Class: SY(MCA) Subject: Lab I- Cloud Computing

Experiment No. 8
Name: Ganesh Ramesh Bharati
Roll No: MC22F14F009

Experiment Title: GitHub Repositories

Aim: Exploring GitHub and learn how to create repositories, how to upload and download repositories,
Code Commit and Issue tracking Features.

Theory:
GitHub, Inc. is a US-based global company that provides hosting for software development version control using
Git. It is a subsidiary of Microsoft, which acquired the company in 2018 for US$7.5 billion. It offers the
distributed version control and source code management (SCM) functionality of Git, plus its own features. It
provides access control and several collaboration features such as bug tracking, feature requests, task
management, and wikis for every project.

GitHub offers plans free of charge, and professional and enterprise accounts. Free GitHub accounts are commonly
used to host open source projects. As of January 2019, GitHub offers unlimited private repositories to all plans,
including free accounts. As of January 2020, GitHub reports having over 40 million users and more than 100
million repositories (including at least 28 million public repositories), making it the largest host of source code in
the world.

GitHub
Development of the GitHub platform began on October 19, 2007. The site was launched in April 2008 by Tom
Preston-Werner, Chris Wanstrath, P. J. Hyett and Scott Chacon after it had been made available for a few months
prior as a beta release.

Projects on GitHub can be accessed and manipulated using the standard Git command-line interface and all of the
standard Git commands work with it. GitHub also allows registered and unregistered users to browse public
repositories on the site. Multiple desktop clients and Git plugins have also been created by GitHub and other third
parties that integrate with the platform.

1
The site provides social networking-like functions such as feeds, followers, wikis (using wiki software called
Gollum) and a social network graph to display how developers work on their versions ("forks") of a repository
and what fork (and branch within that fork) is newest.

A user must create an account in order to contribute content to the site, but public repositories can be browsed and

2
downloaded by anyone. With a registered user account, users are able to have discussions, manage repositories,
submit contributions to others' repositories, and review changes to code. GitHub began offering unlimited private
repositories at no cost in January 2019 (limited to three contributors per project). Previously, only public
repositories were free.

The fundamental software that underpins GitHub is Git itself, written by Linus Torvalds, creator of Linux. The
additional software that provides the GitHub user interface was written using Ruby on Rails and Erlang by
GitHub, Inc. developers Wanstrath, Hyett, and Preston-Werner.

How to Create Repository:

1. In the upper-right corner of any page, click , and then click New repository.

2. In the Owner drop-down, select the account you wish to create the repository on.

3
 3. Type a name for your repository, and an optional description.

4. Choose to make the repository either public or private. Public repositories are visible to the public, while
private repositories are only accessible to you, and people you share them with. For more information,
see "Setting repository visibility."

There are a number of optional items you can pre-populate your repository with. If you're importing an existing
repository to GitHub Enterprise, don't choose any of these options, as you may introduce a merge conflict. You
can choose to add new files using the command line later. For more information, see "Importing a Git repository
using the command line," "Adding a file to a repository using the command line," and "Addressing merge
conflicts."

You can create a README, which is a document describing your project. For more information, see "About
READMEs."

You can create a .gitignore file, which is a set of ignore rules. For more information, see "Ignoring files."
When you're finished, click Create repository.

4
Download and Upload Repositories:

1. On GitHub, navigate to the main page of the repository.

2. Under your repository name, click Upload files.

3. Drag and drop the file or folder you'd like to upload to your repository onto the file tree.

4. At the bottom of the page, type a short, meaningful commit message that describes the change
you made to the file. You can attribute the commit to more than one author in the commit
message. For more information, see "Creating a commit with multiple co-authors."

5. Below the commit message fields, decide whether to add your commit to the current branch or
to a new branch. If your current branch is master, you should choose to create a new branch
for your commit and then create a pull request. For more information, see "Creating a new pull
request."

6. Click Commit changes.

5
Conclusion:
Thus we have studied the use of GitHub.

6
 Class: SY(MCA) Subject: Lab I- Cloud Computing

Experiment No. 9

Experiment Title: Cloud Security Challanges

Aim: To study cloud security challenges.

Theory:

In the computer industry, the term security‐‐or the phrase computer security ‐‐refers to
techniques for ensuring that data stored in a computer cannot be read or compromised by
any individuals without authorization.
Most computer security measures involve data encryption and passwords.
• Data encryption is the translation of data into a form that is unintelligible without
a deciphering mechanism.
•A password is a secret word or phrase that gives a user access to a particular
program or system.

Cloud Computing Security Challenges

Cloud computing opens up a new world of opportunities for businesses, but mixed in
with these opportunities are numerous security challenges that need to be
considered and addressed prior to committing to a cloud computing strategy.
Cloud computing security challenges fall into three broad categories:
Data Protection: Securing your data both at rest and in transit.
• User Authentication: Limiting access to data and monitoring who accesses the data.
• Disaster and Data Breach Contingency Planning
7
Infrastructure Security
Threats , Challenges and Guidance –associated with securing an organization‘s core IT infrastructure at
The network, The host, Application Levels
Infrastructure security is different from IAAS security.

Infrastructure Security: The Network Level

With private clouds, there are no new attacks, vulnerabilities, or changes in risk specific to this topology
that information security personnel need to consider.

