SlideShare a Scribd company logo

Chap 6 cloud security

Download as PPTX, PDF
Raj Sarode
Raj Sarode

in this cahper we learn Cloud Security challenges, issues & privacy in cloud, cloud security architecture, identity management and access control

Internet
1 of 17
Chapter 6 Cloud Security By Prof. Raj Sarode
Cloud Security Fundamentals • There are a lot of security myths about cloud security needed to be clarified. lot of people think that as soon as they give something to the cloud, they do not have to worry about compliance with security. That is absolutely not correct. If you are a business, your clients are looking at you for security. Whether you go to the cloud or you do it internally using your private infrastructure, that doesn’t change your responsibility in terms of who owns compliance to security. There needs to be a Has to do with black and white, that either cloud is insecure by default or cloud is secure by default. None of that is correct. It really depends on the controls. You’re not reinventing or eliminating any controls. You’re just moving where the controls reside and changing who owns the controls. Cloud by default is neither insecure nor secure, end of the day it’s how everything is implemented and how the data flows. very clear demarcation line. By Prof. Raj Sarode 2
Cloud Security Fundamentals Data is encrypted all the time. It really depends, and that’s a big myth. Some cloud service providers encrypt your data; some do not. You need to find and understand how your data is handled. Does your service providers have the key or does not. It all depends on the model of the cloud. Whether you are at box.com or Dropbox or Salesforce, it all depends on various processes that they’re doing on your data and whether your data is really encrypted or not. “It’s my data, I’ll get it back when I need it.” It’s not necessarily, it depends on where typically the data has been residing. And there are country specific laws that you need to know and understand how to get your data ba Cloud security considerations, whether it is compliance, identity and access management, service integrity, endpoint integrity, information protection, IP specific protection, all needs to be taken into consideration no matter how you are using cloud and for what reasons. By Prof. Raj Sarode 3
Cloud Security Fundamentals Cloud Security: The security and risk management mechanisms and operational proce As a consumer of a cloud platform, application or service, it is the customer’s responsibility to understand the inner-workings of the cloud model and inherent risks with applicable available controls. This includes understanding not only the services being provided but the back-end processes including governance, physical security, network security and other critical controls. The Cloud Security Alliance (CSA) maintains an active body of work titled the Cloud Controls Matrix, or CCM, currently in version 3.0.1 (here: https:// cloudsecurityalliance.org/research/ccm/), which provides an excellent way to understand common available security controls for cloud services. sses supporting the cloud computing IT model. By Prof. Raj Sarode 4
Vulnerability Assessment Tool For Cloud By Prof. Raj Sarode 5
Vulnerability Assessment Tool For Cloud • Clouds provide a powerful computing platform that enables individuals and organizations to perform variety levels of tasks such as: use of online storage space, adoption of business applications, development of customized computer software, and creation of a “realistic” network environment. • Vulnerability management tools help information security teams stay ahead of the rising tide of security issues in their organizations. • They combine state-of-the art vulnerability detection capabilities with prioritization algorithms that help organizations identify the issues requiring immediate attention, so they can focus efforts on the vulnerabilities most likely to result in a breach. By Prof. Raj Sarode 6
Vulnerability Assessment Life Cycle By Prof. Raj Sarode 7
Vulnerability Management Product Features  Quality and Speed of Updates.  Compatibility with Your Environment.  Support for Cloud Services.  Compliance.  Prioritization.  Active and Passive Detection.  Authenticated and Unauthenticated Scanning.  Remediation Guidance.  Vendor Support. By Prof. Raj Sarode 8
