0115 966 7955 Today's Opening Times 10:00 - 20:00 (BST)

Incident Handling on Cloud Computing

Disclaimer: This dissertation has been submitted by a student. This is not an example of the work written by our professional dissertation writers. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.

Introduction

Cloud Computing

Cloud computing provides people the way to share distributed resources and services that belong to different organizations or sites.As cloud computing allocate the divided possessions by means of the systems in the released surroundings. That's why it creates the safety issues for us to expand the cloud computing application.

Cloud computing is explained by NIST as the representation for allow suitable, on demand arrangements for right to entry to a collective pool of settings the calculative

Possessions. All these like networks, servers, storage, application and services is continuously planned and free with less supervisory activities or cloud supplier communication. Cloud computing is taken as a innovative calculating concept up to now. It permitted the use of calculating communication with more than one stage of thoughts. The spot requirement of these services is offered online at fewer prices. Reason is that the insinuation for the high elasticity and accessibility. Cloud computing is the main topic which will be getting the good manner of concentration recently.

Cloud computing services gives advantages from financial systems of all range accomplished. With this the flexible utilization of possessions, occupation and others work competency.

However, cloud computing is an emerging forming of distributed computing that is still in its infancy.

The concept uses of its own all the levels of explanations and analysis. Most of the concepts has been written regarding cloud computing, its explanation. Its main aim is to search the major paradigm of the utilization and given that common classification for

Concepts and significant details of the services.

A public cloud is the major one which has the communication and other calculative possessions. This consists of making obtainable to the common people online. This is known by all the cloud servicer who is doing the marketing. It's by giving explanation of the outsider industries. On the other hand of the range is the confidential cloud. The confidential cloud is the one in which the calculating surroundings is generated completely for the industry. This can handled by industry or by the third party. This can be hosted under the industries information centre which is within or outside of it. The private cloud provides the industry a good control on the communication and calculative sources as compared to public cloud.

There is other operational models which lies between the private and public cloud. These are community cloud and hybrid cloud. The community cloud is mainly related to private cloud. On the other hand the communication and calculative sources will be mutual by various industries that are having a similar confidentiality and regulatory thoughts. Instead they are exclusively checking the one industry.

The hybrid cloud is mainly the blend of two or more than two clouds i.e. (private, community, or public) this

Become the uncommon bodies which are stringed to each other by harmonized or proprietary technology which allows interoperability. Same as the various operational models which impacts to the industrial range and organized surroundings. That's why this model gives assistance to the cloud which impacts it.

Three well-known and frequently-used service models are the following:

Software-as-a-Service. Software-as-a-Service (SaaS) is an on demand software services in which user gets access to the required software thorough some intermediate client like browser using internet. Software platform and relevant files are stored centrally. It drastically reduces the total cost of software for the user as it does not require user to incur any infrastructure cost which include hardware installation cost, maintenance cost and operating cost. Subscribers of these services are only given limited control related to the desired software including any preference selection and administrative setting. They do not have any control over the underlying cloud infrastructure.

Platform-as-a-Service. Platform-as-a-Service (PaaS) is an on demand platform delivery model. In this user is provided with the complete software platform which is used by the subscriber to develop and deploy software. It also result in considerable saving for the subscriber as he does not have to incur costs related to buying and managing of complicated hardware and software components required to support the software development platform. The special purpose development environment is tailored to the specific needs of the subscriber by the cloud service provider. Good enough controls are given to the subscriber to aid in smooth development of software.

Infrastructure-as-a-Service. Infrastructure-as-a-Service (IaaS) is an on demand infrastructure delivery services. In this host of computing servers, softwares, and network equipments are provided. This infrastructure is used to establish platform to develop and execute software. Subscriber can cut down his cost to bare minimum by avoiding any purchase of hardware and software components. Subscribers is given quite a lot of flexibility to choose various infrastructural components as per the requirements. Cloud subscriber controls the maximum security features.

Figure illustrates the differences in scope and control between the cloud subscriber and cloud provider.

Given central diagram shows the five conceptual layers of a cloud environment which apply to public clouds and other deployments models

The arrows at the left and right of the diagram denote the approximate range of the cloud provider's and user's scope and control over the cloud environment for each service model.

Cloud subscriber's extent of control over the system is determined by the level of support provided by the cloud provider. Higher the support by cloud provider lower is the scope and control of the subscriber. Physical elements of cloud environment are shown by two lower layers of the diagram. These physical elements are completely controlled by cloud provider irrespective of the service model.

The facility layer which is the lowest layer comprises of Heating, ventilation, air conditioning (HVAC), power, communications, and other aspects of the physical plant whereas hardware layers comprises of network , storage and other physical computing infrastructure elements

The logical elements of a cloud environment is denoted by other layers

The virtualized infrastructure layer lead to software components, such as hypervisors, virtual machines, virtual data storage, and supporting middleware elements required to setup a capable infrastructure to establish efficient computing platform

While virtual machine technology is commonly used at this layer, other means of providing the necessary software abstractions are not precluded. Similarly, the platform architecture layer entails compilers, libraries, utilities, and other software tools and development environments needed to implement applications. The application layer represents deployed software applications targeted towards end-user software clients or other programs, and made available via the cloud.

Iaas ans Paas as services are very close and difference between them is quite vague. Basically these are distinguished by the kind of support environment, level of support and control allocation between cloud subscriber and cloud provider.

Main thrust of cloud computing is not only limited to single organization but also extends as a vehicle for outsourcing various components as public cloud.

been to provide a vehicle for outsourcing parts of that environment to an outside party as a public cloud.

Through any outsource of information technology services, relates survived in relation to any connotation for system safety and isolation.

