Module Objectives
Cloud computing is an emerging technology that delivers computing services such as online business applications, online data storage, and webmail over the Internet. Cloud implementation enables a distributed workforce, reduces organization expenses, and provides data security, and so on. As many enterprises are adopting the cloud, attackers make cloud as their target of an exploit to gain unauthorized access to the valuable data stored in it. Therefore, one should perform cloud pen testing regularly to monitor its security posture.
This module starts with an overview of cloud computing concepts. It provides an insight into cloud computing threats and cloud computing attacks. Later, it discusses cloud computing security and the necessary tools. The module ends with an overview of pen-testing steps which an ethical hacker should follow to perform a security assessment of the cloud environment.
At the end of this module, you will be able to:
■ Describe cloud computing concepts
■ Understand cloud computing threats
■ Explain cloud computing attacks
■ Apply cloud computing security measures
■ Use various cloud computing security tools
■ Perform cloud penetration testing
Cloud Computing Concepts
Cloud computing delivers various types of services and applications over the Internet. These services enable users to utilize software and hardware managed by third parties at remote locations. Some of the cloud service providers include Google, Amazon, and Microsoft.
This section introduces cloud computing, types of cloud computing services, separation of responsibilities, cloud deployment models, the NIST reference architecture, benefits, and the general benefits of cloud virtualization.
Introduction to Cloud Computing
Cloud computing is an on-demand delivery of IT capabilities in which IT infrastructure and applications are provided to subscribers as metered services over networks. Examples of cloud solutions include Gmail, Facebook, Dropbox, and Salesforce.com.
Characteristics of Cloud Computing
Discussed below are the characteristics of cloud computing that attract many businesses today to adopt cloud technology.
■ On-demand self-service: A type of service rendered by cloud service providers that allow provisions for cloud resources such as computing power, storage, network, etc., always on demand, without the need for human interaction with service providers.
■ Distributed storage: Distributed storage in the cloud offers better scalability, availability, and reliability of data. However, cloud distributed storage does have the potential for security and compliance concerns.
■ Rapid elasticity: The cloud offers instant provisioning of capabilities, to rapidly scale up or down, according to demand. To the consumers, the resources available for provisioning seem to be unlimited, and they can purchase in any quantity at any point of time.
■ Automated management: By minimizing the user involvement, cloud automation speeds up the process, reduces labor costs, and reduces the possibility of human error.
■ Broad network access: Cloud resources are available over the network and accessed through standard procedures, via a wide-variety of platforms, including laptops, mobile phones, and PDAs.
■ Resource pooling: The cloud service provider pools all the resources together to serve multiple customers in the multi-tenant environment, with physical and virtual resources dynamically assigned and reassigned on demand by the consumer of cloud.
■ Measured service: Cloud systems employ "pay-per-use" metering method. Subscribers pay for cloud services by monthly subscription or according to the usage of resources such as storage levels, processing power, bandwidth, and so on. Cloud service providers monitor, control, report, and charge consumption of resources by customers with complete transparency.
■ Virtualization technology: Virtualization technology in the cloud enables rapid scaling of resources in a way that non-virtualized environments could not achieve.
Limitations of Cloud Computing
■ Organizations have limited control and flexibility ■ Prone to outages and other technical issues ■ Security, privacy, and compliance issues
■ Contracts and lock-ins
■ Depends on network connections
Types of Cloud Computing Services
Cloud services are divided broadly into three categories:
■ Infrastructure-as-a-Service (laaS)
This cloud computing service enables subscribers to use on demand fundamental IT resources such as computing power, virtualization, data storage, network, and so on. This service provides virtual machines and other abstracted hardware and operating systems (OSs) which may be controlled through a service API. As cloud service providers are responsible for managing the underlying cloud-computing infrastructure, subscribers can avoid costs of human capital, hardware, and others (e.g., Amazon EC2, Go grid, Sungrid, Windows SkyDrive, Rackspace.com, etc.).
Advantages:
o Dynamic infrastructure scaling o Guaranteed uptime
o Automation of administrative tasks o Elastic load balancing (ELB)
o Policy-based services o Global accessibility Disadvantages:
o Software security is at high risk (third-party providers are more prone to attacks) o Performance issues and slow connection speeds
■ Platform-as-a-Service (PaaS)
This type of cloud computing service offers the platform for the development of applications and services. Subscribers need not to buy and manage the software and infrastructure underneath it but have authority over deployed applications and perhaps application hosting environment configurations. This offers development tools, configuration management, and deployment platforms on-demand that can be used by subscribers to develop custom applications (E.g., Intel MashMaker, Google App Engine, Force.com, Microsoft Azure, etc.). Advantages of writing applications in the PaaS environment includes dynamic scalability, automated backups, and other platform services, without the need to explicitly code for it.
Advantages:
o Simplified deployment
o Prebuilt business functionality
o Lower risk
o Instant community
o Pay-per-use model
o Scalability
Disadvantages:
o Vendor lock-in
o Data privacy
o Integration with the rest of the system applications
■ Software-as-a-Service (SaaS)
This cloud computing service offers application software to subscribers on demand over the Internet; the provider charges for it on a pay-per-use basis, by subscription, by advertising, or by sharing among multiple users (E.g. web-based office applications like Google Docs or Calendar, Salesforce CRM, Freshbooks, Basecamp, etc.).
