What Is Cloud Computing? A Beginner's Guide | Cloud Computing

 





Module Objectives

Cloud computing is an emerging technology that delivers computing services such as online business applications, online data storage, and webmail over the Internet. Cloud implementation enables a distributed workforce, reduces organization expenses, and provides data security, and so on. As many enterprises are adopting the cloud, attackers make cloud as their target of an exploit to gain unauthorized access to the valuable data stored in it. Therefore, one should perform cloud pen testing regularly to monitor its security posture.

This module starts with an overview of cloud computing concepts. It provides an insight into cloud computing threats and cloud computing attacks. Later, it discusses cloud computing security and the necessary tools. The module ends with an overview of pen-testing steps which an ethical hacker should follow to perform a security assessment of the cloud environment.

At the end of this module, you will be able to:

■    Describe cloud computing concepts

■    Understand cloud computing threats

■    Explain cloud computing attacks

■ Apply cloud computing security measures 

■ Use various cloud computing security tools

 ■ Perform cloud penetration testing


Cloud Computing Concepts

Cloud computing delivers various types of services and applications over the Internet. These services enable users to utilize software and hardware managed by third parties at remote locations. Some of the cloud service providers include Google, Amazon, and Microsoft.

This section introduces cloud computing, types of cloud computing services, separation of responsibilities, cloud deployment models, the NIST reference architecture, benefits, and the general benefits of cloud virtualization.


Introduction to Cloud Computing

Cloud computing is an on-demand delivery of IT capabilities in which IT infrastructure and applications are provided to subscribers as metered services over networks. Examples of cloud solutions include Gmail, Facebook, Dropbox, and Salesforce.com.

Characteristics of Cloud Computing

Discussed below are the characteristics of cloud computing that attract many businesses today to adopt cloud technology.

■ On-demand self-service: A type of service rendered by cloud service providers that allow provisions for cloud resources such as computing power, storage, network, etc., always on demand, without the need for human interaction with service providers.

■ Distributed storage: Distributed storage in the cloud offers better scalability, availability, and reliability of data. However, cloud distributed storage does have the potential for security and compliance concerns.

■ Rapid elasticity: The cloud offers instant provisioning of capabilities, to rapidly scale up or down, according to demand. To the consumers, the resources available for provisioning seem to be unlimited, and they can purchase in any quantity at any point of time.

■     Automated   management:   By   minimizing   the   user   involvement,   cloud   automation speeds up the process, reduces labor costs, and reduces the possibility of human error.

■ Broad network access: Cloud resources are available over the network and accessed through standard procedures, via a wide-variety of platforms, including laptops, mobile phones, and PDAs.

■ Resource pooling: The cloud service provider pools all the resources together to serve multiple customers in the multi-tenant environment, with physical and virtual resources dynamically assigned and reassigned on demand by the consumer of cloud.

■ Measured service: Cloud systems employ "pay-per-use" metering method. Subscribers pay for cloud services by monthly subscription or according to the usage of resources such as storage levels, processing power, bandwidth, and so on. Cloud service providers monitor, control, report, and charge consumption of resources by customers with complete transparency.

■    Virtualization technology: Virtualization technology in the cloud enables rapid scaling of resources in a way that non-virtualized environments could not achieve.

Limitations of Cloud Computing

■   Organizations have limited control and flexibility ■    Prone to outages and other technical issues ■    Security, privacy, and compliance issues

■    Contracts and lock-ins

■    Depends on network connections

Types of Cloud Computing Services

Cloud services are divided broadly into three categories:

■    Infrastructure-as-a-Service (laaS)

This cloud computing service enables subscribers to use on demand fundamental IT resources such as computing power, virtualization, data storage, network, and so on. This service provides virtual machines and other abstracted hardware and operating systems (OSs) which may be controlled through a service API. As cloud service providers are responsible for managing the underlying cloud-computing infrastructure, subscribers can avoid costs of human capital, hardware, and others (e.g., Amazon EC2, Go grid, Sungrid, Windows SkyDrive, Rackspace.com, etc.).

Advantages:

o Dynamic infrastructure scaling o Guaranteed uptime

o Automation of administrative tasks o Elastic load balancing (ELB)

o Policy-based services o Global accessibility Disadvantages:

o Software security is at high risk (third-party providers are more prone to attacks) o Performance issues and slow connection speeds

■ Platform-as-a-Service (PaaS)

This type of cloud computing service offers the platform for the development of applications and services. Subscribers need not to buy and manage the software and infrastructure underneath it but have authority over deployed applications and perhaps application hosting environment configurations. This offers development tools, configuration management, and deployment platforms on-demand that can be used by subscribers to develop custom applications (E.g., Intel MashMaker, Google App Engine, Force.com, Microsoft Azure, etc.). Advantages of writing applications in the PaaS environment includes dynamic scalability, automated backups, and other platform services, without the need to explicitly code for it.

Advantages:

o Simplified deployment

o Prebuilt business functionality 

o Lower risk

o Instant community

 o Pay-per-use model 

o Scalability


Disadvantages: 

o Vendor lock-in 

o Data privacy

o Integration with the rest of the system applications 

■ Software-as-a-Service (SaaS)

This cloud computing service offers application software to subscribers on demand over the Internet; the provider charges for it on a pay-per-use basis, by subscription, by advertising, or by sharing among multiple users (E.g. web-based office applications like Google Docs or Calendar, Salesforce CRM, Freshbooks, Basecamp, etc.).