The main issue centres on the risks associated with moving important applications or data from within the confines of the Industries calculating centre which is of different other company (i.e. a public cloud). That is easily available to the normal people

Decreasing prise and increasing proficiency is the main concerns. These two are the chief inspirations for stepping towards the public cloud. On the other hand deceasing accountability for the safety should not depend on it. Finally the industry is responsible for all safety issues of the outsourced services. Observing and addressing the safety problems which go increase will be at the sight of industry. Some of the major issue like performances and accessibility. Because cloud computing brings with it new security challenges, it is essential for an organization to oversee and Administer in which manner the cloud servicer handles and prevent the computing environment and provides guarantee of safety.

Incidents

an event is any observable occurrence in a system or network. Events include a user connecting to a file, a server receiving a request for a Web page, a user sending electronic mail, and a firewall blocking a connection attempt. Unfavorable occasion are the one which has unhelpful results. For instance: crashes, network packet floods and unauthorized utilization. of system privileges, unauthorized access to sensitive data, and execution of malicious code that destroys data. A system safety occasion is actually a contravention or forthcoming danger of breach of system safety strategy, suitable utilization policies and modeled safety policies. The terminology for these incidents is helpful to the small business owner for understanding service and product offerings

Denial of Service- An attacker directs hundreds of external compromised workstations to send as many ping requests as possible to a business network, swamping the system.

Malicious Code- A worm is able to quickly infect several hundred workstations within an organization by taking advantage of a vulnerability that is present in many of the company's unpatched computers.

Unauthorized Access- An attacker runs a piece of “evil” software to gain access to a server's password file. The attacker then obtains unauthorized administrator-level access to a system and the sensitive data it contains, either stealing the data for future use or blackmailing the firm for its return.

Inappropriate Usage- An employee provides illegal copies of software to others through peer-to-peer file sharing services, accesses pornographic or hate-based websites or threatens another person through email.

Incident Handling:

Incident handling can be divided into six phases: preparation, identification, containment, eradication, recovery, and follow-up.

Step 1: Preparation: In the heat of the moment, when an incident has been discovered, decision-making may be haphazard. Software-as-a-Service (SaaS) is an on demand software services in which user gets access to the required software thorough some intermediate client like browser using internet. Software platform and relevant files are stored centrally. It drastically reduces the total cost of software for the user as it does not require user to incur any infrastructure cost which include hardware installation cost, maintenance cost and operating cost. Subscribers of these services are only given limited control related to the desired software including any preference selection and administrative setting. They do not have any control over the underlying cloud infrastructure.

Platform-as-a-Service.

Platform-as-a-Service (PaaS) is an on demand platform delivery model. In this user is provided with the complete software platform which is used by the subscriber to develop and deploy software. It also result in considerable saving for the subscriber as he does not have to incur costs related to buying and managing of complicated hardware and software components required to support the software development platform. The special purpose development environment is tailored to the specific needs of the subscriber by the cloud service provider. Good enough controls are given to the subscriber to aid in smooth development of software.

Infrastructure-as-a-Service.

Infrastructure-as-a-Service (IaaS) is an on demand infrastructure delivery services. In this host of computing servers, softwares, and network equipments are provided. This infrastructure is used to establish platform to develop and execute software. Subscriber can cut down his cost to bare minimum by avoiding any purchase of hardware and software components. Subscribers is given quite a lot of flexibility to choose various infrastructural components as per the requirements. Cloud subscriber controls the maximum security features.

Figure illustrates the differences in scope and control between the cloud subscriber and cloud provider.

Given central diagram shows the five conceptual layers of a cloud environment which apply to public clouds and other deployments models

The arrows at the left and right of the diagram denote the approximate range of the cloud provider's and user's scope and control over the cloud environment for each service model.

Cloud subscriber's extent of control over the system is determined by the level of support provided by the cloud provider. Higher the support by cloud provider lower is the scope and control of the subscriber. Physical elements of cloud environment are shown by two lower layers of the diagram. These physical elements are completely controlled by cloud provider irrespective of the service model. The facility layer which is the lowest layer comprises of Heating, ventilation, air conditioning (HVAC), power, communications, and other aspects of the physical plant whereas hardware layers comprises of network , storage and other physical computing infrastructure elements

The logical elements of a cloud environment is denoted by other layers

The virtualized infrastructure layer lead to software components, such as hypervisors, virtual machines, virtual data storage, and supporting middleware elements required to setup a capable infrastructure to establish efficient computing platform

While virtual machine technology is commonly used at this layer, other means of providing the necessary software abstractions are not precluded. Similarly, the platform architecture layer entails compilers, libraries, utilities, and other software tools and development environments needed to implement applications. The application layer represents deployed software applications targeted towards end-user software clients or other programs, and made available via the cloud.

Iaas ans Paas as services are very close and difference between them is quite vague. Basically these are distinguished by the kind of support environment, level of support and control allocation between cloud subscriber and cloud provider. Main thrust of cloud computing is not only limited to single organization but also extends as a vehicle for outsourcing various components as public cloud.

Delete the reason of the event. Position the latest clean back up (to prepare for the computer mending)

Step 5: Recovery: This phase ensures that the system is returned to a fully operational status. The following steps should be taken in the recovery phase: Restore the system.

Authenticate the machine

The machine will be re-established then there should be the process of verification of the operations. After this the machine should be reverse to its normal behaviour. Organisation can take decision on leaving the monitor offline when the system is operating and patches installation.

Watch the computer.

When the monitor is reverse to online, it start the system for backdoors which avoids findings.

Step 6: Follow-Up: This stage is significant for recognizing the message delivered and it will reduce the future happenings.

