In examining cloud technology, or any technology for that matter, security of th
ID: 3676877 • Letter: I
Question
In examining cloud technology, or any technology for that matter, security of the data is an important consideration. In this assignment, explore methods of managing cloud architecture and ensuring data security. Investigate attacks on the cloud and ways data can be compromised, including the following:
Apply tools to troubleshoot network problems
Use implementation, management, and maintenance skills in network configuration
Discuss emerging topics in network operation and administration
Assignment Guidelines
Research security in cloud computing and explain the security concerns regarding cloud computing.
List and describe at least 2 ways a data attack on the cloud can occur.
What networking tools can you use to ameliorate data attacks on cloud data?
What tools would you use to troubleshoot problems when configuration is an issue?
Choose and investigate one tool used to administer data in the cloud, take a screenshot of the tool, and embed the picture in your document. Provide a detailed analysis of the tool and how it is used.
Give a recommendation on whether companies should use or not use the cloud, based on the security, the management, or any barrier found in using cloud technology.
Explanation / Answer
While cost and ease of use are two great benefits of cloud computing, there are significant security concerns that need to be addressed when considering moving critical applications and sensitive data to public and shared cloud environments.
To address these concerns, the cloud provider must develop sufficient controls to provide the same or a greater level of security than the organization would have if the cloud were not used. Listed here are ten items to review when considering cloud computing.
1. Where's the data? Different countries have different requirements and controls placed on access. Because your data is in the cloud, you may not realize that the data must reside in a physical location. Your cloud provider should agree in writing to provide the level of security required for your customers.
2. Who has access? Access control is a key concern, because insider attacks are a huge risk. A potential hacker is someone who has been entrusted with approved access to the cloud. If anyone doubts this, consider that in early 2009 an insider was accused of planting a logic bomb on Fanny Mae servers that, if launched, would have caused massive damage. Anyone considering using the cloud needs to look at who is managing their data and what types of controls are applied to these individuals.
Some of Security Threads that harm data on cloud:
1. Data Breaches
Cloud computing and services are relatively new, yet data breaches in all forms have existed for years. The question remains: “With sensitive data being stored online rather than on premise, is the cloud inherently less safe?”
A study conducted by the Ponemon Institute entitled “Man In Cloud Attack” reports that over 50 percent of the IT and security professionals surveyed believed their organization’s security measures to protect data on cloud services are low. This study used nine scenarios, where a data breach had occurred, to determine if that belief was founded in fact.
After evaluating each scenario, the report concluded that overall data breaching was three times more likely to occur for businesses that utilize the cloud than those that don’t. The simple conclusion is that the cloud comes with a unique set of characteristics that make it more vulnerable.
2. Hijacking of Accounts
The growth and implementation of the cloud in many organizations has opened a whole new set of issues in account hijacking.
Attackers now have the ability to use your (or your employees’) login information to remotely access sensitive data stored on the cloud; additionally, attackers can falsify and manipulate information through hijacked credentials.
Other methods of hijacking include scripting bugs and reused passwords, which allow attackers to easily and often without detection steal credentials. In April 2010 Amazon faced a cross-site scripting bug that targeted customer credentials as well. Phishing, keylogging, and buffer overflow all present similar threats. However, the most notable new threat – known as the Man In Cloud Attack – involves the theft of user tokens which cloud platforms use to verify individual devices without requiring logins during each update and sync.
3. Insider Threat
An attack from inside your organization may seem unlikely, but the insider threat does exist. Employees can use their authorized access to an organization’s cloud-based services to misuse or access information such as customer accounts, financial forms, and other sensitive information.
Additionally, these insiders don’t even need to have malicious intentions.
A study by Imperva, “Inside Track on Insider Threats” found that an insider threat was the misuse of information through malicious intent, accidents or malware. The study also examined four best practices companies could follow to implement a secure strategy, such as business partnerships, prioritizing initiatives, controling access, and implementing technology.
4. Malware Injection
Malware injections are scripts or code embedded into cloud services that act as “valid instances” and run as SaaS to cloud servers. This means that malicious code can be injected into cloud services and viewed as part of the software or service that is running within the cloud servers themselves.
Once an injection is executed and the cloud begins operating in tandem with it, attackers can eavesdrop, compromise the integrity of sensitive information, and steal data. Security Threats On Cloud Computing Vulnerabilities, a report by the East Carolina University, reviews the threats of malware injections on cloud computing and states that “malware injection attack has become a major security concern in cloud computing systems.”
