Unit - V

Cloud Security

-by Poonam Kinage

Unit - V Cloud Security
Unit - V Cloud Security

5.1 Need and importance of Cloud Security

5.2 Methods of Providing Cloud Security
5.3 Infrastructure Security:
 Methods
 Case study
5.4 Data security and Storage:
 Methods
 Case study
5.5 Identity and Access Management:
 Access Control
 Trust
 Reputation
 Risk
5.3 Infrastructure Security
 Cloud security consists of different controls, procedures, and
technologies to protect your organization’s critical systems & data
against cyber security threats & risks stemming from cloud
environments.
 In terms of securing cloud infrastructure, there are two key areas:
 the actual, physical infrastructure which is your data center
 second, network security.
 Physical Level Security :-
 To secure data center, you must ensure that you are restricting access
to the facility to only authorized persons.
 Specific steps include access control measures such as access cards,
24/7 video surveillance monitoring, & an on-site security team.
 You must also have contingencies in place to prevent data loss caused
by natural disasters, an on-site incident, loss of power, & other risks.
 Within these contingencies, a data recovery plan is necessary along
with other redundancies.
 Physical level means protection of the places where the s/w is installed.
It can be lockers, backup generators, security cameras, & others.
Infrastructure Security cont….
 Network Level Security :-
 You must combine network monitoring, filtering and access
control to isolate malicious virtual machines, mitigate
distributed-denial-of-service (DDoS) attacks, and suspicious
access/logins.
 In this respect, you must install firewalls, security gateways, and
anti-DDoS systems.
 Network-level includes traffic encryption, use of authentication,
and authorization systems. On this level, the goal is to protect the
data traveling into, out of, or across the network.
 Data Level Security :
 At the lowest level of infrastructure security, data protection must
be considered, no matter where or how it is stored. Data level
includes data protection that can be stored in different places.
 This includes data encryption and backups. .
 Data encryption technologies also help protect data by encoding it
so that only users with the correct decryption key may access it.
Infrastructure Security cont….
 Application Level Security :-
 Application or software security should be a critical element of
a security program.
 Application-level is the protection of data in apps.
 Outdated software can contain vulnerabilities that cyber
attackers can exploit to gain access to IT systems.
 Ensuring software and firmware updates are distributed and
applied across the enterprise network, known as patching, helps
close security holes as well as provide new functionality,
performance improvements, and bug fixes for enterprise
applications.
 This includes protection of databases against attacks such as
SQL injections as well as the hardening of other applications
against unauthorized use or malicious exploits.
Benefits with proper Infrastructure Security

 Protect data from being stolen or otherwise

compromised, minimizing financial risk incurred with
steep fines.

 Ensure compliance with evolving data privacy rules that

mandate consumer information be kept safe from attack.

 Minimize the risk of damage due to user carelessness.