Advantages:
o Low cost
o Easier administration o Global accessibility
o Compatible (no specialized hardware or software is required)
Disadvantages:
o Security and latency issues
o Total dependency on the Internet
o Switching between SaaS vendors is difficult
Separation of Responsibilities in Cloud
In cloud computing, separation of responsibilities of subscriber and service provider is essential. Separation of duties prevents conflict of interest, illegal acts, fraud, abuse, and error, and helps in identifying security control failures, including information theft, security breaches, and evasion of security controls. It also helps in restricting the amount of influence held by any individual and ensures that there are no conflicting responsibilities.
Three types of cloud services exist laaS), PaaS, and SaaS. It is essential to know the limitations of each cloud service delivery model when accessing specific clouds and their models. The diagram above illustrates the separation of cloud responsibilities specific to service delivery models:
Cloud Deployment Models
Cloud deployment model selection is based on the enterprise requirements. One can deploy cloud services in different ways, according to the factors given below:
■ Where cloud computing services are hosted ■ Security requirements
■ Sharing cloud services
■ Ability to manage some or all of the cloud services
■ Customization capabilities
The four standard cloud deployment models are:
■ Public Cloud
In this model, the provider makes services such as applications, servers, and data storage available to the public over the Internet. In this model, the cloud provider is liable for the creation and constant maintenance of the public cloud and its IT resources. Public cloud services may be free or based on a pay-per-usage model (e.g., Amazon Elastic Compute Cloud (EC2), IBM's Blue Cloud, Google App Engine, Windows Azure Services Platform).
o Advantages:
• Simplicity and efficiency
• Lowcost
• Reduced time (when server crashes, needs to restart or reconfigure cloud)
• No maintenance (public cloud service is hosted off-site)
• No contracts (no long-term commitments)
o Disadvantages:
• Security is not guaranteed
• Lack of control (third-party providers are in charge)
• Slow speed (relies on Internet connections, data transfer rate is limited)
■ Private Cloud
A private cloud, also known as internal or corporate cloud, is a cloud infrastructure that a single organization operates solely. The organization can implement the private cloud within a corporate firewall. Organizations deploy private cloud infrastructures to retain full control over corporate data.
o Advantages:
• Enhance security (services are dedicated to a single organization)
• More control over resources (organization is in charge)
• Greater performance (deployed within the firewall, therefore data transfer rates are high)
• Customizable hardware, network, and storage performances (as the organization owns private cloud)
• Sarbanes Oxley, PCI DSS, and HIPAA compliance data is much easier to attain
o Disadvantages:
• Expensive
• On-site maintenance
■ Community Cloud
It is a multi-tenant infrastructure shared among organizations from a specific community with common computing concerns such as security, regulatory compliance, performance requirements, and jurisdiction. The community cloud can be either on premises or off-premises and governed by the participated organizations or by a third- party managed service provider.
o Advantages:
• Less expensive compared to the private cloud
• Flexibility to meet the community's needs
• Compliance with legal regulations
• High scalability
• Organizations can share a pool of resources and from anywhere via Internet
o Disadvantages:
• Competition between consumers in usage of resources
• No accurate prediction of required resources
• Who is the legal entity in case of liability
• Moderate security (other tenants may be able to access data)
• Trust and security concerns between the tenants
■ Hybrid Cloud
It is a cloud environment comprised of two or more clouds (private, public, or community) that remain unique entities but bound together for offering the benefits of multiple deployment models. In this model, the organization makes available, manages some resources in-house, and provides other resources externally.
Example: An organization performs its critical activities on the private cloud (such as operational customer data) and non-critical activities on the public cloud.
o Advantages:
• More scalable (contains both public and private clouds)
• Offers both secure resources and scalable public resources
• High level of security (comprises private cloud)
• Allows to reduce and manage the cost as per the requirement
o Disadvantages:
• Communication at the network level may be conflicted as it uses both public and private clouds
• Difficult to achieve data compliance
• Organization has to rely on the internal IT infrastructure for support to handle any outages (maintain redundancy across data centers to overcome)
• Complex Service Level Agreements (SLAs)
NIST Cloud Deployment Reference Architecture
The slide provides an overview of the NIST cloud computing reference architecture, displaying the primary actors, their activities, and functions in cloud computing. The diagram above is a generic high-level architecture, intended for better understanding of uses, requirements, characteristics, and standards of cloud computing.
The five significant actors are:
■ Cloud consumer
A cloud consumer is a person or organization that maintains a business relationship with cloud service providers and uses cloud computing services. The cloud consumer browses the CSP*s service catalog requests for the desired services, sets up service contracts with the CSP (either directly or via cloud broker) and uses the service. The CSP will bill the consumer based on the services provided. The CSP should fulfill Service Level Agreement (SLA) in which the cloud consumer specifies the technical performance requirements such as quality of service, security, remedies for performance failure, etc. The CSP may also define limitations and obligations, if any that cloud consumer must accept. Services available to a cloud consumer in, PaaS, laaS, and SaaS models:
o PaaS - database, business intelligence, application deployment, development and testing, and integration
o laaS - storage, services management, CDN (content delivery network), platform hosting, backup and recovery, and compute
o SaaS - human resources, ERP (Enterprise Resource Planning), sales, CRM (Customer Relationship Management), collaboration, document management, email and office productivity, content management, financials, and social networks.
