Cloud servers-new-risk-considerations


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cloud servers-new-risk-considerations

  1. 1. w h i t e pa p e r Cloud Servers:New Risk Considerations Overview.....................................................................................2 Cloud Servers Attract e-Criminals...........................................2 Servers Have More Exposure in the Cloud.............................3 Cloud Elasticity Multiplies Attackable Surface Area..............3 The Boomerang Problem..........................................................4 Managing New Cloud Risks.....................................................4 About CloudPassage................................................................5 Copyright © 2011, CloudPassage Inc. 1
  2. 2. OverviewThe tremendous scalability, flexibility, and speed of Infrastructure-as-a-Service (IaaS) make itone of the fastest-growing sectors of the cloud computing markets. IaaS providers combinevirtualization technologies with massive infrastructure to deliver bandwidth, storage, and CPUpower on-demand and with granular control over scale and costs. The potential benefits ofhosting applications and workloads on cloud servers are enormous, making cloud serversthe de facto norm for a rapidly growing set of use cases.Security and compliance, however, remain major challenges to adoption of public cloudinfrastructure services. Usage agreements and documentation squarely make the user ofIaaS, not the provider, responsible for protecting servers, applications and data in the cloud –essentially everything from the virtual machine OS upward in the stack.1It is critical for organizations to understand the issues around securing IaaS environmentsas they move toward the flexibility, scale, and power of cloud hosting. The first step tounderstanding the issues is awareness of new exposures, threats, and risks. This white paperfrom CloudPassage presents specific details on the most pertinent new risks associated withadoption of cloud IaaS. It is based on real world learning, shared by companies we haveworked with, to achieve security and compliance in the cloud. Software companies movingto SaaS business models, growing social media startups and long-established industrybellwethers have contributed to this knowledge.Cloud Servers Attract e-CriminalsOnline fraud has grown into a sophisticated underground economy that requires infrastructure on amassive scale. Phishing, password cracking, and denial of service attacks leverage botnets – illicitnetworks built from huge numbers of compromised servers and personal computers.Botnets consist of thousands of “zombies” – personal computers infected by malware – which carry outcommands on behalf of the botnet operator. These compromised computers can bombard web serverswith denial-of-service attacks, fire thousands of password attempts per hour, and participate in dozensof other online cracking activities.Fraudsters and e-criminals use command-and-control software to coordinate zombie attack execution.Command-and-control most frequently operates from compromised servers, without the serverowner’s knowledge. Fraudsters demand a constant stream of freshly compromised servers to keepbotnets running. An entire underground business known as bot herding2 emerged to capitalize on thisillicit need.Bot-herders make their living by building botnets to then sell or rent to other e-criminals. This practicehas evolved to the point of Fraud-as-a-Service, the sale of prebuilt botnets ondemand, for a fewhundred dollars a month.3 It takes bot herders’ time and resources to seek out and compromise vulner-able servers. Economies of scale and cost-benefit apply to a bot herding business just as any other.1 For example, Amazon Web Services refers to this as the “shared responsibility model” in the AWS Overview of Security Processes.2 See The term “Fraud-as-a-Service” is attributed to RSA, the Security Division of EMC. See “RSA Online Fraud Report” (April 2008)Copyright © 2011, CloudPassage Inc. 2
  3. 3. Compromising an elastic cloud infrastructure environment can return a windfall versus hacking into atraditional hardware server. If a bot-herder is able to place command-and-control software on a VM thatlater is duplicated through cloning or cloud bursting, the botnet capacity will automatically grow.For stakeholders in cloud hosting environments, the implication is a higher expectation of being targetedfor server takeovers, root-kitting and botnet command-and-control insertions.Servers Have More Exposure in the CloudServers hosted in public IaaS environments have more exposure to compromise than servers do withinthe traditional data center, where layers of perimeter controls defend server weaknesses from exploit.Cloud IaaS environments rarely offer the control over network topology required to implement perimetersecurity strategies. As a result, vulnerabilities on each cloud server are more exposed to compromisethan those in a traditional data center.In a typical private data center environment, security chokepoints and/or network demarcation zones(DMZs) exist; firewalls, intrusion detection systems (IDS) and UTM devices easily inspect externaltraffic from sources such as Internet connectivity. Typically, hardware acceleration within the data centerboosts performance and compensate for the processing demands required to inspect and control allnetwork traffic in and out of an organization. Because public IaaS environments rarely offer control overhardware or topology, these control mechanisms are unavailable to enterprises hosting servers there.Traditional perimeter security depends heavily on control over network factors like IP addressing, physicaltopology and routing. Customers of cloud IaaS do not have this control; the cloud provider usuallydictates network addressing and routing. Server IP addresses are unpredictable, creating seriouscomplications in configuring security mechanisms. Public IaaS environments also typically segmentnetwork traffic at the VM level, meaning the only traffic a server can see is its own. It is not possibleto use network-level IDS, IPS