Tools & solutions for infrastructure security
 Firewall: This is the first line of defence against all manner of
threats, preventing malicious traffic from ever accessing your
internal networks.
 Antivirus or antimalware systems: Malware is introduced into the
enterprise through a number of means. Antimalware systems scan
email messages, web traffic and hardware devices to ensure that
they are not infected.
 Penetration testing and network vulnerability analysis tools: These
types of tools are set to run periodically — or continuously —
constantly scanning the network for potential security problems.
 Intrusion/violation detection system: An intrusion detection tool
monitors the network in real time, watching for behaviour that is
out of the ordinary or that indicates an attacker has breached the
infrastructure.
Tools & solutions for infrastructure security
 Authentication software: Authentication software monitors the
behavior of users with network access. AI detects unusual activity
that may imply a user’s credentials have been compromised.
 Password auditing tools: Passwords should be regularly audited to
ensure that users are not relying on insecure or hack-able login
credentials.
 Encryption tools: Encrypted data has limited to no value to
attackers, providing an extra layer of protection to your organization
in the event of an attack.
 SIEM tools: Security information and event management (SIEM)
tools automate much of the grunt work of monitoring infrastructure
security and provide a real-time analysis of the security alerts
generated by various applications in the enterprise.
Best practices/methods for securing infrastructure
 Pay attention to password security- Ensure that your passwords
are safe. If possible, also use two-factor authorization.
 Audit user permissions frequently- Check all the users and their
access to the infrastructure frequently.
 Ensure internet-based assets use secure protocols -Use secure
protocols for assets, such as SSH or SSL
 Regularly backup the system.
 Run stress-tests regularly for the system to detect problems in
infrastructure security. Run security scans and penetration tests to
hunt down vulnerabilities.
 Remove unused services and software.
 Encrypt wherever possible- Encrypted files are largely useless to
attackers who successfully enter the system but don’t hold the keys.
 Check and Properly the firewall configuration.
 Apply patches regularly- Patches should generally be installed the
day they are released, particularly if they include a security fix.
Major security threats in Cloud Infrastructure
 Cyber threats to technology infrastructure –
 phishing attempts and
 ransomware attacks to distributed denial of service (DDoS)
exploits and
 Internet of Things (IoT) botnets.
 Physical dangers include natural disasters such as
 fires and floods,
 civil unrest,
 utility outages, and
 theft or vandalism of hardware assets.
 Any of these have the potential to cause business disruption,
damage an organization’s public reputation, and have
significant financial consequences.
Case Studies in Cloud Infrastructure Security
 Case Study example of Cloud Computing Security
 Zero Trust Strategy
 Denial-of-Service (DoS/ DDoS) attacks
 Security system misconfiguration
 Data loss due to cyber attacks
 Unsecure access control points
 Inadequate threat notifications and alerts
 Account Hijacking
 Wireless Local Area Network Attack
 Traffic Flooding
 XML Signature Wrapping Attack
 Malware Injection
 Social Engineering Attack
Case Study in Cloud Infrastructure Security
 Denial-of-Service (DoS) attacks
 Denial-of-service attack, is a type of attack on a network that is designed
to bring the network to its knees by flooding (too many requests at the
same time it with useless traffic.
 DoS attack, denial-of-service attack, is an explicit attempt to make a
computer resource unavailable by either injecting a computer virus or
flooding the network with useless traffic.
 It can cause a machine/ server or a network to crash or slowing them
down, making it no longer accessible to users. Malicious attackers can
either send information to the target that causes it to shut down or flood
it with traffic to overwhelm it and cause a crash and it can also harm a
company’s authority and customer relations.
 DOS attack aims at disrupting the authorized use of networks, systems,
or applications by sending messages which exhaust service provider’s
resources ( network bandwidth, system resources, application resources)
 DDoS attacks employ multiple (dozens to millions) compromised
computers to perform a coordinated and widely distributed DoS attack
 DOS is an attack used to deny legitimate users access to a resource such
as accessing a website, network, emails, etc. or making it extremely slow.
Case Study - Denial-of-Service (DoS) attacks
 Types Of DOS Attack –

 DoS– this type of attack

is performed by a single
host

 Distributed DoS– this

type of attack is
performed by a number
of compromised
machines that all target
the same victim. It floods
the network with data
packets
Costs of DoS attacks for victim organizations
 Denial of Service is currently the most expensive computer crime for
victim organizations:
Classification of DoS attacks
 Bandwidth consumption:
 Attacks will consume all available network bandwidth
 Resource starvation:
 Attacks will consume system resources (mainly CPU, memory,
storage space)
 Programming flaws:
 Failures of applications or OS components to handle
exceptional conditions (i.e. unexpected data is sent to a
vulnerable component).
 Routing and DNS attacks:
 manipulate routing tables.
 changing routing tables to route to attacker’s net or black hole.
 attack to DNS servers, again route to attackers or black hole.
How to know if an attack is happening?