Build the explained event report and gives the duplicates to the management. The operating unit's IT security Officer and the Department of Commerce's IT Security Program Manager. Provide the optional alteration to the management.

Execute the accepted activities.

Post-Incident

If the organization has a post-incident lessons learned process, they may want the cloud vendor to be involved in this process. What agreements will the organization need with the cloud provider for the lessons learned process? If the cloud provider has a lessons learned process, does management have concerns regarding information reported or shared relating to the organization? The cloud vendor will not be able to see much of the company's processes, capabilities or maturity. The company may have concerns regarding how much of its internal foibles to share. If there are concerns, get agreement internally first, then negotiate them, if possible, and have them written into the contract. If the vendor will not or cannot meet the customer's process requirements, what steps will the organization need to take?

An IH team collects and analyzes incident process metrics for trend and process improvement purposes. Like any other organization, the cloud provider will be collecting objective and subjective information regarding IH processes. As NIST points out, the useof this data is for a variety of purposes, including justifying additional funding of the incident response team. Will the organization need this IH process metric data from the provider to enable a complete understanding of the integration area in case the organization ever has a need to bring the cloud function back in-house? Will the organization need this data for reporting and process improvement in general? The use of this data is also for understanding trends related to attacks targeting the organization. Would the lack of this attack trend data leave the organization unacceptably exposed to risk? Determine what IH process metric data is required by the team and write it into the contract.

The organization will need to decide if they require provisions with the cloud provider regarding their evidence retention policies. Will the vendor keep the evidence long enough to meet the organization's requirements? If not, will the organization need to bring the cloud vendor's evidence in-house? Will the vendor allow the customer to take custody of the evidence? If the vendor retains the evidence longer than the customer policies dictate does this work create risk for the customer? If so, what recourse does the customer have? Legal counsel will need to provide direction in this area in order to ensure compliance with laws for all jurisdictions.

Background:

Cloud computing has built on industry developments dating from the 1980s by leveraging outsourced infrastructure services, hosted applications and software as a service (Owens, 2010). In the all parts, the techniques used are not original.

Yet, in aggregate, it is something very different. The differences provide both benefits and problems for the organization integrating with the cloud. The addition of elasticity and pay-as-you-go to this collection of technologies makes cloud computing compelling to CIOs in companies of all sizes.

Cloud integration presents unique challenges to incident handlers as well as to those responsible for preparing and negotiating the contract for cloud services. The challenges are further complicated when there is a prevailing perception that the cloud integration is “inside the security Edge or the organisation has been stated in written that a agreement needed the supplier to be safe, this must be sufficient.

This sort of thinking may be naïve but, unfortunately, it is not rare. The cloud provider may have a great deal of built in security or they may not. Whether they do or not, incident handling (IH) teams will eventually face incidents related to the integration, necessitating planning for handling incidents in this new environment.

The impacts of cloud integration warrant a careful analysis by an organization before implementation. An introduction of a disruptive technology such as cloud computing can make both definition and documentation of services, policies, and procedures unclear in a given environment. The IH team may find that it is helpful to go through the same process that the team initially followed when establishing their IH capability.

Security Incident

The term 'security incident' used in this guideline refers to any incident related to information security. It refers to information leakage that will be undesirable to the interests of the Government or an adverse event in an information system and/or network that poses a threat to computer or network security in respect of availability, integrity and confidentiality. On the other hand, the worse incidents like natural calamity, power cuts and data line failure. . are not within the scope of this guideline, and should be addressed by the system maintenance and disaster recovery plan.

Examples of security incidents include: unauthorized access, unauthorized utilization of services, denial of resources, disruption of services, compromise of protected data / program / network system privileges, leaks of classified data in electronic form, malicious destruction or modification of data / information, penetration and intrusion, misuse of system resources, computer viruses and hoaxes, and malicious codes or scripts affecting networked systems.

Security Incident Handling

Security incident handlingis a set of continuous processes governing the activities before, during and after a security incident occurs. Security incident handling begins with the planning and preparing for the resources, and developing proper procedures to be followed, such as the escalation and security incident response procedures.

When a security incident is detected, security incident response is made by the responsible parties following the predefined procedures The safety events gave the response which is representing the actions accepted out to handle the safety events. These are mainly helpful to re-establish the common operations.

Specific incident response teams are usually established to perform the tasks of making security incident response.

When the incident is over, follow up actions will be taken to evaluate the incident and to strengthen security protection to prevent recurrence. The planning and preparation tasks will be reviewed and revised accordingly to ensure that there are sufficient resources (including manpower, equipment and technical knowledge) and properly defined procedures to deal with similar incidents in future.

Cloud Service

The outlook on cloud computing services can vary significantly among organizations, because of inherent differences These events as its main aim, assets held and open to the domestic risks faced and risk bearable.

For example, a government organization that mainly handles data about individual citizens of the country has different security objectives than a government organization that does not. Similarly, the security objectives of a government organization that prepares and disseminates information for public consumption are different from one that deals mainly with classified information for its own internal use. From a risk perspective, determining the suitability of cloud services for an organization is not possible without understanding the context in which the organization operates and the consequences from the plausible threats it faces.

The set of security objectives of an organization, therefore, is a key factor for decisions about outsourcing information technology services and, In specific, in order to make genuine decisions related to industries sources about the public cloud. The cloud calculating particular servicer and the service arrangements for the organization.

There are lot of things which works for one industry but not for other.

Not only this some pragmatic thoughtfulness. Many industries will not afford economically to save all calculative sources and possessions at all

highest degree possible and must prioritize available options based on cost as well as criticality and sensitivity.

