Cloud computing security

Editor's Notes

• #4: First part- intro about the architecture, infrastructure, characteristic of cloud computing.After that, explain about the security concerns of cloud computing
• #5: CC & Virtualization-buzz word in the world of web technologyCan access anywhere without no installationCentralized data storage and bandwidth
• #6: 1-monotholic2.Client server3.Web based4.SOA-serice oriented architecture: application to communicate over standard-based web protocols 2006-amazon web services 2007-resarch by google and ibm 2010-MS azure5.CC
• #7: Public clouds are run by third parties, and applications from different customers are likely to be mixed together on the cloud’s servers, storage systems, and networks. Public clouds are most often hosted away from customer premises, and they provide a way to reduce customer risk and cost by providing a flexible, even temporary extension to enterprise infrastructure.Private clouds are built for the exclusive use of one client, providing the utmost control over data, security, and quality of service. The company owns the infrastructure and has control over how applications are deployed on it. Private clouds may be deployed in an enterprise datacenter, and they also may be deployed at a co-location facility.Hybrid clouds combine both public and private cloud models. They can help to provide on-demand, externally provisioned scale. The ability to augment a private cloud with the resources of a public cloud can be used to maintain service levels in the face of rapid workload fluctuations.
• #8: Saas-broad market, most of the stuffs use by browser- SaaSUsers can access a software application hosted by the cloud vendor on pay-per-use basisIaas- hardware-server, storage
• #10: interxion1.Preventing data loss2. preventing outages3. keeping security up to dateAttack in cloudsMulti tanency and resource pooling modelsBased on the deployment models we choose, the problems or the component you have control over is different.Cloud computing runs on network infrastructure.so, it is open to network attack. some of the wellknown attacks are
• #14: Dos-Server can’t respond to normal userspurpose is to decrease server performance by using computational resources,Smurf attack- icmpflooding broadcast to a victim’s network using broadcast addressSyn- flood tcp/syn packets with a faked address, half-open connectionTeardrop-sending invalidpackets with overlapped ip fragment and crash the systemPrevent-setup firewall,IPS,switches,routers ,reduce the privileges of users
• #15: Man In the Middle attack refers to a technique where a malicious attacker splits a connection between two computers and rejoins the connections with the attackers own computer systemin this attack, the attacker takes over the role of a device between you and the system you are talking to. This device could be a router, where the attacker confuses the switch ARP table and has data destined for the router to be sent to her. Then she relays the data to the router.To prevent-use mutual authentication techniques such as PKI, one-time pads
• #16: It’s a diagnosis tool for network engineersmethods-install sniffing tool to network devices or programTo prevent: anti-sniffer software to find
• #17: Purpose is to find an active port Countermeasure -port scan attack detector and firewall
• #18: SOAP- envelope structured First, envelope with plain header and body requesting serverServer reply with header info and signatureHTTPS is hardly ever used when these methods of securing the data in transit are in place. It is also not very common for the whole request to be encrypted or signed because it can have an effect on performance.To fix this,  apply W3C’s “XML Signature Best Practices” and STAMP bit
• #19: Counter measure for this attack isauthenticity check for received messages.
• #20: Send email to customer every session ends with next login password