 Not all disruptions to service are the result of a DOS. There

may be technical problems with a particular network.
 However, the following symptoms could indicate a DoS or
DDoS attack:
 Unusually slow network performance
 Unavailability of a particular web site
 Inability to access any web site or any resources
 Dramatic increase in the amount of spam received in the
account.
Denial-of-Service (DoS) Examples
 Smurf
 Attacker sends sustained ICMP (availability of host) Echo
packets (ping) to broadcast address of the amplifying network,
with source address is forged.
 Since traffic was sent to broadcast address all hosts in the
amplifying LAN will answer to the victim’s IP address.

 Ping of death- Ping (win XP)

Denial-of-Service (DoS) Examples
 Spoofed DoS attack
 A spoofed DoS attack is a process in which
one host (usually a server or router) sends a
flood of network traffic to another host .
 Sol- Default Deny (TCP three-way handshake
 If every TCP/SYN packet is allowed to reach the
company server, hackers can flood the company’s
server with these packets, and overload the
connection.
 Instead, the firewall sends back a SYN/ACK
packet to the source IP.
 Once the firewall sends out the SYN/ACK packet,
it only allows a connection from the IP address
that sent the original TCP/SYN packet.
 A hacker has to have control of that IP address to
be able to connect to the company.
 Default Deny helps prevent a technique known as
“spoofing” IP addresses.
Denial-of-Service (DoS) Examples
 Syn flood
 TCP three-way handshake:
 The client requests a connection by sending a SYN
(synchronize) message to the server.
 The server acknowledges this request by sending SYN-ACK
back to the client, which,
 Responds with an ACK, and the connection is established.
 How it work………???
 attacker sends SYN packet to victim forging non-existent IP
address
 victim replies with Syn/Ack but neither receives Ack nor RST
from non-existent IP address
 victim keeps potential connection in a queue in Syn_Recv state,
but the queue is small and takes some time to timeout and flush
the queue, e.g 75 seconds
 If a few SYN packets are sent by the attacker every 10 seconds,
the victim will never clear the queue and stops to respond.
Detecting Distributed Denial of Service Attacks
by Monitoring the Source IP addresses
 IP addresses in
DDoS attack traffic
did not appear
before. [2003]
 Monitoring the
traffic volume is
likely to create high
false positive
 Monitoring the
percentage of new
IP addresses is very
effective in detecting
the attacks
Denial-of-Service (DoS) attacks Protection
 How to Avoid/Prevent being part of the problem?
 Prevent an attack An organization can adopt the following policy to
protect itself against Denial of Service attacks.
 Attacks such as SYN flooding take advantage of bugs in the
operating system. Installing security patches can help reduce
the chances of such attacks.
 Intrusion detection systems can also be used to identify and
even stop illegal activities.
 Install a firewall -Firewalls can be used to stop simple DoS
attacks by blocking all traffic coming from an attacker by
identifying his IP
 Routers can be configured via the Access Control List to limit
access to the network and drop suspected illegal traffic.
 Install anti-virus software.
 Applying email filters may help manage unwanted traffic
Conclusion Of DoS Case Study
 Denial of Service is currently the most expensive computer crime
for victim organizations.
 Strategic firewall placement allows companies to use the Internet
during a DDoS attack, and it allows them to continue receiving the
packets they want.
 Distributed Denial of Service Attacks could be Detected by
Monitoring the Source IP.
 It is easy to generate a successful DDoS attack that bypasses these
defences.
 DDoS attacks Infrastructure attacks DDoS are significant threats to
the future growth and stability of Internet.
 Cloud security experts need in-depth knowledge of how to
implement DoS attack protection and remediation strategies.
HOME WORK
 Explain Data Security
 Explain the Infrastructure Security
 What is Cloud Security and Encryption?
 How to overcome the cloud security issues?
 What is Network Security?
 Describe content level security.
 State the goals of cloud security
 What is infrastructure security in cloud computing?
 What are the different components of Data Security in cloud?
 What are the different levels of infrastructure security?
 Explain methods that are used to provide infrastructure security.
 What do you understand by Big Data in cloud?