspicious,
wise suspicious behaviour for non-mali- then the real work begins, both in terms
website cious purposes. For example, obfuscated of resource requirements and difficulty
There are hundreds of indicators that Javascript is a key indicator of a mali- level. The first and possibly most impor-
tant challenge is to identify otherwise
undetected (whether due to obfuscation
or a zero-day vulnerability) exploits by
directing popular browsers to visit the
site and monitoring any resulting down-
loads, software installs, or user prompts
that may lead to software downloads,
including prompts to install plugins.
Many downloaded files, such as PDF
files, may themselves have a new exploit
so the execution of the downloaded file
and using a system with many browser
Figure 4: Example of obfuscated Javascript highlighted by the Internet Storm Center.6 helper programs (preferably outdated) is
helpful here. The biggest challenge lies
9
October 2009 Network Security
PROCESS CONTROL
10
Network Security October 2009