When keeping the strong advantages of public cloud computing, it is indispensable to focus of safety. Significantly the safety of industry security goals is of major concern, so that the future decisions can be made accordingly. Finally the conclusion on the cloud computing rely on the risk analysis of the trade included.

Service Agreements

Specifications for public cloud services and service arrangements are generally called Service Level Agreements (SLAs). The SLA presents the thoughtfulness among the cloud subscriber and cloud provider related to the known range of services. This is to be delivered in the range that the servicer is not able to provide at different range defined. There are typical forms of a part of the different levels of services. The specific is the overall services contract or the services agreement.

The terms of service cover other important details such as licensing of services, criteria for acceptable use,

Provisional procrastination, boundaries of all responsibility, security policies and alterations in that period of service.

The main aim of this report is the period of SLA which is utilize for the services agreement in its entity. There are two types of SLAs exists: i.e. which is non defined and non negotiable contract the other is negotiated agreement.

Non-variable contracts is the many ways on the basis for the financial level which is enjoyed by the public cloud computing. The terms which are agreed fully by cloud provider but with some offerings, the service provider has also the capability to do the changes. Negotiated SLAs are more like traditional information technology outsourcing contracts.

These SLAs can be employed to deal with corporation's apprehension about technical controls, procedures, security procedures and privacy policy such as the vetting of employees,data ownership and exit rights, isolation of tenant applications, data encryption and segregation, tracking and reporting service effectiveness, compliance with laws and regulations (e.g., Federal

Information Security Management Act), and the deployment of appropriate products following international or national standards (e.g., Federal Information Processing Standard 140-2 for cryptographic modules).

A negotiated SLA for critical data and application might require an agency

A negotiated SLA is less cost effective because of the inherent cost of negotiation which can significantly disturb and have a negative impact on the economies of scale, which is main asset a non-negotiable SLA bring to the public cloud computing. Result of a negotiation is based on the size of the corporation and the magnitude of influence it can exert.

Irrespective of the type of SLA, it is very necessary to obtain pertinent legal and technical advice to make sure terms of service meets the need of the organization.

The Security Upside

While the biggest obstacle facing public cloud computing is security, the cloud computing paradigm provides opportunities for thinking out of the box solutions to improve overall security of the corporation. Small corporations are going to have the biggest advantage from the cloud computing services as small companies have limited staff and infrastructure support to compete with bigger organization on fronts of technology and economies of scale.

Potential areas of improvement where organizations may derive security benefits from transitioning to a public cloud computing environment include the following:

Staff Specialization.

Just like corporations with large-scale computing facilities, cloud providers provides an break to staff toto specialize in security, privacy, and other areas of high interest and concern to the organization. Increases in the scale of computing induce specialization, which in turn allows security staff to shed other duties and concentrate exclusively on security issues. Through increased specialization, there is an opportunity for staff members gain in-depth experience, take remedial actions, and make security improvements more readily than otherwise would be possible with a diverse set of duties.

Platform Strength. The structure of cloud computing platforms is typically more uniform than that of most traditional computing centers. Greater uniformity and homogeneity facilitate platform hardening and enable better automation of security management activities like configuration control, vulnerability testing, security audits, and security patching of platform components. Information assurance and security response activities also profit from a uniform, homogeneous cloud infrastructure, as do system management activities, such as fault management, load balancing, and system maintenance. Many cloud providers meet standards for operational compliance and certification in areas like healthcare (e.g., Health Insurance Portability and Accountability Act (HIPAA)), finance (e.g., Payment Card Industry Data Security Standard (PCI DSS)) and audit (e.g., Statement on Auditing Standards No. 70

Resource Availability. The scalability of the cloud computing facilities permits the greatest consideration. Unemployment and calamity healing capability is building into the cloud computing surroundings. The different sources ability would be utilizing for better flexibility while facing higher demands or divided rejection of servicer and for faster improvement from Severe events

When any event happens, the occasion survived again to collect the data. The large data is easily available with good explanation and less effect on construction. On the other hand the pliability might be having different results. For Instance: a non successful person divided the rejection of service attackers which can consume fast.

Support and Improvement.

The encouragement and revival strategy and processes of a cloud services might be better than that of the industry. In case the different duplicates are maintained in the assorted natural features can be healthier. Information stored within the cloud would be easily available which is easy to store and highly reliable. In different situation it proved to be maintained in a traditional information centre. In such situation, cloud services could means for offsite encouragement data collection. Mainly the network performance on the net and the usage of the data involved are preventing the issue which impacted the re-establishment. The structure of a cloud solution spreads to the consumer at the service endpoints. This utilizes to access the hosted submission. Cloud consumer is based on browser and on application. However the main calculative sources need to be held by the cloud provider. Consumer is normally low weight calculation and easily handled. The laptops, notebook and net books are well embedded devices like smart mobile phones, tablets and personal digital help.

Information Awareness.

Information prepared and developed in the cloud would be able to show low risk to the industry. There are lot of risk involved in the industry, different information are transferring on various systems. Portable systems or transferrable media is out in the field, where the loss of devices and theft occurs frequently. Many industries have made the evolution to handle the availability to the industry. So many industries have already made the evolution to hold the availability to the organizational information.

In addition to calculating the stage or alternative for domestic submission and public cloud services like target on providing security and safety to other calculating surroundings.

Information Midpoint Familiarize.

Cloud services would be able to utilize the safety information centres. For instance: e-mail can be transmitted to a cloud provider through mail exchange (MX) records, which is examined and analyzed.

Combined including same transactions with the other information and centre to find out all junk, phishing and malware to check out.