Advantages:

o Low cost

o Easier administration o Global accessibility

o Compatible (no specialized hardware or software is required)


 Disadvantages:

o Security and latency issues

o Total dependency on the Internet

o Switching between SaaS vendors is difficult

Separation of Responsibilities in Cloud

In cloud computing, separation of responsibilities of subscriber and service provider is essential. Separation of duties prevents conflict of interest, illegal acts, fraud, abuse, and error, and helps in identifying security control failures, including information theft, security breaches, and evasion of security controls. It also helps in restricting the amount of influence held by any individual and ensures that there are no conflicting responsibilities.

Three types of cloud services exist laaS), PaaS, and SaaS. It is essential to know the limitations of each cloud service delivery model when accessing specific clouds and their models. The diagram above illustrates the separation of cloud responsibilities specific to service delivery models:

Cloud Deployment Models

Cloud  deployment  model  selection  is  based  on  the  enterprise  requirements.  One  can  deploy cloud services in different ways, according to the factors given below:

■   Where cloud computing services are hosted ■   Security requirements

■   Sharing cloud services

■   Ability to manage some or all of the cloud services

 ■    Customization capabilities

The four standard cloud deployment models are:

■    Public Cloud

In this model, the provider makes services such as applications, servers, and data storage available to the public over the Internet. In this model, the cloud provider is liable for the creation and constant maintenance of the public cloud and its IT resources. Public cloud services may be free or based on a pay-per-usage model (e.g., Amazon Elastic Compute Cloud (EC2), IBM's Blue Cloud, Google App Engine, Windows Azure Services Platform).

o Advantages:

•    Simplicity and efficiency

•    Lowcost

•    Reduced time (when server crashes, needs to restart or reconfigure cloud)

•    No maintenance (public cloud service is hosted off-site)

•    No contracts (no long-term commitments)


o Disadvantages:

•    Security is not guaranteed

•    Lack of control (third-party providers are in charge)

•    Slow speed (relies on Internet connections, data transfer rate is limited)

■ Private Cloud

A private cloud, also known as internal or corporate cloud, is a cloud infrastructure that a single organization operates solely. The organization can implement the private cloud within a corporate firewall. Organizations deploy private cloud infrastructures to retain full control over corporate data.

o Advantages:

•    Enhance security (services are dedicated to a single organization)

•    More control over resources (organization is in charge)

•    Greater performance (deployed within the firewall, therefore data transfer rates are high)

•    Customizable hardware, network, and storage performances (as the organization owns private cloud)

•    Sarbanes Oxley, PCI DSS, and HIPAA compliance data is much easier to attain

o Disadvantages:

•    Expensive

•    On-site maintenance

■ Community Cloud

It is a multi-tenant infrastructure shared among organizations from a specific community with common computing concerns such as security, regulatory compliance, performance requirements, and jurisdiction. The community cloud can be either on­ premises or off-premises and governed by the participated organizations or by a third- party managed service provider.

o Advantages:

•    Less expensive compared to the private cloud

•    Flexibility to meet the community's needs

•    Compliance with legal regulations

•    High scalability

•    Organizations can share a pool of resources and from anywhere via Internet


o Disadvantages:

•    Competition between consumers in usage of resources

•    No accurate prediction of required resources

•    Who is the legal entity in case of liability

•    Moderate security (other tenants may be able to access data)

•    Trust and security concerns between the tenants

■ Hybrid Cloud

It is a cloud environment comprised of two or more clouds (private, public, or community) that remain unique entities but bound together for offering the benefits of multiple deployment models. In this model, the organization makes available, manages some resources in-house, and provides other resources externally.

Example:  An  organization  performs  its  critical  activities  on  the  private  cloud  (such  as operational customer data) and non-critical activities on the public cloud.

o Advantages:

•    More scalable (contains both public and private clouds)

•    Offers both secure resources and scalable public resources

•    High level of security (comprises private cloud)

•    Allows to reduce and manage the cost as per the requirement

o Disadvantages:

•    Communication at the network level may be conflicted as it uses both public and private clouds

•    Difficult to achieve data compliance

•    Organization has to rely on the internal IT infrastructure for support to handle any outages (maintain redundancy across data centers to overcome)

•    Complex Service Level Agreements (SLAs)


NIST Cloud Deployment Reference Architecture

The slide provides an overview of the NIST cloud computing reference architecture, displaying the primary actors, their activities, and functions in cloud computing. The diagram above is a generic high-level architecture, intended for better understanding of uses, requirements, characteristics, and standards of cloud computing.

The five significant actors are:

■ Cloud consumer

A cloud consumer is a person or organization that maintains a business relationship with cloud service providers and uses cloud computing services. The cloud consumer browses the CSP*s service catalog requests for the desired services, sets up service contracts with the CSP (either directly or via cloud broker) and uses the service. The CSP will bill the consumer based on the services provided. The CSP should fulfill Service Level Agreement (SLA) in which the cloud consumer specifies the technical performance requirements such as quality of service, security, remedies for performance failure, etc. The CSP may also define limitations and obligations, if any that cloud consumer must accept. Services available to a cloud consumer in, PaaS, laaS, and SaaS models:

o  PaaS  -  database,  business  intelligence,  application  deployment,  development  and testing, and integration

o  laaS  -  storage,  services  management,  CDN  (content  delivery  network),  platform hosting, backup and recovery, and compute

o SaaS - human resources, ERP (Enterprise Resource Planning), sales, CRM (Customer Relationship Management), collaboration, document management, email and office productivity, content management, financials, and social networks.

