Cloud Computing

Introduction to Cloud Computing

In today's world, cloud computing is the most popular technology due to its flexibility and mobility.
With cloud computing, personal and shared resources can be accessed with minimal management. In
many cases, it is dependent on the internet. A third-party cloud solution is also available, which
reduces the need to expand resources and maintain them. A good example of cloud computing is
Amazon Elastic Cloud Compute (EC2), which is highly capable, low-cost, and flexible. Cloud computing
has the following major characteristics:

• Self-service on demand
• Storage that is distributed
• Rapid elasticity
• Services that are measured
• Management by automation
• A virtualization system

Types of Cloud Computing Services

There are three types of cloud computing services: -

• Infrastructure-as-a-Service (IaaS)
• Platform-as-a-Service (PaaS)
• Software-as-a-Service (SaaS)

Infrastructure-as-a-Service (IaaS)
Infrastructure as a service, or IaaS, is a self-service model. Using IaaS allows you to access, monitor,
and manage your data. As an example, IaaS offers the cloud-based infrastructure to deploy remote
datacenter instead of purchasing firewalls, networking devices, and servers, and spending money on
deployment and management. Amazon EC2, Cisco Metapod, Microsoft Azure, and Google Compute
Engine (GCE) are some of the most popular examples of IaaS.

Platform-as-a-Service (PaaS)
Another cloud computing service is the platform as a service. Application development, deployment,
and management are all made possible by it. A PaaS service offers Development Tools, Configuration
Management, Deployment Platforms, and the ability to migrate apps to hybrid models. Applications
can be developed and customized, OSes can be managed, storage and networking can be handled,
etc., with the help of this software. Google App Engine, Microsoft Azure, Intel Mash Maker, etc., are
all examples of PaaS.

Software-as-a-Service (SaaS)
The most widely used type of Cloud Computing service is Software as a Service (SaaS). On-demand
software is centrally hosted so it can be accessed by users using client software via browsers. There
are many examples of SaaS in the workplace, such as Microsoft Office 365, Cisco WebEx, Citrix
GoToMeeting, Google Apps, DBMS, CAD, ERP, HRM, and messaging software.
Cloud Computing Benefits
The following are some of the most important advantages of cloud computing;

Increased Capacity:
A cloud computing platform provides unlimited capacity, so users do not need to worry about the size
of their infrastructure. We can also say that by using a cloud platform, a customer can use as much or
as little capacity as they desire.

Increased Speed:
As a result of the cloud computing environment, organizations can access IT resources faster, less
expensive, and faster manner than ever before.

Low Latency:
As a result of the cloud computing technology, customers can easily implement their applications with
just a couple of clicks, so they can achieve all their tasks quickly at minimal costs, i.e. not too much
time is consumed and there is a minimum amount of latency.

Less Economic Expense

One of the major advantages of cloud computing is that it is less expensive. Dedicated hardware is not
required for specific functions. The cost of purchasing hardware, configuration, management
complexity, and maintenance costs can be reduced by virtualizing networking, data center, firewall,
and application services over the cloud.

Security
As far as security is concerned, cloud computing is also very efficient when it comes to cloud
computing. There are several benefits to patch management and security updates, including less
investment in security. Protection against cloud computing threats comes in the form of disaster
recovery, dynamic scalability defensive resources, and other security services.

Understanding Virtualization
A virtual machine or multiple virtual machines are deployed on a host machine through virtualization
in computer networking. The virtual machines use the system resources of the host machine by
logically dividing them. Virtual machines differ greatly from physically deployed machines in terms of
their system resources and hardware. The physical deployment of an operating system requires
separate hardware, while a virtual machine host can share storage and resources between multiple
operating systems.

Benefits of Virtualization in the Cloud

Virtualization has many advantages, one of which is the reduction of costs. It is not only costly to
purchase dedicated hardware, but it also requires management, maintenance, and security. As
opposed to additional hardware, virtualization supports multiple machines on a single piece of
hardware while consuming less space and power. As well as reducing administration, management,
and networking tasks, virtualization ensures efficiency. The cloud makes virtualization even more
efficient since it does not require any hardware to be installed. Cloud-based virtual machines are
hosted over the internet on a host and are owned by the cloud. From anywhere at any time, you will
be able to access them easily.
Cloud Computing Threats
Cloud computing is indeed offering many services with a high degree of efficiency and flexibility, but
there are also some threats to which cloud computing is susceptible. An example of one of these
threats might be Data loss/breach, insecure interfaces and APIs, malicious insiders, privilege
escalation, natural disasters, hardware failure, authentication, VM level attacks, and many more.