■ Cloud Provider
A cloud provider is a person or organization who acquires and manages the computing infrastructure intended for providing services (directly or via a cloud broker) to interested parties via network access.
■ Cloud Carrier
A cloud carrier acts as an intermediary that provides connectivity and transport services between CSPs and cloud consumers. The cloud carrier provides access to consumers via a network, telecommunication, and other access devices.
■ Cloud Auditor
A cloud auditor is a party that performs an independent examination of cloud service controls with the intent of expressing an opinion thereon. Audits verify adherence to standards through a review of the objective evidence. A cloud auditor can evaluate the services provided by a cloud provider regarding security controls (management, operational, and technical safeguards intended to protect the confidentiality, integrity, and availability of the system and its information), privacy impact (comply with applicable privacy laws and regulations governing an individual's privacy), performance, and so on.
■ Cloud Broker
Integration of cloud services is becoming too complicated for cloud consumers to manage. Thus, a cloud consumer may request cloud services from a cloud broker, rather than directly contacting a CSP. The cloud broker is an entity that manages cloud services regarding use, performance, and delivery, and maintains the relationship between CSPs and cloud consumers.
Cloud brokers provide services in three categories: o Service Intermediation
Improves a given function by a specific capability and provides value-added services to cloud consumers.
o Service Aggregation
Combines and integrates multiple services into one or more new services, o Service Arbitrage
Similar to service aggregation, but here the services being aggregated are not fixed (cloud broker has the flexibility to choose services from multiple agencies).
Cloud Computing Benefits
■ Economic
o Business agility
o Less maintenance costs
o Acquire economies of scale
o Less capital expense
o Huge storage facilities for organizations
o Environmentally friendly
o Less tota I cost of ownersh ip
o Less power consumption
■ Operational
o Flexibility and efficiency
o Resiliency and redundancy o Scale as needed
o Less operational problems o Deploy applications quickly o Back up and disaster recovery o Automatic updates
■ Staffing
o Streamline processes
o Well usage of resources
o Less personnel training
o Less IT Staff
o Multiple users utilize resources on cloud
o Evolution of new model of business
o Simultaneous sharing of resources
■ Security
o Less investment in security controls
o Efficient, effective, and swift response to security breaches
o Standardized, open interface to managed security services (MSS)
o Effective patch management and implementation of security updates
o Better disaster recovery preparedness
o Ability to dynamically scale defensive resources on demand
o Resource aggregation offers better manageability of security systems
o Rigorous internal audit and risk assessment procedures
Understanding Virtualization
Virtualization is the ability to run multiple OSs on a single physical system and share the underlying resources such as a server, a storage device, or network. It is the essential technology that powers cloud computing. Virtualization allows organizations to cut IT costs while enhancing the productivity, utilization, and flexibility of their existing computer hardware. Some of the virtualization vendors include VMware vCloud Suite, VMware vSphere, VirtualBox, Microsoft Virtual PC, etc.
■ Types of Machines
o Physical Machine
The architecture of a physical machine consists of CPU, memory, NIC, disk, OS, etc. It consumes the complete existing physical resources.
o Virtual Machine
A virtual machine is a machine that sits on the standard physical resources. These machine have an advantage over physical machine since many OSs, memory allocation, etc. is possible over the existing physical resource. Virtual machines are used effectively in cloud computing environments.
■ Characteristics of virtualization in cloud computing technology
o Partitioning
The cloud supports many applications and multiple OSs in a single physical system by segregating the available resources.
o Isolation
Cloud isolates each virtual machine from its host physical system and other virtual machines, so that if one virtual machine fails it does not have any impact on the others as well as on the data sharing.
o Encapsulation
A virtual machine can be stored as a single file, and thus can be identified based on its service. Encapsulation protects each application from interfering with other applications.
■ Types of virtualization
o Storage Virtualization
It combines storage devices from multiple networks into a single storage device and helps in:
• Expanding the storage capacity
• Making changes to store configuration easy
o Network Virtualization
It combines all network resources, both hardware, and software into a single virtual network and is used to:
• Optimize reliability and security
• Improves network resource usage
o Server Virtualization
It splits a physical server into multiple smaller virtual servers. Storage utilization is used to:
• Increase the space utilization
• Reduces the hardware maintenance cost
■ Benefits of Virtualization in Cloud
o Increases business continuity through efficient disaster recovery
o Reduces cost of setting cloud infrastructure (coston hardware, servers, etc.)
o Improves the way organizations manage IT and deliver services
o Improves operational efficiency
o Reduces system administration work
o Facilitates better backup and data protection
o Increases service levels and enable self-service provisioning
o Helps administrators to ensure control and compliance
Cloud Computing Threats
Most organizations adopt the cloud technology, as it reduces the cost via optimized and efficient computing. Robust cloud technology offers different types of services to end users; many people are concerned about critical cloud security risks and threats, which an attacker may take as an advantage to compromise data security, gain illegal access of the network, and so on. This section deals with significant security threats and vulnerabilities affecting cloud systems.