■    Cloud Provider

A cloud provider is a person or organization who acquires and manages the computing infrastructure intended for providing services (directly or via a cloud broker) to interested parties via network access.

■    Cloud Carrier

A cloud carrier acts as an intermediary that provides connectivity and transport services between CSPs and cloud consumers. The cloud carrier provides access to consumers via a network, telecommunication, and other access devices.

■    Cloud Auditor

A cloud auditor is a party that performs an independent examination of cloud service controls with the intent of expressing an opinion thereon. Audits verify adherence to standards through a review of the objective evidence. A cloud auditor can evaluate the services provided by a cloud provider regarding security controls (management, operational, and technical safeguards intended to protect the confidentiality, integrity, and availability of the system and its information), privacy impact (comply with applicable privacy laws and regulations governing an individual's privacy), performance, and so on.

■    Cloud Broker

Integration of cloud services is becoming too complicated for cloud consumers to manage. Thus, a cloud consumer may request cloud services from a cloud broker, rather than directly contacting a CSP. The cloud broker is an entity that manages cloud services regarding use, performance, and delivery, and maintains the relationship between CSPs and cloud consumers.

Cloud brokers provide services in three categories: o Service Intermediation

Improves a given function by a specific capability and provides value-added services to cloud consumers.

o Service Aggregation

Combines and integrates multiple services into one or more new services, o Service Arbitrage

Similar to service aggregation, but here the services being aggregated are not fixed (cloud broker has the flexibility to choose services from multiple agencies).


Cloud Computing Benefits

■ Economic

o Business agility

o Less maintenance costs

o Acquire economies of scale

o Less capital expense

o Huge storage facilities for organizations

o Environmentally friendly

o Less tota I cost of ownersh ip

o Less power consumption

■ Operational

o Flexibility and efficiency

o Resiliency and redundancy o Scale as needed

o Less operational problems o Deploy applications quickly o Back up and disaster recovery o Automatic updates

■   Staffing

o Streamline processes 

o Well usage of resources

 o Less personnel training 

o Less IT Staff

o Multiple users utilize resources on cloud 

o Evolution of new model of business 

o Simultaneous sharing of resources

■   Security

o Less investment in security controls

o Efficient, effective, and swift response to security breaches

o Standardized, open interface to managed security services (MSS)

o Effective patch management and implementation of security updates

o Better disaster recovery preparedness

o Ability to dynamically scale defensive resources on demand

o  Resource  aggregation  offers  better  manageability  of  security  systems

o Rigorous internal audit and risk assessment procedures


Understanding Virtualization

Virtualization is the ability to run multiple OSs on a single physical system and share the underlying resources such as a server, a storage device, or network. It is the essential technology that powers cloud computing. Virtualization allows organizations to cut IT costs while enhancing the productivity, utilization, and flexibility of their existing computer hardware. Some of the virtualization vendors include VMware vCloud Suite, VMware vSphere, VirtualBox, Microsoft Virtual PC, etc. 

■   Types of Machines

o Physical Machine

The architecture of a physical machine consists of CPU, memory, NIC, disk, OS, etc. It consumes the complete existing physical resources.

o Virtual Machine

A virtual machine is a machine that sits on the standard physical resources. These machine have an advantage over physical machine since many OSs, memory allocation, etc. is possible over the existing physical resource. Virtual machines are used effectively in cloud computing environments.

■   Characteristics of virtualization in cloud computing technology

o Partitioning

The cloud supports many applications and multiple OSs in a single physical system by segregating the available resources.

o Isolation

Cloud isolates each virtual machine from its host physical system and other virtual machines, so that if one virtual machine fails it does not have any impact on the others as well as on the data sharing.

o Encapsulation

A virtual machine can be stored as a single file, and thus can be identified based on its service. Encapsulation protects each application from interfering with other applications.

■   Types of virtualization

o Storage Virtualization

It combines storage devices from multiple networks into a single storage device and helps in:

•    Expanding the storage capacity

•    Making changes to store configuration easy

o Network Virtualization

It combines all network resources, both hardware, and software into a single virtual network and is used to:

•    Optimize reliability and security

•    Improves network resource usage

o Server Virtualization

It  splits  a  physical  server  into  multiple  smaller  virtual  servers.  Storage  utilization  is used to:

•    Increase the space utilization

•    Reduces the hardware maintenance cost

■ Benefits of Virtualization in Cloud

o Increases business continuity through efficient disaster recovery

o Reduces cost of setting cloud infrastructure (coston hardware, servers, etc.)

o Improves the way organizations manage IT and deliver services

o Improves operational efficiency

o Reduces system administration work

o Facilitates better backup and data protection

o Increases service levels and enable self-service provisioning

o Helps administrators to ensure control and compliance


Cloud Computing Threats

Most organizations adopt the cloud technology, as it reduces the cost via optimized and efficient computing. Robust cloud technology offers different types of services to end users; many people are concerned about critical cloud security risks and threats, which an attacker may take as an advantage to compromise data security, gain illegal access of the network, and so on. This section deals with significant security threats and vulnerabilities affecting cloud systems.