The corrective actions are more explained than any one industry. The scholars also have the demonstration proofs to a system infrastructure. In order to provide the cloud based virus hitter services, which is actual a host based antivirus solutions. Cloud gets used of. Cloud reverses proxy the system which are not available that makes the creative availability to a SaaS surroundings, yet developed the information storage in the surroundings in decoded formation. Cloud based identity supervision services also exist. These could be utilizes to add or remove the industry directory services for knowing and true of users of the cloud.

The Security Downside

Besides its many potential benefits for security and privacy, public cloud computing also brings Including all the strong area of relations, when related to calculating surroundings maintained in traditional information centres. There are lot of primary issues which includes the following

System Complexity. The public cloud calculating surroundings is highly complicated as compared to that of a traditional informational centre. All the things contains a public cloud, which has consequences of a large attacked base.

In addition to all the mechanism for normal calculating, like operational submission, effective machine systems, guest practical machines, information storage and political middleware there are lot of things that contains the management backplane, like as which are self-service, source calculation and data duplication and revival work load.

Management and cloud bursting Cloud services themselves may also be realized through nesting and layering with services from other cloud providers.

Mechanism changes over the time to promote and attribute the betterment occur and perplexing matter further. Safety relies not on accuracy and effectiveness of many things but also on the communication between them. There is various probabilities of communications among the component increases as the four sided figure of the number of components. But also on the communication exists between them. Complications mainly relate indirectly to the safety with higher complications which gives rises to the defenceless.

Shared Multi-tenant Environment. Public cloud services offer by providing the complicated fundamental critical. It gives access to the industries which normally shares the things and sources with different subscriber which is not known. Threats to network and computing infrastructures continue to increase each year and have become more sophisticated.

Sharing the infrastructure with unknown areas which is the important limitations for some components requires a high level of assurance for the strength of the security mechanisms used for logical separation. It's not a exceptional for cloud calculating, rational parting is a non-trivial issues that is aggravated by the range of cloud computing. Availability to industrial information and sources could unintentionally be uncovered to various subscribers with a setting or software mistakes. The aggressor could also pose as a subscriber to utilize vulnerabilities from within the cloud surroundings to gain illegal access.

Internet-facing Services. The government cloud services will be provided on the net. This represents both administrative boundaries which is used for self-service. This interfaces for the utilization and application availability for other available services. There is information which confines the industry intranet. This is transferred to the cloud but now it has faced increased risk with. Network threats that were previously defended against at the perimeter of the organization's intranet and from new threats that target the exposed interfaces.

The result is rather equivalent with the enclosure of wireless admittance. The points within the association's intranet at begin of the expertise. It needs the different administrative availability as the simple means to set the assets. With this the administrative availability to the stations can be avoided. Move about to the government cloud needs a migration of control the cloud provider on the data.

A couple of noteworthy instances have already occurred that give a sense of what might be expected in the future

Botnets. In various methods, the botnets combined and handled by the hackers which is an early form of cloud computing. Decrease in the prise, self-motivated processes, redundancy, safety and various other traits of cloud computing will be applicable. Botnets mainly used to send spam and launching cringe which attack websites. Botnets may be used to see the denial of servicer attacked by the structure of a cloud provider. There is a probability that a cloud servicer could check from where the error arises. In the year 2009, the operating command is controlled within the IaaS cloud.

Instrumental Cracking. WiFi Protected Access (WPA) Cracker, a cloud service apparently from diffusion checking. It's an instance of attaching cloud sources on command to identify the decoded password. This is used by the wireless network. In the cloud calculations, the work that takes more than five four days to operate on the same systems takes only 20-30 minutes. It's mainly a group of 500-600 practical systems. Reason is that this mechanism is highly used for authentication. This method is effect less, less effective with the accessibility of cryptographic keys which cracks the cloud services. All the types systems are possible. . CAPTCHA cracking is another area where cloud services could be applied to bypass verification meant to thwart abusive use of Internet services by automated software

Data Protection

Data stored in the cloud typically resides in a shared environment collocated with data from other customers. Industrial running susceptibility and synchronized information in the cloud, that's why it must have an account by the different means. The availability of the information is handled and information is kept safe.

Data Isolation.

Information can be of any form For example, for cloud-based application development, it includes the application programs, scripts, and configuration settings, along with the development tools. For deployed applications, it includes records and other content created or used by the applications, as well as account information about the users of the applications. Access controls are one means to keep data away from unauthorized users;

Encryption is different.

Access controls are typically identity-based, which makes authentication of the user's identity an important issue in cloud computing.

Database environments used in cloud computing can vary significantly. For example, some environments support a multi-instance model, while others support a multi-tenant model. The former provide a unique database management system running on a virtual machine instance for each cloud subscriber, giving the subscriber complete control over role definition, user authorization, and other administrative tasks related to security. The latter provide a predefined environment for the cloud subscriber that is shared with other tenants, typically through tagging data with a subscriber identifier. Tagging gives the appearance of exclusive use of the instance, but relies on the cloud provider to establish and maintain a sound secure database environment.

Various types of multi-tenant arrangements exist for databases. Each arrangement pools resources differently, offering different degrees of isolation and resource efficiency. Other contemplation is also applicable

For example, certain features like data encryption are only viable with arrangements that use separate rather than shared databases. These sorts of tradeoffs require careful evaluation of the suitability of the data management solution for the data involved. Requirements in certain fields, such as healthcare, would likely influence the choice of database and data organization used in an application. Privacy sensitive information, in general, is a serious concern.

Data must be secured while at rest, in transit, and in use, and access to the data must be controlled. Standards for communications protocols and public key certificates allow data transfers to be protected using cryptography. Procedures for protecting data at rest are not as well standardized, however, making interoperability an issue due to the predominance of proprietary systems. The lack of interoperability affects the availability of data and complicates the portability of applications and data between cloud providers.