Cloud Computing Threats
Discussed below are some threats to cloud computing:
■ Data Breach/Loss
An improperly designed cloud environment with multiple clients is at higher risk to a data breach as a flaw in one clients application could allow attackers to access other clients data. The risk of data leakage varies based on cloud architecture and operations. Data loss issues include:
o Data is erased, modified or decoupled (lost) o Encryption keys are lost, misplaced or stolen
o Illegal access to the data due to improper authentication, authorization, and access controls
o Misuse of data by CSP Cou nt er m ea su res:
o Encrypt the data stored in cloud and data in transit to protect its integrity o Implement strong key generation, storage, and management
o Check for data protection at both design and runtime ■ Abuse and Nefarious Use of Cloud services
Presence of weak registration systems in the cloud-computing environment gives rise to this threat. Attackers create anonymous access to cloud services and perpetrate various attacks such as password and critical cracking, building rainbow tables, CAPTCHA-solving farms, launching dynamic attack points, hosting exploits on cloud platforms, hosting malicious data, Botnet command or control, DDoS, etc.
Cou nt er m ea su res:
o Implement robust registration and validation process o Monitor the client's traffic for any malicious activities
■ Insecure Interfaces and APIs
Interfaces or APIs enable customers to manage and interact with cloud services. Cloud service models must be security integrated, and users must be aware of security risks in the use, implementation, and monitoring of such services. Following are some of the insecure interfaces and APIs risks:
o Circumvents user-defined policies o Is not credential leak proof
o Breach in logging and monitoring facilities o Unknown API dependencies
o Reusable passwords/tokens o Insufficient input-data validation
Countermeasures:
o Analyze the security model of cloud provider interfaces o Implement secure authentication and access controls
o Encrypt the data in transit and understand the dependency chain associated with the API
■ Insufficient Due Diligence
Ignorance of CSP's cloud environment pose risks in operational responsibilities such as security, encryption, incident response, and more such problems as contractual issues, design, and architectural issues, etc.
Countermeasure:
o Organizations that intend to move to a cloud must extensively research the risks, CSP due diligence, and possess capable resources
■ Shared Technology Issues
laaS vendors share the infrastructure to deliver the services in a scalable way. Most underlying components that make up this infrastructure (e.g., GPU, CPU caches) do not offer substantial isolation properties in a multi-tenant environment, which enables attackers to attack other machines if they can exploit vulnerabilities in one clients applications. To address this gap, virtualization hypervisors mediate access between guest OSs and the physical resources that might contain loopholes that allow hackers to gain unauthorized control over the underlying platforms. Issues include Rutkowska's Red and Blue Pill exploits and Kortchinsky's CloudBurst presentations.
Co u nt er m ea su res:
o Implement security best practices for installation/configuration o Monitor environment for unauthorized changes/activity
o Promote secure authentication and access control for administrative access and operations
o Enforce service level agreements for patching and vulnerability remediation o Conduct vulnerability scanning and configuration audits
■ Unknown Risk Profile
Software updates, threat analysis, intrusion detection, security practices, and various other components determine security posture of an organization. Client organizations are unable to get a clear picture of internal security procedures, security compliance, configuration hardening, patching, auditing, and logging, etc. as they are less involved with hardware and software ownership and maintenance in the cloud. However, organizations must be aware of issues such as internal security procedures, security compliance, configuration hardening, patching, and auditing and logging.
Countermeasures:
o Disclosure of applicable logs and data to customers
o Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls) o Monitoring and alerting on necessary information
■ Unsynchronized System Clocks
This threat arises due to the failure of synchronizing clocks at the end systems. Unsynchronized clocks can affect the working of automated tasks. For example, if the cloud computing devices do not have synchronized time, then due to the inaccuracy of the time stamps the network administrator would be unable to analyze the log files for any malicious activity accurately. Unsynchronized clocks can cause various other problems, for example, in case of money transactions or database backups, the mismatched timestamp may result in creating a significant problem or discrepancies.
Cou nt er m ea su res:
o Use clock synchronization solution such as NTP (Network Time Protocol)
o Install a time server within an organization's firewall which results in minimizing the threats from the outside and maximizing the time accuracy on the network
o Network Time System can also be used to synchronize clocks with an enterprise network server
■ Inadequate Infrastructure Design and Planning
An agreement between the Cloud Service Provider (CSP) and customer states the quality of service that the CSP offers such as downtime, physical and network-based redundancies, standard data backup, and restore processes, and availability periods.
At times, cloud service providers may not satisfy the rapid rise in demand due to a shortage of computing resources and/or poor network design (e.g., traffic flows through a single point, even though the necessary hardware is available) giving rise to unacceptable network latency or inability to meet agreed service levels.
Countermeasure:
o Forecast the demand and accordingly be prepared with the sufficient infrastructure
■ Conflicts between Client Hardening Procedures and Cloud Environment
Certain client hardening procedures may conflict with a cloud provider's environment, making their implementation impossible by the client. The reason for this is that, because a cloud is a multi-tenant environment, the colocation of many customers indeed causes conflict for the cloud providers, as customers' communication security requirements are likely to diverge from one another.
Countermeasure:
o Set clear segregation of responsibilities that expresses the minimum actions customers must undertake
■ Loss of Operational and Security Logs
The loss of operational logs makes it challenging to evaluate operational variables. The options for solving issues are limited when no data is available for analysis. The loss of security logs poses a risk for managing the implementation of the information security management program. Loss of security logs may occur in case of under-provisioning of storage.