Cloud Computing Threats

Discussed below are some threats to cloud computing:

■ Data Breach/Loss

An improperly designed cloud environment with multiple clients is at higher risk to a data breach as a flaw in one clients application could allow attackers to access other clients data. The risk of data leakage varies based on cloud architecture and operations. Data loss issues include:

o Data is erased, modified or decoupled (lost) o Encryption keys are lost, misplaced or stolen

o  Illegal  access  to  the  data  due  to  improper  authentication,  authorization,  and  access controls

o Misuse of data by CSP Cou nt er m ea su res:

o Encrypt the data stored in cloud and data in transit to protect its integrity o Implement strong key generation, storage, and management

o Check for data protection at both design and runtime ■   Abuse and Nefarious Use of Cloud services

Presence of weak registration systems in the cloud-computing environment gives rise to this threat. Attackers create anonymous access to cloud services and perpetrate various attacks such as password and critical cracking, building rainbow tables, CAPTCHA-solving farms, launching dynamic attack points, hosting exploits on cloud platforms, hosting malicious data, Botnet command or control, DDoS, etc.

Cou nt er m ea su res:

o Implement robust registration and validation process o Monitor the client's traffic for any malicious activities

■    Insecure Interfaces and APIs

Interfaces or APIs enable customers to manage and interact with cloud services. Cloud service models must be security integrated, and users must be aware of security risks in the use, implementation, and monitoring of such services. Following are some of the insecure interfaces and APIs risks:

o Circumvents user-defined policies o Is not credential leak proof

o Breach in logging and monitoring facilities o Unknown API dependencies

o Reusable passwords/tokens o Insufficient input-data validation

Countermeasures:

o Analyze the security model of cloud provider interfaces o Implement secure authentication and access controls

o  Encrypt  the  data  in  transit  and  understand  the  dependency  chain  associated  with the API

■    Insufficient Due Diligence

Ignorance of CSP's cloud environment pose risks in operational responsibilities such as security, encryption, incident response, and more such problems as contractual issues, design, and architectural issues, etc.

Countermeasure:

o  Organizations  that  intend  to  move  to  a  cloud  must  extensively  research  the  risks, CSP due diligence, and possess capable resources

■   Shared Technology Issues

laaS vendors share the infrastructure to deliver the services in a scalable way. Most underlying components that make up this infrastructure (e.g., GPU, CPU caches) do not offer substantial isolation properties in a multi-tenant environment, which enables attackers to attack other machines if they can exploit vulnerabilities in one clients applications. To address this gap, virtualization hypervisors mediate access between guest OSs and the physical resources that might contain loopholes that allow hackers to gain unauthorized control over the underlying platforms. Issues include Rutkowska's Red and Blue Pill exploits and Kortchinsky's CloudBurst presentations.

Co u nt er m ea su res:

o Implement security best practices for installation/configuration o Monitor environment for unauthorized changes/activity

o  Promote  secure  authentication  and  access  control  for  administrative  access  and operations

o  Enforce  service  level  agreements  for  patching  and  vulnerability  remediation o Conduct vulnerability scanning and configuration audits

■ Unknown Risk Profile

Software updates, threat analysis, intrusion detection, security practices, and various other components determine security posture of an organization. Client organizations are unable to get a clear picture of internal security procedures, security compliance, configuration hardening, patching, auditing, and logging, etc. as they are less involved with hardware and software ownership and maintenance in the cloud. However, organizations must be aware of issues such as internal security procedures, security compliance, configuration hardening, patching, and auditing and logging.


Countermeasures:

o Disclosure of applicable logs and data to customers

o  Partial/full  disclosure  of  infrastructure  details  (e.g.,  patch  levels,  firewalls) o Monitoring and alerting on necessary information

■ Unsynchronized System Clocks

This threat arises due to the failure of synchronizing clocks at the end systems. Unsynchronized clocks can affect the working of automated tasks. For example, if the cloud computing devices do not have synchronized time, then due to the inaccuracy of the time stamps the network administrator would be unable to analyze the log files for any malicious activity accurately. Unsynchronized clocks can cause various other problems, for example, in case of money transactions or database backups, the mismatched timestamp may result in creating a significant problem or discrepancies.

Cou nt er m ea su res:

o Use clock synchronization solution such as NTP (Network Time Protocol)

o Install a time server within an organization's firewall which results in minimizing the threats from the outside and maximizing the time accuracy on the network

o  Network  Time  System  can  also  be  used  to  synchronize  clocks  with  an  enterprise network server

■    Inadequate Infrastructure Design and Planning

An agreement between the Cloud Service Provider (CSP) and customer states the quality of service that the CSP offers such as downtime, physical and network-based redundancies, standard data backup, and restore processes, and availability periods.

At times, cloud service providers may not satisfy the rapid rise in demand due to a shortage of computing resources and/or poor network design (e.g., traffic flows through a single point, even though the necessary hardware is available) giving rise to unacceptable network latency or inability to meet agreed service levels.

Countermeasure:

o Forecast the demand and accordingly be prepared with the sufficient infrastructure

■    Conflicts between Client Hardening Procedures and Cloud Environment

Certain client hardening procedures may conflict with a cloud provider's environment, making their implementation impossible by the client. The reason for this is that, because a cloud is a multi-tenant environment, the colocation of many customers indeed causes conflict for the cloud providers, as customers' communication security requirements are likely to diverge from one another.

Countermeasure:

o   Set   clear   segregation   of   responsibilities   that   expresses   the   minimum   actions customers must undertake


■ Loss of Operational and Security Logs

The loss of operational logs makes it challenging to evaluate operational variables. The options for solving issues are limited when no data is available for analysis. The loss of security logs poses a risk for managing the implementation of the information security management program. Loss of security logs may occur in case of under-provisioning of storage.