Currently, the responsibility for cryptographic key management falls mainly on the cloud service subscriber. Key generation and storage is usually performed outside the cloud using hardware security modules, which do not scale well to the cloud paradigm. NIST's Cryptographic Key Management Project is identifying scalable and usable cryptographic key management and exchange strategies for use by government, which could help to alleviate the problem eventually. Protecting data in use is an emerging area of cryptography with little practical results to offer, leaving trust mechanisms as the main safeguard.

Data Sanitization. The data sanitization practices that a cloud provider implements have obvious implications for security. Sanitization is the removal of sensitive data from a storage device in various situations, such as when a storage device is removed from service or moved elsewhere to be stored. Data sanitization also applies to backup copies made for recovery and restoration of service, and also residual data remaining upon termination of service. In a cloud computing environment, data from one subscriber is physically commingled with the data of other subscribers, which can complicate matters. For instance, many examples exist of researchers obtaining used drives from online auctions and other sources and recovering large amounts of sensitive information from them. With the proper skills and equipment, it is also possible to recover data from failed drives that are not disposed of properly by cloud providers.

Incident Response

As the name implies, incident response involves an organized method for dealing with the consequences of an attack against the security of a computer system. The cloud computing service provider plays a vital role as far as incident response activities are concerned. Incident response activities include data collection, verification, analysis containment and restoration of system after a fault is detected.Before transitioning from conventional application and data to a cloud computing environment, it is very important for an organization to revise companywide incident response plan to accommodate the gaps in business handling process generated by cloud computing environment.

Collaboration between the service subscriber and provider in recognizing and responding to an incident is essential to security and privacy in cloud computing. The complexity of the service can obscure recognition and analysis of incidents. For example, it reportedly took one IaaS provider approximately eight hours to recognize and begin taking action on an apparent denial of service attack against its cloud infrastructure, after the issue was reported by a subscriber of the service. Understanding and negotiating the provisions and procedures for incident response should be done before entering a service contract, rather than as an afterthought. The geographic location of data is a related issue that can impede an investigation, and is a relevant subject for contract discussions.

Response to an incident should be handled in a way that limits damage and reduces recovery time and costs. Being able to convene a mixed team of representatives from the cloud provider and service subscriber quickly is an important facet to meeting this goal. Remedies may involve only a single party or require the participation of both parties. Resolution of a problem may also affect other subscribers of the cloud service. It is important that cloud providers have a transparent response process and mechanisms to share information with their subscribers during and after the incident.

Some of the threats in cloud computing

1.Abuse and Nefarious Use of Cloud Computing

IaaS providers offer their customers the illusion of unlimited compute, network, and storage capacity often Binded with hassle free registration process which require a simple form and a credit card on the part of user before allowing him to use cloud services. To encourage users cloud providers also offer free trail period. These checks free registration process sometime gives strength to spammers and hackers to misuse the system and perform illegal activities without any fear.

PaaS service providers are most affected due to the attacks lodged by hacker and spammers however it has been lately observed that IaaS vendor are doing no better when it comes to tackling with hackers and spammers. In future various types of attacks are raising their head like a black cobra. Various new threats include building rainbow tables, key cracking, botnet command and control, hosting malicious data etc

Impact

Criminals continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their activities. Main reasons why cloud computing provider are hot on the attack list of spammers includes relative weak registration process and limited fraud detection capability.

Examples

IaaS offerings have hosted the Zeus botnet, InfoStealer trojan horses, and downloads for Microsoft Office and Adobe PDF exploits. IaaS servers has always been favourite destinations to implement command and control functions. To deal with spam, which had been biggest problem faced by an IaaS servers, blacklisting of blocks of ip address related to IaaS network is done as defeninve measure.

Solution

Stringent preliminary registration and corroboration processes.

Better credit card fraud supervising and synchronization. Complete inward analyses of customer network traffic. Check on public blacklists for personal network blocks

2. Insecure Interfaces and APIs

vulnerable Interfaces and APIs exposition of critical software interfaces and APIs which is used by customers to run and bind with cloud services

Administration, grouping and supervising are all performed using these interfaces. Three basic APIs defines the security and accessibility of broad cloud services.

From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.

These interfaces are often build upon by organizations and third parties to provide value-added services to the customers. This adds on another layers complex API along with probability that it may require organization to post their credentials in front of the third party.

Impact

It is very important for consumers to understand the consequences, as far as security, of management and usage of cloud services, even if providers do everything they can to well integrate security features into their cloud services models.

Various issues related to accessibility, responsibility and truthfulness comes up if weak set of interfaces and APIs are relied upon.

Examples

Anonymous access and/or reusable tokens or passwords, clear-text authentication or transmission of content, inflexible right of entry controls or unacceptable permission, incomplete checking and sorting abilities, unidentified service or API dependence.

Remediation

Remediation understand the security model of cloud provider boundary. Guarantee strong verification and admission controls are in place with encrypted transmission.

Appreciate the reliance chain linked with the API.

Malicious Insiders

The threat of a malicious insider is well-known to most organizations.

Convergence of IT services and clients beneath a mono managerial domain along with general lack of lucidity in the provider process and policies has augmented the threat of malicious insider.

For example, a provider may not disclose level of access a employees may have to various physical and virtual assets, information related to screening of employees or the way reports or policy is made and reviewed.

Sometimes event the hiring process of for cloud employees is not disclosed completely. All these lack of transparency anf clarity in operation creates an attractive opportunity for a hacker to steal secret corporate or national documents. This can be done with minimal risk of detection.

