Cloud intro and possible threats

8/3/2019 Cloud intro and possible threats

1/35

Cloud Computing

andSecurity Threats


2/35

SOFTWARE SECURITY SYSTEM

For Course :


3/35

SIR MAQSOOD RAZI

For


4/35

IQBAL UDDIN KHAN

From


5/35

What is Cloud?

The term "cloud" is used as a metaphor forthe Internet, based on the cloud drawingused in the past to represent the

telephone network and later to depict theInternet in computer network diagrams asan abstraction of the underlying

infrastructure it represents.


6/35

Commercial deployment ofCloud

In early 2008, Eucalyptus became the firstopen-source, AWS API-compatibleplatform for deploying private clouds. In

early 2008, OpenNebula, enhanced in theRESERVOIR European Commission-funded project, became the first open-

source software for deploying private andhybrid clouds, and for the federation ofclouds.


7/35

Commercial deployment ofCloud contd

Eucalyptus: is a software platform for theimplementation of private cloud computing.

Eucalyptus has two editions:

1. Open-core enterprise edition.

2. Open-source edition.


8/35


Eucalyptus is Compatible withAMAZONs Elastic Compute Cloud

(EC2) and Simple Storage Service (S3).

Eucalyptus works with most currentlyavailable Linux distributions includingUbuntu, Red Hat Enterprise Linux(RHEL), CentOS, SUSE LinuxEnterprise Server (SLES), openSUSE,Debian and Fedora.


9/35


OpenNebula: An open-source cloudcomputing toolkit for managingheterogeneous distributed data center

infrastructures. The OpenNebula toolkitmanages a data center's virtualinfrastructure to build private, public

and hybrid clouds.


10/35

Why Cloud is Necessary?

The answer depends upon what typeof user we are?

example:

System Administrator.

Software Developers. IT buyers, Corporate and Federal.


11/35

Benefits of Cloud Computing

Reduced CostCloud technology is paid incrementally,saving organizations money.

Increased StorageOrganizations can store more data than onprivate computer systems.

Highly AutomatedNo longer do IT personnel need to worryabout keeping software up to date.


12/35

Benefits of Cloud Computingcontd

FlexibilityCloud computing offers much moreflexibility than past computing methods.

More MobilityEmployees can access informationwherever they are, rather than having to

remain at their desks.


13/35

Benefits of Cloud Computingcontd

Allows IT to Shift FocusNo longer having to worry about constantserver updates and other computing

issues, government organizations will befree to concentrate on innovation.


14/35

Cloud Details

Cloud computing is a marketing term fortechnologies that provide computation,software, data access, and storage services thatdo not require end-user knowledge of thephysical location and configuration of thesystem that delivers the services.

A parallel to this concept can be drawn with theelectricity grid, wherein end-users consumepower without needing to understand thecomponent devices or infrastructure required toprovide the service.


15/35

Cloud Details


16/35

Cloud Layers

Client

Applications

Platform

Infra

Structure

Server


17/35

Cloud Layers contd

Client

A cloud clientconsists ofcomputer hardware and/orcomputer software thatrelies on cloud computing

for application delivery andthat is in essence useless

without it.

Example ChromeOS.

a Linux-based operatingsystem designed by Googleto work exclusively with webapplications.


18/35

Cloud Layers contd

Application

A cloud application issoftware provided as

a service. Example :

Google Apps.


19/35

Cloud Layers contd

Platform

a computing platformand/or solution stackas a service, oftenconsuming cloudinfrastructure andsustaining cloudapplications.

Example

Facebook


20/35

Cloud Layers contd

Infrastructure

a platformvirtualization

environment as aservice, along withraw (block) storageand networking.

Example

AMAZON EC2


21/35

Cloud Layers contd

Server

The servers layerconsists of computerhardware and computersoftware products thatare specifically designedfor the delivery of cloudservices, including multi-core processors, cloud-specific operatingsystems and combinedofferings.


22/35

Cloud Deployment Models

Public cloud

Community

cloud

Hybrid cloud

Private cloud


23/35

Cloud Deployment Models Contd

Public cloud

A public cloud is one based on the standardcloud computing model, in which

applications and storage, available to thegeneral public over the Internet. Publiccloud services may be free or offered on a

pay-per-usage model.


24/35


Community cloud

Community cloud shares infrastructurebetween several organizations from a

specific community with common concerns(security, compliance and jurisdiction).


25/35


Hybrid cloud

Hybrid cloud is a composition of two or moreclouds (private, community, or public) that

remain unique entities or can also bedefined as multiple cloud systems that areconnected in a way that allows programs

and data to be moved easily from onedeployment system to another.


26/35


Private cloud

Private cloud is infrastructure operatedsolely for a single organization, whether

managed internally or by a third-party andhosted internally or externally.


27/35

Threats to Cloud Computing

Abusive use of Cloud Computing.

Insecure Interfaces and APIs.

Malicious Insiders.

Shared Technology Issues.

Data Loss or Leakage.

Account or Service Hijacking.


28/35

Threats to Cloud ComputingContd

Abusive use of Cloud Computing.

Cloud Computing providers are actively beingtargeted, partially because their relatively

weak registration systems facilitateanonymity, and providers fraud detection

capabilities are limited. So criminalscontinue to leverage new technologies to

improve their reach, avoid detection, andimprove the effectiveness of their activities.


29/35


Insecure Interfaces and APIs

Reliance on a weak set of interfaces and APIsexposes organizations to a variety of

security issues related to confidentiality,integrity, availability and accountability.While most providers strive to ensuresecurity is well integrated into their service

models


30/35


Malicious Insiders

The impact that malicious insiders can have onan organization is considerable, given their

level of access and ability to infiltrateorganizations and assets. Brand damage,financial impact, and productivity losses arejust some of the ways a malicious insider

can affect an operation.


31/35


Shared Technology Issues

Attackers focus on how to impact theoperations of other cloud customers, and

how to gain unauthorized access to data. Sothey target the shared technology insideCloud Computing environments. Diskpartitions, CPU caches, GPUs, and other

shared elements were never designed forstrong compartmentalization.


32/35


Data Loss or Leakage

Data loss or leakage can have a devastatingimpact on a business. Beyond the damage to

ones brand and reputation, a loss couldsignificantly impact employee, partner, andcustomer morale and trust. Loss of coreintellectual property could have competitive

and financial implications.


33/35


Account or Service Hijacking.

Organizations should be aware of thesethreats, Account and service hijacking,

usually with stolen credentials, remains a topthreat. With stolen credentials, attackers canoften access critical areas of deployed cloudcomputing services, allowing them to

compromise the confidentiality, integrity andavailability of those services.


34/35

References from

Wikipedia.

Report from Cloud Security Alliance

March 2010.


35/35

Thank you

Documents

Cloud intro and possible threats