Cou ntermeasu res:

o Implement effective policies and procedures

o Monitor operational and security logs on the regular basis 

■ Malicious Insiders

Malicious insiders are disgruntled current/former employees, contractors, or other business partners who have/had authorized access to cloud resources and could intentionally exceed or misuse that access to compromise the confidentiality, integrity, or availability of the organization's information. Malicious insiders who have authorized access to cloud resources can abuse their access to compromise the information available in the cloud. Threats include loss of reputation, productivity, and financial theft.

Cou ntermeasu res:

o  Enforce  strict  supply  chain  management  and  conduct  a  comprehensive  supplier assessment

o Specify human resource requirements as part of legal contracts

o  Require  transparency  in  overall  information  security  and  management  practices,  as well as compliance reporting

o Determine security breach notification processes 

■    Illegal Access to the Cloud

Weak  authentication  and  authorization  controls  could  lead  to  unlawful  access  thereby compromising confidential and critical data stored in the cloud.

o Enforce robust Information Security (IS) Policy and adhere to it

o Clients should be permitted to audit/review cloud providers IS policy and procedures 

■    Loss of Business Reputation due to Co-tenant Activities

This threat arises because of lack of resource isolation, lack of reputational isolation, vulnerabilities in the hypervisors, and others. Resources are shared in the cloud, thus the malicious activity of one co-tenant might affect the reputation of the other, resulting in poor service delivery, data loss, etc. that bring down organization's reputation.

o  Choose  a  well-known  and  efficient  cloud  service  provider  to  reduce  the  risk,  and ensure isolation of resources

■ Privilege Escalation

A mistake in the access allocation system such as coding errors, design flaws, and others can result in a customer, third party, or employee obtaining more access rights than required. This threat arises because of AAA (authentication, authorization, and accountability) vulnerabilities, user-provisioning and de-provisioning vulnerabilities, hypervisor vulnerabilities, unclear roles and responsibilities, misconfiguration, and others.

Countermeasures:

o Employ a good privilege separation scheme

o  Update  software  programs  on  regular  basis  to  fix  the  newly  discovered  privilege escalation vulnerabilities, if any

■ Natural Disasters

Based  on  geographic  location  and  climate,  data  centers  may  be  exposed  to  natural disasters such as floods, lightning, earthquakes, etc. that can affect the cloud services

Count er measures:

o Ensure that the organization is located in safe area o Maintain data backups at different locations

o  Implement  mitigation  measures  that  help  reduce  or  eliminate  your  long-term  risk from natural disasters

o Prepare an effective business continuity and disaster recovery plan 

■    Hardware Failure

Hardware failure such as switches, servers, routers, access points, hard disks, network cards, and processors in data centers can make cloud data inaccessible. The majority of hardware failures happen because of hard disk problems. Hard disk failures take a lot of time to track and fix because of their low-level complexities. Hardware failure can lead to the poor performance delivery to end users and can damage the business.

Count er measures:

o Implement and maintain physical security programs o Pre-installed standby hardware devices are a must

■   Supply Chain Failure

This threat arises because of incomplete and non-transparent terms of use, hidden dependency created by cross-cloud applications, inappropriate CSP selection, lack of supplier redundancy, and others. Cloud providers outsource certain tasks to third  parties. Thus, the security of the cloud is directly proportional to the security of each link and the extent of dependency on third parties. A disruption in the chain may lead to loss of data privacy and integrity, services unavailability, violation of SLA, economic and reputational losses failing to meet customer demand, and cascading failure.

Count er measures:

o Define a set of controls to mitigate supply-chain risks

o Develop a containment plan to restrict the damage caused by a counterparty that is trusted to fail

o   Create   visibility   mechanisms   to   find   when   elements   of   a   supply   chain   are compromised

o  Consider  procuring  third  parties  which  offer  information  on  the  security  posture  of counterparties

■    Modifying Network Traffic

In the cloud, the network traffic may be altered due to flaws during provisioning or de­ provisioning network, or vulnerabilities in communication encryption. Modification of network traffic may cause loss, alteration, or theft of confidential data and communications. This threat arises because of user-provisioning and de-provisioning vulnerabilities, communication encryption vulnerabilities, and so on.

Countermeasure:

o Perform network traffic analysis using tools to find abnormalities, if any 

■    Isolation Failure

Multi-tenancy and shared resources are the characteristics of cloud computing. Strong isolation or compartmentalization of storage, memory, routing, and reputation among different tenants is lacking. Because of isolation failure, attackers try to control operations of other cloud customers to gain illegal access to the data.

Count er measure:

o It is essential to keep memory, storage, and network access isolated 

■   Cloud Provider Acquisition

Acquisition of the cloud provider may increase the probability of tactical shift and may affect non-binding agreements at risk. This could make it difficult to cope up with the security requirements.

Countermeasure:

o  Be  tactful  while  choosing  a  cloud  provider;  prefer  a  reputed  and  popular  cloud service provider to avoid the risk

■ Management Interface Compromise

Customer management interfaces of cloud provider are accessible via the Internet and facilitate access to a large number of resources. This enhances the risk, particularly when combined with remote access and web browser vulnerabilities. This threat arises due to the improper configuration, system and application vulnerabilities, remote access to the management interface, and so on.

Countermeasure:

o It is essential to keep memory, storage, and network access isolated

o Use secure protocol to provide access to mitigate threats arising because of remote

access

o Regularly update the patches for web browser vulnerabilities ■    Network Management Failure

Poor     network     management     leads     to     network     congestion,     misconnection, misconfiguration, lack of resource isolation, etc., which affects services and security.

