HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
3-UnitV_security.pptx
1. UNIT-IV
Cloud Security: Basic Terms and Concepts, Threat Agents, Cloud Security
Threats, Cloud Risk Division and Risk Management, Cloud Security
Architecture, VM Security Challenges
2. TERMS
• THREAT
• Vulnerability
• Risk
• Asset: An asset is what we’re trying to protect.
• Counter Measures: Set of actions implemented to prevent threats.
3. WHAT IS THREAT?
• Anything that can exploit a vulnerability, intentionally or accidentally,
and obtain, damage, or destroy an asset.
• A threat is what we’re trying to protect against.
• In computer security, a threat is a possible danger that might exploit
a vulnerability to breach security and therefore cause possible harm.
• A threat can be either "intentional" (i.e. hacking: an individual
cracker or a criminal organization) or "accidental" (e.g. the possibility
of a computer malfunctioning, or the possibility of a natural
disaster such as an earthquake, a fire, or a tornado) or otherwise a
circumstance, capability, action, or event.
4. Vulnerability
• Weaknesses or gaps in a security program that can be exploited by
threats to gain unauthorized access to an asset.
• A vulnerability is a weakness or gap in our protection efforts.
• IT resource vulnerabilities can have a range of causes, including
configuration deficiencies, security policy weaknesses, user errors,
hardware or firmware flaws, software bugs, and poor security
architecture.
5. Risk
• The potential for loss, damage or destruction of an asset as a result
of a threat exploiting a vulnerability.
• Risk is the intersection of assets, threats, and vulnerabilities.
• Two metrics that can be used to determine risk for an IT resource are:
• the probability of a threat occurring to exploit vulnerabilities in the
ITresource
• the expectation of loss upon the IT resource being compromised
6. • The role a threat agent assumes in relation to
• vulnerabilities
• threats
• risks
• the safeguards established by security policies and
security mechanisms.
7.
8. THREAT PROFILE
• Threats consist of following properties:
• Asset: Something of value to the organization.
• Actor: who or what may violate the security requirements(CIA)
• Motive: indication of whether the actor’s intentions are deliberate or
accidental.
• Access: how the asset will be accessed by the actor.
• Outcome: the immediate result of violating the security requirements of an
asset.
9.
10. Sources of risk
• Human error: disclosure of confidential information.
• Computer abuse or crime: when a person intends to be malicious
and starts to steal information from sites.
• Natural and political disasters: This can happen in the form of
natural calamities and wars.
• Failure of hardware or software: server malfunctioning, software
errors etc.
13. Confidentiality
• When protecting information, we want to be able to restrict access
to those who are allowed to see it; everyone else should be
disallowed from learning anything about its contents. This is the
essence of confidentiality.
• Example: ID and passwords to authenticate authorized users.
• Permitting someone to look over your shoulder at
your computer screen while you have confidential data displayed on
it could be a breach of confidentiality.
14. Confidentiality
• Within cloud environments, confidentiality primarily pertains to
restricting access to data in transit and storage.
• If a laptop computer containing sensitive information about a
company's employees is stolen or sold, it could result in a breach of
confidentiality.
• Federal law requires that universities restrict access to private student
information. The university must be sure that only those who are
authorized have access to view the grade records.
16. Integrity
• Integrity is the assurance that the information being accessed has not been altered and truly
represents what is intended.
• An important issue that concerns data integrity in the cloud is whether a cloud consumer can be
guaranteed that the data it transmits to a cloud service matches the data received by that cloud
service. Integrity can extend to how data is stored, processed, and retrieved by cloud services and
cloud-based IT resources.
17. Integrity
• Information integrity means information truly represents its intended
meaning. Information can lose its integrity through malicious intent, such as
when someone who is not authorized makes a change to intentionally
misrepresent something
• Integrity can also be lost unintentionally, such as when a computer power
surge corrupts a file or someone authorized to make a change accidentally
deletes a file or enters incorrect information.
• Integrity is lost when a computer virus infects a computer
• when an employee is able to modify his own salary in a payroll database
• when an unauthorized user vandalizes a web site
• when someone is able to cast a very large number of votes in an online poll
• Example: Checksums for the verification of integrity.
19. Availability
• For any information system to serve its purpose, the information must
be available when it is needed.
• This means the computing systems used to store and process the information,
the security controls used to protect it, and the communication channels used to
access it must be functioning correctly.
• High availability systems aim to remain available at all times, preventing service
disruptions due to power outages, hardware failures, and system upgrades.
• Ensuring availability also involves preventing denial of service attacks, such as a
flood of incoming messages to the target system, essentially forcing it to shut
down.
