Cloud Computing & Security
Download as PPT, PDF2 likes256 views
This document discusses cloud computing and security. It begins with an overview of cloud computing models including infrastructure as a service (IAAS), platform as a service (PAAS), and software as a service (SAAS). It then covers security threats such as program threats from viruses, worms, and trojans, as well as system and network threats like denial of service attacks and port scanning. Finally, it discusses implementing security defenses through approaches like firewalls, intrusion detection, and vulnerability assessment.
Cloud Computing & Security
- 4. Cloud Computing “The use of computing recourses (hardware and software) that are delivered as a services over a network”
- 5. Models of Cloud Computing 1. Infrastructure as a service (IAAS) 2. Platform as a service (PAAS) 3. Software as a service (SAAS):
- 6. Diagram
- 7. 1. Infrastructure as a service (IAAS) Providing resources (memory, processing) as a service to the requesters is called Infrastructure as a service. Here cloud service providers only provide infrastructure while users have to their own OS + Software. For Example In hotel we take a hall and pay it, Decoration + Catering to guest our own.
- 8. 2. Platform as a service (PAAS) Providing environment or platform OS along with Infrastructure, as a service to the requesters is called as a Platform as a service. Here user have only a software. Example In hotel we take a marriage hall + decoration we pay and catering to guest our own.
- 9. 3.Software as a services (SAAS): Providing ready made software's along with infrastructure + platform OS to requesters as a service is called a Software as a service. Here user have all services Infrastructure + OS + Software Example In hotel we take a marriage hall, they also provide us decoration + catering we only pay on it.
- 10. Advantages Convenience. You can access your data anywhere you can connect to the Internet. Backups. You have a backup of your data in case your local computer crashes. Collaboration. With your permission, others can access, view, and modify your documents.
- 11. Disadvantages Storage limits. While your local hard drive may be able to hold 500GB or more of data, unfortunately a remote server may only allow you to freely store about 5GB. If you want more room, you’ll have to pay. Security breaches. Remember, I said that remote server security makes it harder, but not impossible, for hackers to reach your data. If there is a compromise of the server's) where your data is stored, your personal information may be exposed to the world. Slow speeds. Uploading and downloading of large documents may take a long time.
- 12. Topic 2 Security
- 13. Security The Security Problem Program Threats System and Network Threats Implementing Security Defenses
- 14. The Security ProblemThe Security Problem Security must consider external environment of the system, and protect the system resources Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security Attack can be accidental or malicious Easier to protect against accidental than malicious misuse
- 15. Security ViolationsSecurity Violations Categories Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking
- 16. Standard Security AttacksStandard Security Attacks
- 17. Program ThreatsProgram Threats Trojan Horse Code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users Spy ware, pop-up browser windows, covert channels Trap Door Specific user identifier or password that circumvents normal security procedures Could be included in a compiler Logic Bomb Program that initiates a security incident under certain circumstances Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers)
- 18. Program Threats (Cont.)Program Threats (Cont.) Viruses Code fragment embedded in legitimate program Very specific to CPU architecture, operating system, applications Usually borne via email or as a macro
- 19. System and Network ThreatsSystem and Network Threats Worms – use spawn mechanism; standalone program Internet worm Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs Grappling hook program uploaded main worm program Port scanning Automated attempt to connect to a range of ports on one or a range of IP addresses Denial of Service Overload the targeted computer preventing it from doing any useful work Distributed denial-of-service (DDOS) come from multiple sites at once
- 20. Implementing SecurityImplementing Security DefensesDefenses Defense in depth is most common security theory – multiple layers of security Security policy describes what is being secured Vulnerability assessment compares real state of system / network compared to security policy Intrusion detection endeavors to detect attempted or successful intrusions Signature-based detection spots known bad patterns Anomaly detection spots differences from normal behavior Can detect zero-day attacks False-positives and false-negatives a problem Virus protection Auditing, accounting, and logging of all or specific system or network activities
- 21. Fire walling to ProtectFire walling to Protect Systems and NetworksSystems and Networks A network firewall is placed between trusted and untrusted hosts The firewall limits network access between these two security domains Can be tunneled or spoofed Tunneling allows disallowed protocol to travel within allowed protocol (i.e. telnet inside of HTTP) Firewall rules typically based on host name or IP address which can be spoofed Personal firewall is software layer on given host Can monitor / limit traffic to and from the host Application proxy firewall understands application protocol and can control them (i.e. SMTP) System-call firewall monitors all important system calls and apply rules to them (i.e. this program can execute that system call)
- 23. The End