Countermeasure:

o Ensure that an adequate security policy is implemented o Use proactive network management techniques

o  Keep  updating  new  technologies  and  analyze  what  might  work  better  for  your organization

■   Authentication Attacks

Weak authentication mechanisms (weak passwords, re-use passwords, etc.) and inherent limitations of one-factor authentication mechanisms allow attacker to gain unauthorized access to cloud computing systems.

Countermeasure:

o Implement strong password policies and keep the passwords secure o Enforce two-factor authentication where required

■   VM-Level Attacks

Cloud computing extensively uses virtualization technologies offered by several vendors including VMware, Xen, Virtual box, and vSphere. Threats to these technologies arise because of vulnerabilities in the hypervisors.

Countermeasure:

o Employ IDS/IPS and implement firewall to mitigate known VM-level attacks 

■    Lock-in

The inability of the client to migrate from one cloud service provider to another or in­ house systems due to the lack of tools, procedures or standards data formats for data, application, and service portability. This threat is due to the inappropriate selection of   CSP, incomplete and non-transparent terms of use, lack of standard mechanisms, and so on.

Countermeasure:

o Using standardized cloud API cloud be beneficial ■    Licensing Risks

The organization may incur substantial licensing fee if the CSP charges the software deployed in the cloud on a per-instance basis. Therefore, the organization should always retain ownership over its software assets located in the cloud provider environment. Risks to licensing occur because of incomplete and non-transparent terms of use.

■    Loss of Governance

In using cloud infrastructures, customers give up control to cloud service providers regarding issues that could affect security. Also, SLAs may not offer a commitment on the part of the cloud provider to provide such services, thus leaving a gap in security defenses. This threat results from unclearness of roles and responsibilities, lack of vulnerability assessment process, conflicting promises in SLAs, no certification schemes, lack of jurisdiction, unavailability of the audit, and others.

Loss of governance results in noncompilence with security requirements, lack of confidentiality, integrity, and availability of data, poor performance and quality of service, and so on.

Countermeasure:

o  Workout  persistent  and  careful  efforts  for  execution  of  service-level  agreements (SLA)

■    Loss of Encryption Keys

The loss of encryption keys required for secure communication or systems access provides a potential attacker with the possibility to get unauthorized assets. This threat arises due to the poor management of keys and poor key generation techniques.

Countermeasures:

o Do not store the encryption keys alongside the encrypted data o Use strong algorithms such as AES and RSA to generate keys

■    Risks from Changes of Jurisdiction

Clouds may store the customer data in multiple jurisdictions, of which some may be high risk. Local authorities in high-risk countries (e.g., those without the rule of law, with an unpredictable legal framework and enforcement, with autocratic police states) could raid data centers; the data or information system could subject to enforced disclosure or seizure. Change in jurisdiction of the data leads to the risk, the data or information system is blocked or impounded by the government or other organization. Customers  should  consider  jurisdictional  ambiguities  before  adopting  a  cloud,  as  local  laws  of  a particular country for data storage could provide government access to private data.

Count er measure:

o Gain insight about the jurisdictions in which data may be stored and processed, and assess the risks, if any, in those jurisdictions

■    Undertaking Malicious Probes or Scans

Malicious  probes  or  scanning  allows  an  attacker  to  collect  sensitive  information  that may lead to loss of confidentiality, integrity, and availability of services and data.

Count er measure:

o  Deploy  various  security  mechanisms  such  as  firewalls,  intrusion  detection  systems, and others

■   Theft of Computer Equipment

Theft of equipment may occur due to inadequate controls on physical parameters such as smart card access at the entry etc. which may lead to loss of physical equipment and sensitive data.

Count er measure:

o  Enforce  physical  security  measures  such  as  hiring  security  guards,  CCTV  coverage, alarms, identity cards, and proper fencing

■    Cloud Service Termination or Failure

Termination of cloud service because of non-profitability or disputes might lead to data loss unless end-users protect themselves legally. Many factors, such as competitive pressure, lack of financial support, and inadequate business strategy, could lead to termination or failure of the cloud service.

This threat results in poor service delivery, loss of investment, and quality of service. Furthermore, failures in the services outsourced to the CSP may affect cloud customers' ability to meet its duties and commitments to its customers.

Count er measure:

o Ensure that the cloud providers define clear and auditable procedures for termination of the service. This service includes how the cloud provider will transfer data back to the customer and guarantee that all data is disposed of securely, according to the terms of agreement

■   Subpoena and E-Discovery

Customer data and services are subjected to a cease request from authorities or third parties. This threat occurs due to the improper resource isolation, data storage in multiple jurisdictions, and lack of insight on jurisdictions. 

Countermeasures:

o Carefully select the cloud service provider and ensure proper security is provided o Thoroughly review the service agreement. It should address records management

accessibility, customer support, legal policies, accountability, confidentiality, length of agreement, termination, and others

o Execute a coordinated eDiscovery plan o Contemplate an exit strategy

■ Improper Data Handling and Disposal

It is difficult to ascertain data handling and disposal procedures followed by CSPs due to limited access to cloud infrastructure. When clients request data deletion, data may not be truly wiped since:

o Multiple copies of data are stored but not available

o The disk to be destroyed might also contain the data of other clients

o Multi-tenancy and reuse of hardware resources in cloud keeps clients' data at risk Countermeasure:

o  Use  VPNs  to  secure  the  client's  data  and  ensure  that  data  is  completely  removed from the primary servers along with its replicas

■ Loss/Modification of Backup Data

Attackers might exploit vulnerabilities such as SQL injection and insecure user behavior (e.g., storing or reusing passwords) to gain illegal access to the data backups in the cloud. After gaining access, attackers might delete or modify the data stored in the databases. Lack of data restoration procedures in case of backup data loss keeps the service levels at risk.