21. 1. Traffic Eavesdropping
• Eavesdropping attack also referred to as sniffing or snooping
attack is a major concern when comes to cyber security.
Through these attacks, your information like passwords, card
details, and other sensitive data is easily stolen while it is getting
transferred from one device to another.
• Traffic eavesdropping as the unauthorized interception of data
transmitted over a network.
• It can occur on wired and wireless networks.
22.
23. The motivations of attackers who engage in traffic
eavesdropping:
Stealing sensitive information (e.g., login credentials, financial data).
Gaining a competitive advantage.
Espionage and surveillance.
The common methods used by attackers to eavesdrop on
network traffic:
Packet sniffing.
Man-in-the-Middle (MitM) attacks.
Data interception at network endpoints
24. Risks and consequences of traffic eavesdropping:
Data breaches.
Privacy violations.
Financial losses.
Damage to reputation.
Vulnerable Communication Protocols
• HTTP vs. HTTPS.
• Unsecured Wi-Fi networks.
• Legacy encryption standards.
Countermeasures and Best Practices
• Present strategies to mitigate traffic eavesdropping:
• Encryption (e.g., TLS/SSL).
• VPN (Virtual Private Network) usage.
• Regular software updates.
• Secure Wi-Fi practices.
25. Malicious Intermediary
• Malicious Intermediary threat arises when messages are intercepted
and altered by a malicious service agent, thereby potentially
compromising the message’s confidentiality and/or integrity.
• It may also insert harmful data into the message before forwarding it
to its destination.
26.
27. Insufficient Authorization
• This attack occurs when access is granted to an attacker erroneously
or too broadly, resulting in the attacker getting access to IT resources
that are normally protected.
• This is often a result of the attacker gaining direct access to IT
resources that were implemented under the assumption that they
would only be accessed by trusted consumer programs.
• IT is also known as weak authentication.
28.
29. Virtualization Attack
• Virtualization provides multiple cloud consumers with access to IT
resources that share underlying hardware but are logically isolated
from each other.
• Once cloud providers grant cloud consumers administrative access to
virtualized IT resources, there is an inherent risk that cloud consumers
could abuse this access to attack the underlying physical IT resources.
30.
31. Overlapping Trust Boundaries
• If physical IT resources within a cloud are shared by different users,
these cloud service consumers have overlapping trust boundaries.
• Malicious user can target shared IT resources with the intention of
compromising cloud consumers or other It resources that share the
same trust boundary.
32.
33. Cloud Risk
• Policy and organizational risks
• Technical risks
• Legal risks
• Other risks
34. Policy and Organizational Risks
1. Lock-in: SaaS lock-in, PaaS lock-in, IaaS lock-in, It occurs due to high
customization of services according to user demand.
2. Loss of control and governance: it can lead-fulfilment of the
security requirement, lack of CIA, reduction in performance and
QoS.
3. Compliances challenges
4. Cloud service termination or failure
5. Supply chain failure
35. Technical Risks
• Isolation Failure: Computing capacity, storage, network shared among multiple
users. This multi-tenancy may leads toward some threats such as (failure of
logical or physical separation between memory stacks, storage and routing table)
Possible attacks: SQL injection and guest-hopping attacks
• Resource Exhaustions: Many resource allocation algorithms are used for
allocating all resources to cloud users. So, insufficient resource provisioning and
investments in infrastructure may lead to service unavailability problem or
degradation in performance.
36. • Cloud provider malicious insider: The malicious actions of an insider
could possibly have an impact on the CIA of all kind of data, IP, all kind
of services and indirectly reputation of organization, customer
expectation and experiences of employees.
Technology can help detect insider threats through:
• User activity monitoring
• Incident investigations
• Access management
• User and behavior analytics
37. • Loss of encryption Keys:
• Intercepting data in transit: transmission of data takes place across multiple physical
machines. Data at risk during transmission from to on-premises cloud or cloud to on-premises.
• Attacks: Spoofing, man-in-the-middle attacks
• Insecure or ineffective deletion of data
• Conflicts between customer hardening procedures and cloud
environment
• Malicious probes or scams
• Compromise service engine
38. Legal Risks
• Risk from changes of jurisdiction
• Licensing risks
• Data protection
39. Other Risks
• Backup lost or stolen
• Unauthorized access to premises
• Theft of computer equipment
• Natural disasters
40. Cloud Computing Security Architecture
• Data center layer
• VM layer
• Service provider layer
• User layer
41.