or wire-level UTM mechanisms in this environment. The performanceimplications of each cloud server performing traffic inspection at the wire level are staggering, especiallygiven the lack of hardware control.Even in a traditional data center with perimeter defenses in place, server-level security such ashardening, secure application configuration, and patch management are important. In the cloud,where front-line defenses are extremely limited, server-level security protection is critical. Cloudservers are largely on their own to protect themselves; strong and highly automated host-basedcontrols are essential.Cloud Elasticity Multiplies Attack SurfacesElasticity is a key differentiator distinguishing IaaS from other infrastructure hosting models. Serversare no longer boxes mounted to racks bolted to the floor. With virtualization and cloud technologies,servers are now files and metadata that can be instantly copied, migrated, and stored offline for laterreactivation – in other words, elastic.This elasticity provides companies with the ability to cloudburst, expanding the number of servers andavailable compute power within minutes. However, this significantly increases the risk of compromise.The problem is quite simply that as a virtual server duplicates so do its vulnerabilities and exposures.Given the speed with which servers can multiply, this issue increases the attackable surface area of acloud server farm dramatically within minutes.Inactive machine images or snapshots are virtual machines that are saved for later reactivation or as aCopyright © 2011, CloudPassage Inc. 3
  4. 4. template for new servers. While this capability is clearly useful, offline server images do not get updatesregarding newly discovered vulnerability, policy changes, or modification to user accounts and accessrights. When a hibernated server is reactivated, there will be access privileges, software vulnerabilities,and outdated configurations that expose it to immediate compromise.When adopting a cloud-hosting model, system administrators and other stakeholders should be awareof and account for these issues. One misconfigured server, either created recently or resurrected fromstorage, could multiply during cloning and cloud-bursting operations to become the “Typhoid Mary” ofthe cloud farm.The Boomerang ProblemOrganizations often turn to cloud hosting for application development Public cloud hosting reduces bar-riers to application development, increasing speed to market for technology-related products. Specialinfrastructure skills, network configuration and hardware setup time are minimal. This is an attractiveproposition, especially for business and technology managers frustrated with the perceived delays andred tape associated with infrastructure setup.Sometimes central information technology organizations sanction cloud-based development efforts; insome instances, individually business units charge ahead independently. At some point, all successfuldevelopment projects go into production. Sometimes the application continues to run in the public cloudenvironment. Often the application code comes back in-house with the cloud server in a ready-to-runvirtual machine image.If cloud servers used for development are not secured properly, disastrous results often occur. Theseservers are highly exposed, and often the dynamic nature of application development masks signs ofintrusion.Compromise impact could include code theft or insertion of malicious functionality into the newapplication. Any live data used for development purposes (a disturbingly frequent occurrence) could beat risk and compromised with the server. If rootkits or other malware are dropped onto the cloud server,that malware could come back to the enterprise data center.Managing New Cloud RisksClearly there is new set of exposures and risks associated with hosting applications, data and workloadsin public IaaS environments. Perimeter-oriented methods of protection that have worked for years arehighly difficult or completely untenable in these environments. The dynamic nature of public and hybridcloud server farms further complicates matters.The lack of options to protect servers in high-risk public clouds can be the deal-killer that stopscompanies from embracing public IaaS and realizing the obvious benefits. There is a need to bridgethe gap between traditional perimeter-oriented data center security and security in dynamic cloudenvironments.Securing the server itself in an automated, portable, and elastic manner represents the most effectiveapproach to practical survivability in public and hybrid clouds. By implementing best practices in acloud-capable, elastic model, enterprises can create security for cloud-hosted applications and datathat meets or exceeds what traditional perimeter-centric models can deliver. nCopyright © 2011, CloudPassage Inc. 4
  5. 5. This paper is the first in a series of white papers from CloudPassage. This series will offer technical andoperational security considerations found valuable in developing real-world strategies for securing IaaShosting environments. In later white papers, CloudPassage will examine models, best practices, andtechnology alternatives for achieving portable cloud server security.Visit us at to learn more.About CloudPassageCloudPassage is a security SaaS company offering the industry’s first and only server securityand compliance solutions purpose-built for elastic cloud environments. The company addressesthe technical challenges of securing highly dynamic cloud hosting environments where consis-tent physical location, network control and perimeter security are not guaranteed. The company’searly product feature set includes high-accuracy server security configuration and vulnerabilitymanagement and centralized management of host-based firewalls. The innovative capabilitiesof the Halo platform operate across infrastructure models and seamlessly handle cloud serverbursting, cloning, and migration. Headquartered in Menlo Park, California, CloudPassage isbacked by a number of well-known venture capital firms and angel investors.Copyright © 2011, CloudPassage Inc. 5