Cou ntermeasu res:
o Implement effective policies and procedures
o Monitor operational and security logs on the regular basis
■ Malicious Insiders
Malicious insiders are disgruntled current/former employees, contractors, or other business partners who have/had authorized access to cloud resources and could intentionally exceed or misuse that access to compromise the confidentiality, integrity, or availability of the organization's information. Malicious insiders who have authorized access to cloud resources can abuse their access to compromise the information available in the cloud. Threats include loss of reputation, productivity, and financial theft.
Cou ntermeasu res:
o Enforce strict supply chain management and conduct a comprehensive supplier assessment
o Specify human resource requirements as part of legal contracts
o Require transparency in overall information security and management practices, as well as compliance reporting
o Determine security breach notification processes
■ Illegal Access to the Cloud
Weak authentication and authorization controls could lead to unlawful access thereby compromising confidential and critical data stored in the cloud.
o Enforce robust Information Security (IS) Policy and adhere to it
o Clients should be permitted to audit/review cloud providers IS policy and procedures
■ Loss of Business Reputation due to Co-tenant Activities
This threat arises because of lack of resource isolation, lack of reputational isolation, vulnerabilities in the hypervisors, and others. Resources are shared in the cloud, thus the malicious activity of one co-tenant might affect the reputation of the other, resulting in poor service delivery, data loss, etc. that bring down organization's reputation.
o Choose a well-known and efficient cloud service provider to reduce the risk, and ensure isolation of resources
■ Privilege Escalation
A mistake in the access allocation system such as coding errors, design flaws, and others can result in a customer, third party, or employee obtaining more access rights than required. This threat arises because of AAA (authentication, authorization, and accountability) vulnerabilities, user-provisioning and de-provisioning vulnerabilities, hypervisor vulnerabilities, unclear roles and responsibilities, misconfiguration, and others.
Countermeasures:
o Employ a good privilege separation scheme
o Update software programs on regular basis to fix the newly discovered privilege escalation vulnerabilities, if any
■ Natural Disasters
Based on geographic location and climate, data centers may be exposed to natural disasters such as floods, lightning, earthquakes, etc. that can affect the cloud services
Count er measures:
o Ensure that the organization is located in safe area o Maintain data backups at different locations
o Implement mitigation measures that help reduce or eliminate your long-term risk from natural disasters
o Prepare an effective business continuity and disaster recovery plan
■ Hardware Failure
Hardware failure such as switches, servers, routers, access points, hard disks, network cards, and processors in data centers can make cloud data inaccessible. The majority of hardware failures happen because of hard disk problems. Hard disk failures take a lot of time to track and fix because of their low-level complexities. Hardware failure can lead to the poor performance delivery to end users and can damage the business.
Count er measures:
o Implement and maintain physical security programs o Pre-installed standby hardware devices are a must
■ Supply Chain Failure
This threat arises because of incomplete and non-transparent terms of use, hidden dependency created by cross-cloud applications, inappropriate CSP selection, lack of supplier redundancy, and others. Cloud providers outsource certain tasks to third parties. Thus, the security of the cloud is directly proportional to the security of each link and the extent of dependency on third parties. A disruption in the chain may lead to loss of data privacy and integrity, services unavailability, violation of SLA, economic and reputational losses failing to meet customer demand, and cascading failure.
Count er measures:
o Define a set of controls to mitigate supply-chain risks
o Develop a containment plan to restrict the damage caused by a counterparty that is trusted to fail
o Create visibility mechanisms to find when elements of a supply chain are compromised
o Consider procuring third parties which offer information on the security posture of counterparties
■ Modifying Network Traffic
In the cloud, the network traffic may be altered due to flaws during provisioning or de provisioning network, or vulnerabilities in communication encryption. Modification of network traffic may cause loss, alteration, or theft of confidential data and communications. This threat arises because of user-provisioning and de-provisioning vulnerabilities, communication encryption vulnerabilities, and so on.
Countermeasure:
o Perform network traffic analysis using tools to find abnormalities, if any
■ Isolation Failure
Multi-tenancy and shared resources are the characteristics of cloud computing. Strong isolation or compartmentalization of storage, memory, routing, and reputation among different tenants is lacking. Because of isolation failure, attackers try to control operations of other cloud customers to gain illegal access to the data.
Count er measure:
o It is essential to keep memory, storage, and network access isolated
■ Cloud Provider Acquisition
Acquisition of the cloud provider may increase the probability of tactical shift and may affect non-binding agreements at risk. This could make it difficult to cope up with the security requirements.
Countermeasure:
o Be tactful while choosing a cloud provider; prefer a reputed and popular cloud service provider to avoid the risk
■ Management Interface Compromise
Customer management interfaces of cloud provider are accessible via the Internet and facilitate access to a large number of resources. This enhances the risk, particularly when combined with remote access and web browser vulnerabilities. This threat arises due to the improper configuration, system and application vulnerabilities, remote access to the management interface, and so on.
Countermeasure:
o It is essential to keep memory, storage, and network access isolated
o Use secure protocol to provide access to mitigate threats arising because of remote
access
o Regularly update the patches for web browser vulnerabilities ■ Network Management Failure
Poor network management leads to network congestion, misconnection, misconfiguration, lack of resource isolation, etc., which affects services and security.