42. VM Security Challenges
1. Communication between VMs or VMs and Host
2. VM escape
3. VM monitoring from the host
4. VM monitoring from another VM
5. Denial of services
6. External modification of a VM
7. External modification of the hypervisor
8. Mixed trust level VM
9. Resource contention
43. 1. Communication between VMs or
VMs and Host:
• Communication between VMs: This refers to the exchange of data
or information between virtual machines (VMs) running on the same
physical host. VMs can communicate with each other using various
methods, such as virtual networks or inter-process communication
(IPC).
• Communication between VMs and Host: This involves interactions
between virtual machines and the underlying hypervisor (host). It can
include actions like VM creation, shutdown, or resource allocation.
Security Challenge: The challenge here is to ensure the
confidentiality and integrity of data transmitted between VMs and
between VMs and the host. Unauthorized access or interception of
communication can lead to data breaches or malicious attacks.
44. 2. VM escape
• VM escape, also known as a "hypervisor escape" or "guest-to-host
escape," is a security vulnerability that occurs when a process or a
virtual machine breaks out of its isolated environment (VM) and
gains unauthorized access to the host operating system or the
hypervisor. It's a significant security risk, as it can lead to the
compromise of the entire virtualization infrastructure.
• Security Challenge: VM escape poses a significant security
challenge as it allows an attacker to break out of the isolated VM
environment and gain access to the host or other VMs. Mitigating
VM escape vulnerabilities is critical to prevent unauthorized access
to sensitive resources.
45. 3. VM Monitoring from the Host:
• VM monitoring from the host involves the hypervisor or host
system monitoring the activity and performance of virtual
machines it manages. This monitoring can include tracking
resource usage, checking for security threats, and ensuring that
VMs are running efficiently.
• Security Challenge: While monitoring VMs from the host is
essential for management and security purposes, it can also be
a challenge as it requires robust security measures to prevent
unauthorized access to VM data and configurations.
Unauthorized monitoring can lead to privacy breaches.
46. 4. VM Monitoring from Another VM:
• In this context, VM monitoring from another VM refers to one
virtual machine monitoring the activities or resources of another
virtual machine running on the same host. This can be for
various reasons, such as security monitoring, performance
optimization, or resource allocation.
• Security Challenge: Allowing one VM to monitor another can
create security challenges, particularly regarding privacy and
data leakage. Ensuring that monitoring permissions are properly
configured and monitored is crucial to prevent unauthorized
surveillance.
47. 5. Denial of Services (DoS):
• Denial of Service is a cyberattack in which an attacker attempts
to disrupt or make a computer system or network unavailable to
its intended users by overwhelming it with a flood of illegitimate
requests or traffic. The goal is to exhaust system resources,
causing services to become slow or unavailable.
• Security Challenge: DoS attacks can overwhelm VMs or the
host with traffic, causing services to become unavailable.
Security measures like intrusion detection systems (IDS), load
balancing, and firewalls are needed to detect and mitigate DoS
attacks.
48. 6. External Modification of a VM:
• This refers to any unauthorized or unintended changes made to
the configuration, data, or state of a virtual machine from
outside sources. It could be due to malicious actions or
misconfigurations that impact the VM's integrity or operation.
• Security Challenge: External modification of a VM can lead to
unauthorized changes in configurations, data, or applications.
Protecting VMs from external tampering requires strong access
controls, secure boot processes, and regular security updates.
49. 7. External Modification of the
Hypervisor:
• Similar to external modification of a VM, this term describes
unauthorized changes made to the hypervisor (the software
managing virtual machines) from outside sources. Modifying the
hypervisor can have severe security implications for all VMs
running on that host.
• Security Challenge: Modifying the hypervisor externally can
compromise the security of all VMs on a host. Ensuring the
integrity of the hypervisor through secure boot, access controls,
and regular security patches is essential to prevent this.
50. 8. Mixed Trust Level VM:
• A mixed trust level VM refers to a virtual machine environment
in which different VMs have varying levels of trust or security
requirements. Some VMs may be considered more sensitive
and require stronger security measures, while others may be
less critical and have more relaxed security configurations.
• Security Challenge: Managing VMs with varying trust levels
can be challenging. Ensuring that high-trust VMs are isolated
from low-trust VMs and applying appropriate security policies to
each trust level is crucial to prevent breaches and data leakage.
51. 9. Resource Contention:
• Resource contention occurs when multiple virtual machines or
processes running on a host compete for the same finite resources,
such as CPU, memory, or storage. This competition can lead to
performance degradation for the VMs involved, potentially causing
slowdowns or resource allocation issues.
• Security Challenge: Resource contention can impact the
performance and availability of VMs. Managing resource allocation
to prevent one VM from monopolizing resources or causing others to
suffer is vital for security and reliability.