Data Loss/Breach
A large number of platforms are at risk of losing or breaching their data due to data loss and data
breaches. If the encryption key is lost or improperly encrypted, the data may be modified, erased,
stolen, and misused as a result.

Abusing Cloud Services

Abusing Cloud Services refers to the misuse of these services for malicious purposes as well as the
misuse of these services in an abusive manner. As an example, an attacker exploited Dropbox's cloud
service to spread a massive phishing campaign using the Dropbox cloud service. The system can also
be used to host data that is malicious and to control and command botnets in the same manner.

Insecure Interface and APIs

There are two types of interfaces used by customers to interact with the service, which is Software
User Interfaces (UI) and Application Programming Interfaces (APIs). Monitoring, Orchestration,
Management, and Provisioning of these interfaces can ensure that these interfaces are secure. To
protect these interfaces against malicious attempts, they need to be secure.

Cloud Computing Attacks

In Cloud Computing, several attacks are commonly used by attackers to remove sensitive information,
such as credentials, or to gain unauthorized access to Cloud Computing resources. There are many
ways in which cloud computing can be attacked, including: -

• Social engineering attacks used to hijack services

• An XSS attack that hijacks a session
• Attack on the Domain Name System (DNS)
• Attacks involving SQL injection
• Attacking from the wrapper
• Hijacking services using network sniffing
• Using session riding to hijack sessions
• Cross-guest VM breaches or side channel attacks
• Analyzing cryptic data
• Attacks by DoS / DDoS

Service Hijacking using Social Engineering Attacks

As we have already discussed, social engineering attacks. Social Engineering techniques may be used
to guess the password. According to the privilege level of the compromised user, social engineering
attacks result in unauthorized access to sensitive information.

Service Hijacking using Network Sniffing

A packet sniffer allows an attacker to capture sensitive information such as passwords, session IDs,
cookies, and other web service information such as UDDI, SOAP, and WSDL by placing himself in a
network.
Session Hijacking using XSS Attack
An attacker can steal cookies by injecting malicious code into the website by using Cross-Site Scripting
(XSS).

Session Hijacking using Session Riding

The purpose of Session Riding is to hijack sessions. It can be exploited by attempting cross-site request
forgery. As the attacker uses the active session to execute requests, such as modifying data, erasing
data, online transactions, and password changes, the attacker tracks the user to click on a malicious
link.

Domain Name System (DNS) Attacks

Attacks on the Domain Name System (DNS) include DNS poisoning, cybersquatting, domain hijacking,
and domain snipping. Attackers may poison DNS servers or caches to obtain the credentials of internal
users. In domain hijacking, the domain name of a cloud service is stolen. In the same way, users can
be redirected to a fake website if they fall victim to phishing scams.

Side Channel Attacks or Cross-guest VM Breaches

An attack that uses a malicious virtual machine on the same host is called a side-channel attack or
cross-guest VM breach. Physical hosts, for instance, host virtual machines that provide cloud services,
making them targets for attackers. To take advantage of shared resources of the same host, such as
processor cache, cryptographic keys, etc., the attacker will install a malicious virtual machine on the
same host. The installation can be done by a malicious insider or an attacker who impersonates a
legitimate user to achieve the desired effect.

Furthermore, there are also other attackers which have been discussed earlier which could also be
vulnerable to Cloud Computing, including SQL Injection attacks (injecting malicious SQL statements
into the system to extract information), Cryptanalysis attacks (weak or outdated encryption),
Wrapping attacks (duplicating the body of a message), Denial-of-Service (DoS) and Distributed Denial-
of-Service (DDoS) attacks.