Count er measure:

o Use appropriate data restoration procedures or tools to retrieve lost data 

■ Compliance Risks

Organizations that seek to obtain compliance to standards and laws may be at the risk if CSP cannot provide evidence of their compliance with the requirements, outsource cloud management to third parties and/or does not permit audit by the client. This threat is due to the lack of governance over audits and industry standard assessments. Thus, clients are not aware of the processes, procedures, and practices of providers in the areas of access, identity management, and segregation of duties.

Countermeasures:

o Cloud providers should ensure that clients' data is not compromised 

o Review cloud providers' internal audit processes


■ Economic Denial of Sustainability (EDoS)

The payment method in a cloud system is "No use, no bill": the CSP charges the customer according to the recorded data involved when customers make requests, the duration of requests, the amount of data transfer in the network, and the number of CPU cycles consumed. Economic denial of service destroys financial resources; in the worst case, this could lead to customer bankruptcy or another serious economic impact. If an attacker engages the cloud with a malicious service or executes malicious code that consumes a lot of computational power and storage from the cloud server, then the legitimate account holder is charged for this kind of computation until the primary cause of CPU usage is detected.

Count er measure:

o Use a reactive/on-demand, in-cloud eDDoS mitigation service (scrubber Service) to mitigate application- and network-layer DDoS attacks, making use of the client­ puzzle approach.


Cloud Computing Attacks

Though most organizations adopt cloud technologies, as they offer a wide variety of services with cost reduction, security is the most significant concern, as it depends on sharing. Security gaps and vulnerabilities of the underlying technologies can allow attackers to launch various types of cloud attacks, affecting confidentiality, integrity, and availability of resources and services in cloud systems. This section discusses different types of attacks on cloud systems. 


This section discusses following cloud computing attacks:

■    Service hijacking using social engineering attacks

■    Service hijacking using network sniffing

■   Session hijacking using XSS attack 

■   Session hijacking using session riding 

■    Domain Name System (DNS) attacks


Side channel attacks or cross-guest VM breaches

SQL injection attacks 

Cryptanalysis attacks 

Wrapping attack DoS and DDoS attacks

 Man-in-the-Cloud attack


Service Hijacking using Social Engineering Attacks

In account or service hijacking, an attacker steals a CSP's or client's credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilities. Using the stolen credentials, the attacker gains access to the cloud computing services and compromises data confidentiality, integrity, and availability.

Social engineering is a nontechnical kind of intrusion that relies heavily on human interaction and often involves tricking others to break routine security procedures. Attackers might target cloud service providers to reset passwords, or IT staff to access their cloud services to reveal passwords. Other ways to obtain passwords include password guessing, keylogging malware, implementing password-cracking techniques, sending phishing emails, and others. Social engineering attacks result in exposed customer data, credit-card data, personal information, business plans, staff data, identity theft, etc.

In the diagram above, the attacker first creates a fake cloud service login page and sends a malicious link to the cloud service user. The user on receiving the link, clicks on it and enters login credentials failing to notice it as a fake login page. When the user hits enter, the attacker receives login credentials of the user, and the page automatically redirects to the original cloud service login page. Now, the attacker uses the stolen user credentials to log in to the cloud service to perform various malicious activities.

Countermeasures:

■    Protect the credentials from being stolen

■    Do not share account credentials between users and services

■    Implement robust two-factor authentication mechanism wherever possible 

■   Train the staff to recognize social engineering attacks

■    Strictly follow the security policies framed

■    Use "least privilege" principles to restrict access to services

■    Divide responsibilities among cloud service provider's administrators and your administrators, this restricts free access to all security layers for others


Service Hijacking using Network Sniffing

Network sniffing involves interception and monitoring of network traffic sent between two cloud nodes. Unencrypted sensitive data (such as login credentials) during transmission across a network is at higher risk.

Attacker uses packet sniffers (e.g., Wireshark, Cain, and Abel) to capture sensitive data such as passwords, session cookies, and other web service-related security configuration such as the UDDI (Universal Description Discovery and Integrity), SOAP (Simple Object Access Protocol), and WSDL (Web Service Description Language) files.

In the diagram above, when the user enters login credentials to access cloud services. The attacker sniffs these login credentials/cookies during their transmission across a network using packet sniffers such as Wireshark, Capsa Network Analyzer, etc. The attacker then logs into cloud services via stolen credentials.

Countermeasures:

■    Encrypt sensitive data over the network 

■    Encrypt sensitive data in configuration files

 ■    Detect NICs running in promiscuous mode


Session Hijacking using cross-site scripting (XSS) Attack

An attacker implements cross-site scripting (XSS) to steal cookies used in user authentication process; this involves injecting malicious code into the website that is subsequently executed by the browser. Using the stolen cookies attacker exploits active computer sessions, thereby gaining unauthorized access to the data.

Note: Attacker can also predict or sniff session IDs.