Countermeasure:
o Ensure that an adequate security policy is implemented o Use proactive network management techniques
o Keep updating new technologies and analyze what might work better for your organization
■ Authentication Attacks
Weak authentication mechanisms (weak passwords, re-use passwords, etc.) and inherent limitations of one-factor authentication mechanisms allow attacker to gain unauthorized access to cloud computing systems.
Countermeasure:
o Implement strong password policies and keep the passwords secure o Enforce two-factor authentication where required
■ VM-Level Attacks
Cloud computing extensively uses virtualization technologies offered by several vendors including VMware, Xen, Virtual box, and vSphere. Threats to these technologies arise because of vulnerabilities in the hypervisors.
Countermeasure:
o Employ IDS/IPS and implement firewall to mitigate known VM-level attacks
■ Lock-in
The inability of the client to migrate from one cloud service provider to another or in house systems due to the lack of tools, procedures or standards data formats for data, application, and service portability. This threat is due to the inappropriate selection of CSP, incomplete and non-transparent terms of use, lack of standard mechanisms, and so on.
Countermeasure:
o Using standardized cloud API cloud be beneficial ■ Licensing Risks
The organization may incur substantial licensing fee if the CSP charges the software deployed in the cloud on a per-instance basis. Therefore, the organization should always retain ownership over its software assets located in the cloud provider environment. Risks to licensing occur because of incomplete and non-transparent terms of use.
■ Loss of Governance
In using cloud infrastructures, customers give up control to cloud service providers regarding issues that could affect security. Also, SLAs may not offer a commitment on the part of the cloud provider to provide such services, thus leaving a gap in security defenses. This threat results from unclearness of roles and responsibilities, lack of vulnerability assessment process, conflicting promises in SLAs, no certification schemes, lack of jurisdiction, unavailability of the audit, and others.
Loss of governance results in noncompilence with security requirements, lack of confidentiality, integrity, and availability of data, poor performance and quality of service, and so on.
Countermeasure:
o Workout persistent and careful efforts for execution of service-level agreements (SLA)
■ Loss of Encryption Keys
The loss of encryption keys required for secure communication or systems access provides a potential attacker with the possibility to get unauthorized assets. This threat arises due to the poor management of keys and poor key generation techniques.
Countermeasures:
o Do not store the encryption keys alongside the encrypted data o Use strong algorithms such as AES and RSA to generate keys
■ Risks from Changes of Jurisdiction
Clouds may store the customer data in multiple jurisdictions, of which some may be high risk. Local authorities in high-risk countries (e.g., those without the rule of law, with an unpredictable legal framework and enforcement, with autocratic police states) could raid data centers; the data or information system could subject to enforced disclosure or seizure. Change in jurisdiction of the data leads to the risk, the data or information system is blocked or impounded by the government or other organization. Customers should consider jurisdictional ambiguities before adopting a cloud, as local laws of a particular country for data storage could provide government access to private data.
Count er measure:
o Gain insight about the jurisdictions in which data may be stored and processed, and assess the risks, if any, in those jurisdictions
■ Undertaking Malicious Probes or Scans
Malicious probes or scanning allows an attacker to collect sensitive information that may lead to loss of confidentiality, integrity, and availability of services and data.
Count er measure:
o Deploy various security mechanisms such as firewalls, intrusion detection systems, and others
■ Theft of Computer Equipment
Theft of equipment may occur due to inadequate controls on physical parameters such as smart card access at the entry etc. which may lead to loss of physical equipment and sensitive data.
Count er measure:
o Enforce physical security measures such as hiring security guards, CCTV coverage, alarms, identity cards, and proper fencing
■ Cloud Service Termination or Failure
Termination of cloud service because of non-profitability or disputes might lead to data loss unless end-users protect themselves legally. Many factors, such as competitive pressure, lack of financial support, and inadequate business strategy, could lead to termination or failure of the cloud service.
This threat results in poor service delivery, loss of investment, and quality of service. Furthermore, failures in the services outsourced to the CSP may affect cloud customers' ability to meet its duties and commitments to its customers.
Count er measure:
o Ensure that the cloud providers define clear and auditable procedures for termination of the service. This service includes how the cloud provider will transfer data back to the customer and guarantee that all data is disposed of securely, according to the terms of agreement
■ Subpoena and E-Discovery
Customer data and services are subjected to a cease request from authorities or third parties. This threat occurs due to the improper resource isolation, data storage in multiple jurisdictions, and lack of insight on jurisdictions.
Countermeasures:
o Carefully select the cloud service provider and ensure proper security is provided o Thoroughly review the service agreement. It should address records management
accessibility, customer support, legal policies, accountability, confidentiality, length of agreement, termination, and others
o Execute a coordinated eDiscovery plan o Contemplate an exit strategy
■ Improper Data Handling and Disposal
It is difficult to ascertain data handling and disposal procedures followed by CSPs due to limited access to cloud infrastructure. When clients request data deletion, data may not be truly wiped since:
o Multiple copies of data are stored but not available
o The disk to be destroyed might also contain the data of other clients
o Multi-tenancy and reuse of hardware resources in cloud keeps clients' data at risk Countermeasure:
o Use VPNs to secure the client's data and ensure that data is completely removed from the primary servers along with its replicas
■ Loss/Modification of Backup Data
Attackers might exploit vulnerabilities such as SQL injection and insecure user behavior (e.g., storing or reusing passwords) to gain illegal access to the data backups in the cloud. After gaining access, attackers might delete or modify the data stored in the databases. Lack of data restoration procedures in case of backup data loss keeps the service levels at risk.