Although our organization‘s IT architecture may change with the implementation of a private cloud, our
current network topology will probably not change significantly.

to use public cloud services, changing security requirements will require changes to our network topology.
We must address how our existing network topology interacts with our cloud provider‘s network topology

8
Ensuring Data Confidentiality and Integrity
�Some resources and data previously confined to a private network are now exposed to the Internet,
and to a shared public network belonging to a third‐party cloud provider.
�An example of problems associated with this risk factor is an Amazon Web Services (AWS) security
vulnerability reported in December 2008
Although use of HTTPS (instead of HTTP) would have mitigated the integrity risk, users not using
HTTPS (but using HTTP) did face an increased risk that their data could have been altered in transit
without their knowledge

Ensuring Proper Access Control

�Network resources are put in public cloud, face many risk to its data
�Ability to audit the operation of our cloud provider‘s network in non-existent
�We will have decreased access to relevant network‐level logs and data, and a limited ability to
thoroughly conduct investigations and gather forensic data
�An example of the problems associated with this risk factor is the issue of reused (reassigned) IP
addresses.
�cloud providers do not sufficiently ―age‖ IP addresses when they are no longer needed for
one customer.
�the issue of ―non‐aged‖ IP addresses and unauthorized network access to resources does not
apply only to routable IP addresses (i.e., resources intended to be reachable directly from the Internet).
The issue also applies to cloud providers‘ internal networks for customer use and the assignment of non‐
routable IP addresses
�Although our resources may not be directly reachable from the Internet, for management

purposes our resources must be accessible within the cloud provider‘s network via private addressing.
(Every public/Internet facing resource also has a private address.) Other customers of our cloud provider
may not be well intentioned and might be able to reach our resources internally via the cloud provider‘s
networks.

Ensuring the Availability of Internet

‐Facing Resources

9
 Reliance on network security has increased because an increased amount of data or an increased
number of organizational personnel now depend on externally hosted devices to ensure the
availability of cloud‐provided resources. Consequently, the three risk factors enumerated in the
preceding section must be acceptable to your organization.

�BGP(Broader Gateway Protocol) prefix hijacking provides a good example of this risk
factor�Announce an autonomous system address space that belongs to someone else without her
permission. Such announcements often occur because of a configuration mistake, but that
misconfiguration may still affect the availability of your cloud
‐based resources.
�In addition to misconfigurations, there are deliberate attacks as well�Although prefix hijacking due to
deliberate attacks is far less common than misconfigurations, it still occurs and can block access to data.
�DNS attacks are another example of problems associated with this third risk factor. In fact, there are
several forms of DNS attacks to worry about with regard to cloud computing.

Replacing the Established Model of Network Zones and Tiers with Domains
�The established isolation model of network zones and tiers no longer exists in the public IaaS and PaaS
clouds.
�For years, network security has relied on zones, such as intranet versus extranet and development
versus production, to segregate network traffic for improved security. This model was based on
exclusion�only individuals and systems in specific roles have access to specific zones. �Similarly,
systems within a specific tier often have only specific access within or across a specific tier. For
example, systems within a presentation tier are not allowed to communicate directly with systems in the
database tier, but can communicate only with an authorized system within the application zone.
�SaaS clouds built on public IaaS or PaaS clouds have similar characteristics. However, a public SaaS
built on a private IaaS (e.g., Salesforce.com) may follow the traditional isolation model, but that
topology information is not typically shared with customers.

Virtualization software security

�The software layer that sits on top of bare metal and provides customers the ability to create and
destroy virtual instances.
�Virtualization at the host level can be accomplished using any of the virtualization models, including

10
 �OS level virtualization (Solaris containers, BSD jails, Linux-Server), paravirtualization (a combination
of the hardware version and versions of Xen and VMware), or
�hardware-based virtualization (Xen,VMware,Microsoft Hyper-V).
�It is important to secure this layer of software that sits between the hardware and the virtual servers.
�In a public IaaS service, customers do not have access to this software layer; it is managed by the CSP
only.

Application-Level Security Threats

�Designing and implementing applications targeted for deployment on a cloud platform will require that
existing application security programs re‐evaluate current practices and standards.
�The application security spectrum ranges from standalone single‐user applications to sophisticated
multiuser ‐commerce applications used by millions of users.
�Web applications such as content management systems (CMSs), wikis, portals, bulletin boards, and
discussion forums are used by small and large organizations.
�A large number of organizations also develop and maintain custom‐built web applications for their
businesses using various web frameworks
�few criminals attacked vulnerable websites because other attack vectors were more likely to lead to an
advantage in unauthorized economic or information access.

Dos and EDoS:(Denial of Service and Economic Denial of Sustainability)

�Application-level DoS and DDoS attacks typically originate from compromised computer systems
attached to the Internet
�Application-level DoS attacks could manifest themselves as high-volume web page reloads,
XML web services requests (over HTTP or HTTPS), or protocol-specific
requests supported by a cloud service.
�Since these malicious requests blend with the legitimate traffic, it is extremely difficult to selectively
filter the malicious traffic without impacting the service as a whole.

11
End User Security:
�we, as a customer of a cloud service, are responsible for end user security tasks—security procedures to
protect your Internet-connected PC—and for practicing ―safe surfing.‖
�Protection measures include use of security software, such as anti-malware, antivirus, personal firewalls,
security patches, and IPS-type software on our Internet-connected computer.
�The new mantra of ―the browser is your operating system‖ appropriately conveys the message
that browsers have become the ever-present ―operating systems‖ for consuming cloud services.

Conclusion:
Thus we have studied the different Cloud Security Challenges.

12