Impact

The impact that malicious insiders can have on an organization is considerable, given their level of access and ability to infiltrate organizations and assets. Various other ways by which a malicious insider can impact an operation include financial impact, productivity losses and brand damage. With the expanding usage of cloud services by organization, threat of human element needs a deep thought. It is very important for consumer of cloud services to understand and establish the steps taken by the providers to deal with the threat of malicious insider.

Remediation

impose strict supply chain management and carry out a complete supplier evaluation.

State human resource needs as ingredient of legal contracts. necessitate simplicity into general information security, management practices and compliance reporting. establish security breach announcement processes.

4. Shared Technology Issues

IaaS vendors deliver their services in a scalable way by sharing infrastructure.

But all these primary components does not offer isolation properties because of their sheer basic design. This gap is addressed by intervening between guest operating system and

the physical compute resources.

Still, the flaws exihibited by hypervisors have allowed guest operating system to attain out of place levels of control with regard to underlying platform. A strong in depth defense strategy is required to enforce and monitor proper security measures. Customers should be guraded from the operation of each other with the help of robust compartmentalisation strategies. Customer should be not be given any access to private data of other client.

Impact

Attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments Main issues is initial design of disk partitions, CPUs etc that bars the compartmentalization strategies to deliver results. As a consequence, focus of hacker and spammer is always on gaining unauthorized access to data of other customers.

Examples

Joanna Rutkowska's Red and Blue Pill exploits

Kortchinksy's CloudBurst presentations.

Remediation

Execute good security practices for installation/configuration.

keep a tab on environment for illegal changes/activity. Support sturdy verification and admission control for administrative access and operations.

Implement service level agreements for patching and exposed solutions. Carry out susceptibility examination and configuration checks.

5. Data Loss or Leakage

Data can be compromised in many ways

Removal or modification of accounts without a back up storage of the original content is a common case. Compartmentalization of records may lead to circumstances of non traceability, very similar to the case of using unpredictable media. Misplacement of encoding hash key may result in damage of critical data.

Ultimately, sensitive should be kept away from the reach of unauthorized access.

Risks related to data compromise increases many folds in cloud computing due to inherent characteristics of infrastructure deployed as a part of cloud environment.

Data loss or unwanted outflow can have a disturbing blow on a business.

A loss can have both tangible and non tangible impacts.

Impact

While tangible impact consist of financial damage and staff turnover, non-tangible impacts can be range from diminishing brand reputation to loss of morale and trust of employee, partner, and customer. Non-tangible impacts can have severe financial repercussion. Severity of impact is directly dependent upon the type of data that is stolen.

Severity of legal ramifications and compliance violations will depend on type of data.

Examples

Inadequate verification, permission, and review (AAA) controls;

contradictory use of encryption and software keys;

operational breakdown;

perseverance and remaining challenges: dumping challenges; risk of alliance;

authorization and biasing issues;

data center trustworthiness;

and adversity revival.

Remediation

Employ sturdy API entrance control.

In transit data should be protected and encrypted for integrity Protection of data should be analyzed both at run and design time Employ sturdy storage and management, storage and manakey generation, and demolition exercises.

Service providers should be made contractually liable to clean constant media before releasing it into the pool.

State supplier support and maintenance strategies

6. Report or facility seizing

Report or facility seizing is not new.

Old age assault schemes like phishing are still quite successful in achieving the desired results for hackers and spammers. Impact of these attacks is amplified due to reuse of credential and passwords. Cloud related service augment the risks for the client. Any leakages of credential and password can give unlimited power in the hands of hackers to manipulate or steal important data and control the client's access to organization's online site. Hackers and spammers may use power of the company's brand to fool customer and gain illegitimate advantage.

Impact

Account and service hijacking, usually with stolen credentials, remains a top threat. Integrity, confidentiality and availability of cloud services are compromised when a attacker gain illegitimate access to deployed cloud computing infrastructure support system.

Company should be well aware of the common techniques used by hackers and spammers and also, it should be well prepared with an in depth defence strategies to contain the loss and resulting damage arising from any suck attack.

Remediation

Remediation Proscribe the sharing of account documentations involving users and services.

Force sturdy two-factor validation techniques where ever feasible. Make use of practical observation to spot illegal movement. Appreciate cloud provider security policies and SLAs.

7. Unknown Risk Profile

and software possession and safeguarding which allow companies to build upon their core business strengths. These advantage of cloud services should be carefully analyzed and weighted against the conflicting security concerns, which if left as it is can have serious ramification for company, customers and business as a whole. Overall security policies should be designed keeping various factors in mind such as code updates, vulnerability profiles, security practices etc.

About the information and observance of the internal security processes its settings, auditing and logging? In a various ways the data is related to stored logs and which has availability to the? Which data in case any supplier reveals the events of safety incidents? Mostly such questions are not properly explained and are overlooked because of some unknown risk profile which has some serious risks.

Examples

IRS asked Amazon EC2 to perform a C&A; Amazon refused.

Heartland Data Breach: Payment processing system which was being used by heartland had not only susceptible but also contaminated software. Even then heartland was not ready to take extra effort to notify consumer about data breaches. They were only agreeing to bare minimum state laws which were not sufficient to secure confidential user data.

Remediation

Clarification Revelation of application logs and information. Partial/full revelation of transportation details (e.g., patch levels, firewalls, etc.).