Count er measure:
o Use appropriate data restoration procedures or tools to retrieve lost data
■ Compliance Risks
Organizations that seek to obtain compliance to standards and laws may be at the risk if CSP cannot provide evidence of their compliance with the requirements, outsource cloud management to third parties and/or does not permit audit by the client. This threat is due to the lack of governance over audits and industry standard assessments. Thus, clients are not aware of the processes, procedures, and practices of providers in the areas of access, identity management, and segregation of duties.
Countermeasures:
o Cloud providers should ensure that clients' data is not compromised
o Review cloud providers' internal audit processes
■ Economic Denial of Sustainability (EDoS)
The payment method in a cloud system is "No use, no bill": the CSP charges the customer according to the recorded data involved when customers make requests, the duration of requests, the amount of data transfer in the network, and the number of CPU cycles consumed. Economic denial of service destroys financial resources; in the worst case, this could lead to customer bankruptcy or another serious economic impact. If an attacker engages the cloud with a malicious service or executes malicious code that consumes a lot of computational power and storage from the cloud server, then the legitimate account holder is charged for this kind of computation until the primary cause of CPU usage is detected.
Count er measure:
o Use a reactive/on-demand, in-cloud eDDoS mitigation service (scrubber Service) to mitigate application- and network-layer DDoS attacks, making use of the client puzzle approach.
Cloud Computing Attacks
Though most organizations adopt cloud technologies, as they offer a wide variety of services with cost reduction, security is the most significant concern, as it depends on sharing. Security gaps and vulnerabilities of the underlying technologies can allow attackers to launch various types of cloud attacks, affecting confidentiality, integrity, and availability of resources and services in cloud systems. This section discusses different types of attacks on cloud systems.
This section discusses following cloud computing attacks:
■ Service hijacking using social engineering attacks
■ Service hijacking using network sniffing
■ Session hijacking using XSS attack
■ Session hijacking using session riding
■ Domain Name System (DNS) attacks
Side channel attacks or cross-guest VM breaches
SQL injection attacks
Cryptanalysis attacks
Wrapping attack DoS and DDoS attacks
Man-in-the-Cloud attack
Service Hijacking using Social Engineering Attacks
In account or service hijacking, an attacker steals a CSP's or client's credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilities. Using the stolen credentials, the attacker gains access to the cloud computing services and compromises data confidentiality, integrity, and availability.
Social engineering is a nontechnical kind of intrusion that relies heavily on human interaction and often involves tricking others to break routine security procedures. Attackers might target cloud service providers to reset passwords, or IT staff to access their cloud services to reveal passwords. Other ways to obtain passwords include password guessing, keylogging malware, implementing password-cracking techniques, sending phishing emails, and others. Social engineering attacks result in exposed customer data, credit-card data, personal information, business plans, staff data, identity theft, etc.
In the diagram above, the attacker first creates a fake cloud service login page and sends a malicious link to the cloud service user. The user on receiving the link, clicks on it and enters login credentials failing to notice it as a fake login page. When the user hits enter, the attacker receives login credentials of the user, and the page automatically redirects to the original cloud service login page. Now, the attacker uses the stolen user credentials to log in to the cloud service to perform various malicious activities.
Countermeasures:
■ Protect the credentials from being stolen
■ Do not share account credentials between users and services
■ Implement robust two-factor authentication mechanism wherever possible
■ Train the staff to recognize social engineering attacks
■ Strictly follow the security policies framed
■ Use "least privilege" principles to restrict access to services
■ Divide responsibilities among cloud service provider's administrators and your administrators, this restricts free access to all security layers for others
Service Hijacking using Network Sniffing
Network sniffing involves interception and monitoring of network traffic sent between two cloud nodes. Unencrypted sensitive data (such as login credentials) during transmission across a network is at higher risk.
Attacker uses packet sniffers (e.g., Wireshark, Cain, and Abel) to capture sensitive data such as passwords, session cookies, and other web service-related security configuration such as the UDDI (Universal Description Discovery and Integrity), SOAP (Simple Object Access Protocol), and WSDL (Web Service Description Language) files.
In the diagram above, when the user enters login credentials to access cloud services. The attacker sniffs these login credentials/cookies during their transmission across a network using packet sniffers such as Wireshark, Capsa Network Analyzer, etc. The attacker then logs into cloud services via stolen credentials.
Countermeasures:
■ Encrypt sensitive data over the network
■ Encrypt sensitive data in configuration files
■ Detect NICs running in promiscuous mode
Session Hijacking using cross-site scripting (XSS) Attack
An attacker implements cross-site scripting (XSS) to steal cookies used in user authentication process; this involves injecting malicious code into the website that is subsequently executed by the browser. Using the stolen cookies attacker exploits active computer sessions, thereby gaining unauthorized access to the data.
Note: Attacker can also predict or sniff session IDs.
