Cloud Fundamentals and Cyber Security Assessment -4

Author:

Major attacks
Back-door: A back-door attack takes place using asynchronous external connections or dial-up modems. Here, the strategy is to gain access to a network through bypassing of control mechanisms and getting in through a backdoor such as a modem.
Spoofing: IP spoofing involves the alteration of a packet at the TCP level. This technique is used to attack internet connected systems that provide various TCP/IP services. In this type of attack, the attacker sends a packet with an IP source address of a known trusted host instead of its own IP source address to a target host.
Man-in-the-middle: In case of man-in-the-middle attack, an attacker say ‘A’, substitutes his/her public key for that of another person, say ‘B’. Anyone who sends an encrypted message to ‘B’ using ‘B’s’ public key is unknowingly using ‘A’s’ public key. So, ‘A’ can read the message intended for ‘B’. ‘A’ can then modify the message and send that to ‘B’.
Replay: The replay attack occurs when an attacker traps and saves old messages and then tries to send them later. This attack can be prevented by attaching a random number or timestamp with the message.
TCP Hijacking: In TCP hijacking, an attacker steals or hijacks a session between a trusted client and network server. The attacker then substitutes its IP address for that 48 of the trusted client and the server continues communication thinking that it is communicating with the trusted client.
Social Engineering: In this attack, the attacker uses social skills to get information such as passwords. For example, an attacker may pretend like someone in an organization and make phone calls to employees of that organisation asking for passwords for use in maintenance operations.
Dumpster Diving: This involves the acquisition of information which is discarded by an organization or individuals. In many cases, this information can be found in the trash and it can be very valuable to an attacker. Discarded information may have technical manuals, telephone numbers, password lists etc. This type of information must be adequately protected, otherwise it will create a security risk.
Password Guessing: Another effective attack approach is guessing passwords. Getting access to a person’s password can be obtained by physically looking around their desk for notes with the password. They may also use social engineering, helping them gain access to a password database or by guessing in a random or systematic manner.
Trojan Horses and Malware: Trojan horses hide a malicious code inside a host program. Once these programs are executed, the virus, worm or other type of malicious code hidden in the Trojan horse program is released to attack the workstation, server or network, or allow unauthorized access to those devices. A logic bomb is an instantiation of a Trojan horse that is activated upon the occurrence of a particular event. Also, a time bomb is a set to activate after a designated period of time has elapsed.

Cloud Security Mitigation Controls
One of the essential components of a cloud computing system is a cloud service provider that provides computing resources to cloud end users. These cloud service providers are responsible for ensuring the security of cloud environment to assure the best quality of cloud service. This can be done by defining tight security policies and by implementing advanced security technologies.
a) Security Policy Enhancement As we know, anybody can register to utilize resources offered by cloud service providers by using a valid credit card. This helps hackers take advantage of the powerful computing power of clouds to perform malicious activities, such as spamming (sending unwanted e-mails) and attacking other computing systems. Block of public black lists and credit card fraud monitoring could be applied after mitigating abusive behavior caused by weak registration systems. Implementation of security policies can also reduce the risk of malicious use of cloud computational power. Well established rules and regulations help network administrators to manage the clouds more effectively.
b) Access Management Authorization and access control mechanisms should be applied to the end user’s data to ensure that only authorized users can have access to the data. The data stored in a cloud is private and sensitive. In order to ensure security, the traffic access to the data should be controlled by security techniques. Also, the physical computing systems where the data is stored should be monitored continuously. In order to monitor malicious activities and to restrict access from un-trusted resources, some of the common tools used are firewalls and intrusion detection systems. Other tools used to control access to cloud applications and data are authentication standards such as, Security Assertion Markup Language (SAML) and eXtensible Access Control Markup Language (XACML). XACML emphasizes on the mechanism for arriving at authorization decisions, while SAML focuses on the means for transferring authorization and authentication decisions between cooperating entities.
c) Data Protection Data failures or attacks caused by insiders could be intentional or accidental. Therefore, it is better to apply proper security tools to deal with insider threats, since it is difficult to identify the insider’s behavior. These security tools include anomalous behavior pattern detection tools, data loss prevention systems, user behavior profiling, format preserving and encryption tools, decoy technology and authorization and authentication technologies. These tools provide functions such as audit trails recording for future forensics, real-time detection on monitoring traffic and trapping malicious activity into decoy documents.