Cloud Security
Cloud Computing Security refers to the deployment, implementation, and prevention of security
threats. It includes the implementation of cloud security policies, the deployment of security devices
such as application firewalls and Next Generation Intrusion Prevention Systems (IPS), as well as the
hardening of the cloud computing infrastructure. As well as some actions that should be taken by the
service provider, it also includes some actions that should be taken by the users in regards to the
action they should take.

Cloud Security Control Layers

Application Layer
A variety of security mechanisms, devices, and policies are available to support cloud security controls
at different levels of the cloud security control hierarchy. A Web application firewall is deployed at the
application layer to filter and observe traffic. A similar approach is used in Systems Development Life
Cycle (SDLC), Binary Code Analysis (BCA), Transactional Security (TS), etc., to ensure the security of
online transactions and script analysis.
Information
To ensure the confidentiality and integrity of the information that is being communicated between
clients and servers in cloud computing, different policies are configured to monitor any loss of data
that might occur during the communication process. Data Loss Prevention (DLP) and Content
Management Framework (CMF) are among these policies. In Data Loss Prevention (DLP), information
leakage is prevented by preventing it from leaving the network. A typical example of this type of
information is confidential information about a company or organization, proprietary information,
financial information, and other types of secrets. As part of the Data Loss Prevention feature, the user
is prevented from intentionally or unintentionally sending confidential information by using Data Loss
Prevention policies.

Management
Many approaches are employed to manage the security of Cloud Computing, including Governance,
Risk Management, and Compliance (GRC), Identity and Access Management (IAM), and Patch and
Configuration Management. Access to resources can be controlled and managed using these
approaches.

Network layer
Security solutions for cloud computing include Next-Generation IDS/IPS, Next-Generation Firewalls,
DNSSec, Anti-DDoS, OAuth, and Deep Packet Inspection (DPI). One of the efficient-proactive
components of the Integrated Threat Security Solution is NGIPS or Next-Generation Intrusion
Prevention System. The NGIPS provides enhanced security intelligence, enhanced visibility, and
advanced protection against emerging threats to secure complex network infrastructures.

In addition to deep network visibility, automation, and security intelligence, Cisco NGIPS Solution
provides next-generation protection. To detect increasingly sophisticated network attacks, it uses the
most advanced and effective intrusion prevention capabilities. Data regarding the network is
continuously collected, including information about the operating system, files, applications, devices,
as well as user information. In the context of intrusion events, this information enables NGIPS to
determine network maps and host profiles.

Trusted Computing
From the end entity up to the root certificate, each component of hardware and software must be
validated to establish the root of trust (RoT). In addition to maintaining flexibility, it aims to ensure
that only trusted software and hardware can be used.

Computer and Storage

Host-based intrusion detection and prevention systems (HIDS/HIPS) can be used to secure computing
and storage in cloud computing. Setting up integrity checks, monitoring the file system, analyzing log
files, analyzing connections, detecting kernel levels, encrypting storage, etc. These IPS/IDS are
normally implemented for the protection of specific hosts, and they work closely with their operating
systems. Filters out malicious application call to the operating system by creating a filtering layer.

Physical Security
Physical security is always a priority when it comes to securing anything. Since it is also the first layer
of the OSI model, if it is not physically secured, any security configuration will be ineffective. A physical
security system protects against man-made attacks such as theft, damage, unauthorized physical
access, and environmental threats such as rain, dust, power outages, fires, etc.
Responsibilities in Cloud Security

Cloud Service Provider

The responsibility of a cloud service provider includes ensuring that the following security controls are
met: -

• Web Application Firewall (WAF).

• Real Traffic Grabber (RTG)
• Firewall
• Data Loss Prevention (DLP)
• Intrusion Prevention Systems
• Secure Web Gateway (SWG)
• Application Security (App Sec)
• Virtual Private Network (VPN)
• Load Balancer
• CoS/QoS
• Trusted Platform Module
• Netflow and others.

Cloud Service Consumer

Among the responsibilities of a cloud service consumer are the following security controls that must
be met: -

• Public Key Infrastructure (PKI).

• Security Development Life Cycle (SDLC).
• Web Application Firewall (WAF).
• Firewall
• Encryption.
• Intrusion Prevention Systems
• Secure Web Gateway
• Application Security
• Virtual Private Networks (VPN) and others.