In the diagram above, attacker hosts a web page with the malicious script on to the cloud server. When the user views the page hosted by the attacker, the HTML containing malicious script runs on the user's browser. The malicious script will collect user's cookies and redirects the user to the attacker's server; it also sends the request with the user's cookies. Countermeasures:
■ Using Secure Socket Layer (SSL), firewalls, antivirus, and code scanner might safeguard a cloud from session hijacking
Session Hijacking using Session Riding
Attackers exploit websites by engaging in cross-site request forgeries to transmit unauthorized commands. In session riding, attackers "ride" an active computer session by sending an email or tricking users to visit a malicious webpage, during login, to an actual target site. When users click the malicious link, the website executes the request as if the user had already authenticated it. Commands used include modifying or deleting user data, performing online transactions, resetting passwords, and others.
In the diagram above, the user logs into the trusted site and creates a new session. The server stores the session identifier for the session in a cookie in the web browser. Attacker lures the victim to visit a malicious website set up by him/her. The attacker then sends a request to the cloud server from the user's browser using a stolen session cookie.
Countermeasures:
■ Do not allow your browser and websites to save login details
■ Check the HTTP Referrer header and when processing a POST, ignore URL parameters
Domain Name System (DNS) Attacks
A domain name system (DNS) server translates a human-readable domain name (e.g., www.google.com) into a numerical IP address that routes communications between nodes. The attacker performs DNS attacks to obtain authentication credentials from Internet users.
Types of DNS Attacks:
■ DNS Poisoning: Involves diverting users to a spoofed website by poisoning the DNS server or the DNS cache on the user's system.
■ Cybersquatting: Involves conducting phishing scams by registering a domain name that is similar to a cloud service provider.
■ Domain Hijacking: Involves stealing a cloud service provider's domain name.
■ Domain Snipping: Involves registering an elapsed domain name.
In the diagram above, the attacker performs DNS cache poisoning, directing users to a fake website. Here, the user queries the internal DNS server for DNS information (e.g., what is the IP address of www.xCloud.com?). The internal DNS server then asks the respective cloud server for DNS information. At this point, attacker blocks the DNS response from the cloud server and sends DNS response with IP of a fake website to the internal DNS server. Thus, the internal DNS server cache updates itself with the IP of counterfeit websites and automatically directs the user to that website.
Countermeasures:
■ Using Domain Name System Security Extensions (DNSSEC) reduces the effects of DNS threats to some extent
Side Channel Attacks or Cross-guest VM Breaches
Attacker compromises the cloud by placing a malicious virtual machine near a target cloud server and then launch side channel attack. Inside channel attack, the attacker runs a virtual machine on the same physical host of the victim's virtual machine and takes advantage of shared physical resources (processor cache) to steal data (cryptographic key) from the victim. Side-channel attacks can be implemented by any co-resident user and are mainly due to the vulnerabilities in shared technology resources.
In the diagram above, an attacker compromises the cloud by placing malicious virtual machine (VM) near a target cloud server. Attacker runs the VM on the same physical host of the victim's VM and takes advantage of shared physical resources (processor cache), launches side-channel attacks (timing attack, data remanence, acoustic cryptanalysis, power monitoring attack, and differential fault analysis) to extract cryptographic keys/plain text secrets to steal the victim's credentials. The attacker then uses the stolen credentials to impersonate the victim.
Side Channel Attack Counter measures
■ Implement virtual firewall in the cloud server back end of the cloud computing; this prevents attacker from placing malicious VM
■ Implement random encryption and decryption (encrypts data using RSA, 3DES, AES algorithms)
■ Lockdown OS images and application instances to prevent compromising vectors that might provide access
■ Check for repeated access attempts to local memory and access from the system to any hypervisor processes or shared hardware cache by tuning and collecting local process monitoring data and logs for cloud systems
■ Code the applications and OS components in a way that they access shared resources like memory cache in a consistent and predictable way. This coding prevents attackers from collecting sensitive information such as timing statistics and other behavioral attributes
Structured Query Language (SQL) Injection Attacks
Structured Query Language (SQL) is a programming language meant for database management systems. In SQL injection attack, attackers target SQL servers running vulnerable database applications. Attackers insert malicious code (generated using special characters) into a standard SQL code to gain unauthorized access to a database and ultimately to other confidential information. It generally occurs when an application uses the input to construct dynamic SQL statements. Further attackers can manipulate the database contents, retrieve sensitive data, remotely execute system commands, or even take control of the web server for additional criminal activities.
In the diagram above, the attacker performs SQL injection on the cloud web application accessed by the user and gains access to the sensitive information hosted on the cloud.
Countermeasures:
■ Use filtering techniques to sanitize the user input
■ Validate input length, range, format, and type
■ Regularly update and patch servers and applications
■ Use database monitoring technologies and Intrusion Prevention Systems (IPSs)
■ Implement a cloud-based web application firewall
Cryptanalysis Attacks
Insecure or obsolete encryption makes cloud services susceptible to cryptanalysis. Data present in the cloud may be encrypted for the prevention from being read if accessed by malicious users. However, critical flaws in cryptographic algorithm implementations (e.g.: weak random number generation) might turn strong encryption to weak or broken, also there exist novel methods to break the cryptography. Partial information can also be obtained from encrypted data by monitoring clients' query access patterns and analyzing accessed positions.
Cryptanalysis Attack Countermeasures:
■ Use Random Number Generators that generate cryptographically secure random numbers to provide robustness to cryptographic material like Secure Shell (SSH) keys and Domain Name System Security Extensions (DNSSEC)
■ Do not use faulty cryptographic algorithms