Here are five data privacy protection tips to help you tackle the issue of cloud privacy:
1. Avoid storing sensitive information in the cloud.
Many recommendations across the 'Net sound like this: "Don't keep your information on the cloud." Fair enough, but it's the same as if you asked, "How not to get my house burned down?" and the answer would be, "Do not have a house." The logic is solid, but a better way to translate such advice is, "avoid storing sensitive information on the cloud." So if you have a choice you should opt for keeping your crucial information away from virtual world or use appropriate solutions.
2. Read the user agreement to find out how your cloud service storage works.
If you are not sure what cloud storage to choose or if you have any questions as for how that or another cloud service works you can read the user agreement of the service you are planning to sign up for. There is no doubt it's hard and boring but you really need to face those text volumes. The document which traditionally suffers from insufficient attention may contain essential information you are looking for.
3. Be serious about passwords.
You must have heard this warning a hundred times already, but yet most people do not follow it. Did you know that 90 percent of all passwords can be cracked within seconds? Indeed, a great part of all the sad stories about someone's account getting broken is caused by an easy-to-create-and-remember password. Moreover, doubling your email password for other services you use (your Facebook account, your cloud storage account) is a real trap as all your login information and forgotten passwords always arrive to your email.
Here is an efficient method of creating a secure password:
Choose a random word (preferably a long one) -- for example, "communication."
Now let's say you are signing up for Gmail. What you should do is add a "Gmail" word to the word you have chosen. Thus your password for Gmail will be "communicationGmail." If you sign up for Skype, your password will be "communicationSkype", for example.
Therefore, you need to remember only your "core" word and the structure of your password. To strengthen it even more you can add a certain number before the name of the service, for example your birth date. In that case your password will look like "communication12111975Skype", etc.
You can invent any other way of memorizing your passwords, the one that appeals to you. But the main point doesn't change - such a method is really simple and effective.
4. Encrypt.
Encryption is, so far, the best way you can protect your data. Generally encryption works as follows: You have a file you want to move to a cloud, you use certain software with which you create a password for that file, you move that password-protected file to the cloud and no one is ever able to see the content of the file not knowing the password.
The most easy and handy way is to zip files and encrypt them with a password. To that end you can use B1 Free Archiver -- a free multiplatform compression tool. When creating the archive check the "Protect with a password" option, type in the password (keeping in mind the no. 3 rule) and only after that you can move it to the cloud. If you want to share it with someone just give the password to that person. Note that B1 Free Archiver zips files only in B1 format which makes the overall protection of your info more reliable.
The only software that opens B1 files is B1 Free Archiver, therefore you won't be able to open any B1 archive, even one that isn't password-protected, without this utility. B1 encrypted archives appear to be more safe and secure than the usual zip files.
In case you have more time and energy or want to provide an even higher level of protection for your files you can use TrueCrypt encryption software. It's an open source encryption program with which you can create an encrypted file (the so called "virtual disk") and keep all of your private files protected with a password.
TrueCrypt is a bit harder to use than B1 Free Archiver, but it gives you the choice of encryption algorithms (in addition to AES it also offers Serpent, Twofish, etc) some of which deliver a higher level of reliability. But at the same time it also has its drawback as compared to encrypted zip files.
In TrueCrypt you preset a precise volume of your encrypted file from the very beginning so a lot of space may be wasted before you fill it with data. The size of an encrypted zip file depends only on the data volume contained in it.
5. Use an encrypted cloud service.
There are some cloud services that provide local encryption and decryption of your files in addition to storage and backup. It means that the service takes care of both encrypting your files on your own computer and storing them safely on the cloud. Therefore, there is a bigger chance that this time no one -- including service providers or server administrators -- will have access to your files (the so called "zero-knowledge" privacy). Among such services are Spideroak and Wuala.
Spideroak provides 2GB space for full featured backup, sync, share, access and storage for free. However, you'll have to upgrade to Plus Plan for $10/monthly if you need more space. Wuala offers 5GB for free and paid accounts with the price depending on the amount of space you need.
Cloud security
When choosing the best way of protecting your information keep in mind how valuable that information is to you and to what extent it is reasonable to protect it. Therefore, the first thing you should do is to define the level of privacy you need and thus a level of protection for it. If you do not actively use the Internet to work, even a two-step verification involving SMS with a code sent to your mobile phone may seem cumbersome, though most people who use email for sending business data appreciate this option.
Not everyone is ready to pay for data to be stored, but if you use cloud storage for keeping corporate data, you'll find paying for safe and secure data storage reasonable. So try to strike that delicate balance between the required level of protection and the time/effort/money spent on it.