Monitoring and alerting on necessary information

Literature Review:

Cloud computing is a new computing model. According to International Data Corporation (IDC) report, security is ranked first among challenges of the cloud model. In a perfect security solution, monitoring mechanisms play an important role. In the new model, security monitoring has not been discussed yet. Here we identified a few steps for studying security monitoring mechanisms in the cloud computing model. First, existing security monitoring mechanisms should be reviewed. These mechanisms are either part of commercial solutions or proposed by open communities. Second, top threats to cloud computing should be analyzed. In this step, we will go through new challenges in the new computing model. Third, current security monitoring mechanisms would be evaluated against new challenges which are caused by the new model.

Security Monitoring Mechanisms

Due to an increase in the number of organized crime and insider threats, proactive security monitoring is crucial nowadays. Moreover, in order to design an effective security monitoring system variety of challenges should be taken into account. As an example, we can mention some of them here: shortcoming in threat ecosystem, handling large number of incidents, cooperation among interested parties and their privacy concerns, product limitations, etc.

This section will start by reviewing our method for discussing monitoring mechanisms. Then, we will study security monitoring approaches from two different categories, commercial and open community's solutions. As a matter of fact, it should be noted that no single solution or mechanism exists for monitoring all kinds of threats. Different environments and threats impose variety of requirements. Each of these requirements is addressed by a group of monitoring techniques.

Conventionally cloud providers are not willing to disclose their security mechanisms. They justify these behaviors in different ways. First of all, by disclosing security functions, their competitors may utilize same mechanisms and reduce benefits of the origin company. Moreover, many companies still believe in security through obscurity. With regard to these types of problems, we reviewed security monitoring mechanisms from not only commercial solutions, but also open communities which are doing research in this field. In this analysis, we focus more on that part of monitoring mechanisms which help us to cover new security challenges in the cloud model.

Commercial Solutions

We studied security solutions in the cloud model which are proposed by Amazon, Google, RackSpace and Microsoft. In this study, we started by reviewing white-papers and documents for each of those commercial solutions. Then we tried to communicate with security teams for each them, to understand more about their monitoring mechanisms. This communication was the most unsuccessful part, because they were not willing to give out information more than what is available publicly. In some cases, like RackSpace, they have open-source projects or open community which may help more in analysis of their solutions. We will continue by going through some of those providers.

Amazon

In the following, we highlight products and functions in the Amazon cloud environment which may help us in designing a proper security monitoring solution.

CloudWatch

Amazon CloudWatch is a web service that provides monitoring for cloud components. These components are resource utilization, operational issues (request count and request latency on Elastic Load Balancing (ELB)), and overall demand patterns. It is designed to provide comprehensive monitoring for Amazon Elastic Compute Cloud (EC2), Amazon ELB and Amazon Relational Database Service (RDS). CloudWatch can be used to retrieve statistical data. Later, these data can be utilized to demonstrate availability parameters, such as mean up-time and mean time between failures.

Vulnerability Reporting Process

This process is used when someone find a vulnerability in any Amazon Web Services (AWS) products.

Penetration Testing Procedure

As penetration testing is hardly distinguishable from security violations, Amazon has established a policy for customers to request permission to conduct penetration testing. Establishing this policy helps AWS security monitoring service to face less false-positive alarms. Moreover, penetration testing that is conducted by variety of cloud customers reveal useful information for understanding the ecosystem of security threats in the new model. Cloud providers should coordinate these testing to find out more about the threats ecosystem as well as possible security breaches in their own infrastructure.

Security Bulletins

"AWS tries to notify customers of security and privacy events using Security Bulletins." Cloud customers monitor new vulnerabilities and change of policies using this service. As an example, we can refer to AmazonPayments Signature Validation a case on 22nd of September 2010. In this incident, vulnerability has been identified in the sample code for application-side signature validation.

CatbirdTM Vulnerability Monitoring

Vulnerability monitoring is a part of Catbird vSecurity product that provides security solutions for a cloud environment. Catbird vulnerability management has the following functionality: Audit, Continuous Compliance, Incident Response, Hybrid Vulnerability and IDS/IPS, Performance-enhancing implementation.

Google

Security monitoring in Google has three main targets, internal network, and employee actions on Google systems and outside knowledge of vulnerabilities. At many points across their global network, internal traffic is inspected for suspicious behavior. They do this analysis using a combination of open-source and commercial tools. They also analyze system logs to identify unusual activity from their employees. In addition, security team checks security bulletins for incidents which may affect Google's services. On the top they have a correlation system that coordinates the monitoring process among variety of technologies. As a matter of fact, Google did not disclose any technical information about their monitoring mechanisms or even security functions. But if we refer to internal security breach on July 2010, we may see that those mechanisms are not working well enough to monitor such an incident. In July 2010, one of Google Site Reliability Engineers (SRE) had been dismissed because of breaking internal privacy policies by accessing users' account.

RackSpace

RackSpace started an open-source project called OpenStack. They included the code for Cloud Files and Cloud Servers Technology. NASA also joined this project with its Nebula platform which will be merged to Cloud Servers Technology and would become the computing component of OpenStack.

Microsoft Azure

Microsoft has a security frame to share security knowledge. 10 different categories are introduced in that frame comprising: Auditing and Logging, Authentication, Authorization, Communication, Configuration Management, Cryptography, Exception Management, Sensitive Data, Session Management, Validation.

Standing on these class and its explanation "Auditing and logging" is the class connected to defence supervisor.

Auditing and Logging explains how security-related events are recorded, monitored, audited, exposed, compiled and partitioned across multiple cloud instances

Open Communities

Importance of open source solutions

Open-source solutions and open communities are crucial in the cloud computing model. They address many sec


To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Request Removal

If you are the original writer of this dissertation and no longer wish to have the dissertation published on the UK Essays website then please click on the link below to request removal:


More from UK Essays

Get help with your dissertation
Find out more
Build Time: 0.0065 Seconds