In the diagram above, attacker hosts a web page with the malicious script on to the cloud server. When the user views the page hosted by the attacker, the HTML containing malicious script runs on the user's browser. The malicious script will collect user's cookies and redirects the user to the attacker's server; it also sends the request with the user's cookies. Countermeasures:

■ Using Secure Socket Layer (SSL), firewalls, antivirus, and code scanner might safeguard a cloud from session hijacking



Session Hijacking using Session Riding

Attackers exploit websites by engaging in cross-site request forgeries to transmit unauthorized commands. In session riding, attackers "ride" an active computer session by sending an email or tricking users to visit a malicious webpage, during login, to an actual target site. When users click the malicious link, the website executes the request as if the user had already authenticated it. Commands used include modifying or deleting user data, performing online transactions, resetting passwords, and others.

In the diagram above, the user logs into the trusted site and creates a new session. The server stores the session identifier for the session in a cookie in the web browser. Attacker lures the victim to visit a malicious website set up by him/her. The attacker then sends a request to the cloud server from the user's browser using a stolen session cookie.

Countermeasures:

■    Do not allow your browser and websites to save login details

■    Check the HTTP Referrer header and when processing a POST, ignore URL parameters


Domain Name System (DNS) Attacks

A domain name system (DNS) server translates a human-readable domain name (e.g., www.google.com) into a numerical IP address that routes communications between nodes. The attacker performs DNS attacks to obtain authentication credentials from Internet users.

Types of DNS Attacks:

■    DNS Poisoning: Involves diverting users to a spoofed website by poisoning the DNS server or the DNS cache on the user's system.

■    Cybersquatting: Involves conducting phishing scams by registering a domain name that is similar to a cloud service provider.

■    Domain Hijacking: Involves stealing a cloud service provider's domain name.

 ■    Domain Snipping: Involves registering an elapsed domain name.

In the diagram above, the attacker performs DNS cache poisoning, directing users to a fake website. Here, the user queries the internal DNS server for DNS information (e.g., what is the IP address of www.xCloud.com?). The internal DNS server then asks the respective cloud server for DNS information. At this point, attacker blocks the DNS response from the cloud server and sends DNS response with IP of a fake website to the internal DNS server. Thus, the internal DNS server cache updates itself with the IP of counterfeit websites and automatically directs the user to that website.

Countermeasures:

■    Using Domain Name System Security Extensions (DNSSEC) reduces the effects of DNS threats to some extent



Side Channel Attacks or Cross-guest VM Breaches

Attacker compromises the cloud by placing a malicious virtual machine near a target cloud server and then launch side channel attack. Inside channel attack, the attacker runs a virtual machine on the same physical host of the victim's virtual machine and takes advantage of shared physical resources (processor cache) to steal data (cryptographic key) from the victim. Side-channel attacks can be implemented by any co-resident user and are mainly due to the vulnerabilities in shared technology resources.

In the diagram above, an attacker compromises the cloud by placing malicious virtual machine (VM) near a target cloud server. Attacker runs the VM on the same physical host of the victim's VM and takes advantage of shared physical resources (processor cache), launches side-channel attacks (timing attack, data remanence, acoustic cryptanalysis, power monitoring attack, and differential fault analysis) to extract cryptographic keys/plain text secrets to steal the victim's credentials. The attacker then uses the stolen credentials to impersonate the victim.

Side Channel Attack Counter measures

■     Implement  virtual  firewall  in  the  cloud  server  back  end  of  the  cloud  computing;  this prevents attacker from placing malicious VM

■     Implement  random  encryption  and  decryption  (encrypts  data  using  RSA,  3DES,  AES algorithms)

■     Lockdown  OS  images  and  application  instances  to  prevent  compromising  vectors  that might provide access

■ Check for repeated access attempts to local memory and access from the system to any hypervisor processes or shared hardware cache by tuning and collecting local process monitoring data and logs for cloud systems

■ Code the applications and OS components in a way that they access shared resources like memory cache in a consistent and predictable way. This coding prevents attackers from collecting sensitive information such as timing statistics and other behavioral attributes


Structured Query Language (SQL) Injection Attacks

Structured Query Language (SQL) is a programming language meant for database management systems. In SQL injection attack, attackers target SQL servers running vulnerable database applications. Attackers insert malicious code (generated using special characters) into a standard SQL code to gain unauthorized access to a database and ultimately to other confidential information. It generally occurs when an application uses the input to construct dynamic SQL statements. Further attackers can manipulate the database contents, retrieve sensitive data, remotely execute system commands, or even take control of the web server for additional criminal activities.

In  the  diagram  above,  the  attacker  performs  SQL  injection  on  the  cloud  web  application accessed by the user and gains access to the sensitive information hosted on the cloud.

Countermeasures:

■ Use filtering techniques to sanitize the user input

■   Validate input length, range, format, and type

■    Regularly update and patch servers and applications

■    Use database monitoring technologies and Intrusion Prevention Systems (IPSs) 

■    Implement a cloud-based web application firewall


Cryptanalysis Attacks

Insecure or obsolete encryption makes cloud services susceptible to cryptanalysis. Data present in the cloud may be encrypted for the prevention from being read if accessed by malicious users. However, critical flaws in cryptographic algorithm implementations (e.g.: weak random number generation) might turn strong encryption to weak or broken, also there exist novel methods to break the cryptography. Partial information can also be obtained from encrypted data by monitoring clients' query access patterns and analyzing accessed positions.

Cryptanalysis Attack Countermeasures:

■ Use Random Number Generators that generate cryptographically secure random numbers to provide robustness to cryptographic material like Secure Shell (SSH) keys and Domain Name System Security Extensions (DNSSEC)

■    Do not use faulty cryptographic algorithms