List Of Vulnerability Tools Name Owner Licence Platforms Acunetix WVS Acunetix Commercial / Free (Limited Capability) Windows AppScan IBM Commercial Windows App Scanner Trustwave Commercial Windows AppSpider Rapid7 Commercial Windows AVDS Beyond Security Commercial / Free (Limited Capability) N/A BlueClosure BC Detect BlueClosure Commercial, 2 weeks trial Most platforms supported Burp Suite PortSwiger Commercial / Free (Limited Capability) Most platforms supported Contrast Contrast Security Commercial / Free (Limited Capability) SaaS or On-Premises GamaScan GamaSec Commercial Windows Grabber Romain Gaucher Open Source Python 2.4, BeautifulSoup and PyXML Grendel-Scan David Byrne Open Source Windows, Linux and Macintosh GoLismero GoLismero Team GPLv2.0 Windows, Linux and Macintosh IKare ITrust Commercial N/A Indusface Web Application Scanning Indusface Commercial SaaS N-Stealth N-Stalker Commercial Windows Netsparker MavitunaSecurity Commercial Windows Nexpose Rapid7 Commercial / Free (Limited Capability) Windows/Linux Nikto CIRT Open Source Unix/Linux ParosPro MileSCAN Commercial Windows Proxy.app Websecurify Commercial Macintosh QualysGuard Qualys Commercial N/A Retina BeyondTrust Commercial Windows By Prof. Raj Sarode 9
List Of Vulnerability Tools By Prof. Raj Sarode 10 Securus Orvant, Inc Commercial N/A Sentinel WhiteHat Security Commercial N/A SOATest Parasoft Commercial Windows / Linux / Solaris Tinfoil Security Tinfoil Security, Inc. Commercial / Free (Limited Capability) SaaS or On-Premises Trustkeeper Scanner Trustwave SpiderLabs Commercial SaaS Vega Subgraph Open Source Windows, Linux and Macintosh Wapiti Informática Gesfor Open Source Windows, Unix/Linux and Macintosh WebApp360 TripWire Commercial Windows WebInspect HP Commercial Windows WebReaver Websecurify Commercial Macintosh WebScanService German Web Security Commercial N/A Websecurify Suite Websecurify Commercial / Free (Limited Capability) Windows, Linux, Macintosh Wikto Sensepost Open Source Windows w3af w3af.org GPLv2.0 Linux and Mac Xenotix XSS Exploit Framework OWASP Open Source Windows Zed Attack Proxy OWASP Open Source Windows, Unix/Linux and Macintosh
Privacy and Security in Cloud By Prof. Raj Sarode 11 • Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security. • Well-known security issues such as data loss, phishing, botnet (running remotely on a collection of machines) pose serious threats to organization's data and software. • Moreover, the multi- tenancy model and the pooled computing resources in cloud computing has introduced new security challenges that require novel techniques to tackle with. • For example, hackers can use Cloud to organize botnet as Cloud often provides more reliable infrastructure services at a relatively cheaper price for them to start an attack
Cloud Security Architecture By Prof. Raj Sarode 12
Cloud Security Architecture By Prof. Raj Sarode 13
Identity Management & Access Control By Prof. Raj Sarode 14 • Business demands on Identity Management & Access Control are changing rapidly, resulting in the requirement to adopt emerging technologies • Identity Management: Your online identity is established when you register. During registration, some attributes are collected and stored in the database. • The registration process can be quite different depending on what kind of digital identity you will be issued. • An identity management access (IAM) system is a framework for business processes that facilitates the management of electronic identities. • Access Control: So when the user identity is established he can access the service? Wrong. Authentication != Authorization (!= is nerd language and means “not equal”). After authentication there needs to be an access control decision. • The decision is based on the information available about the user. This is where the attributes come into play. • If the authentication process can deliver the required set of attributes to the access control decision point, the process can then evaluate the attributes and make the Yes/No decision.
Identity Management & Access Control By Prof. Raj Sarode 15 • The difference between identity management and access management is thus: • Identity Management is about managing the attributes related to the user • Access Management is about evaluating the attributes based on policies and making Yes/No decisions
Cloud computing security challenges By Prof. Raj Sarode 16 • Cloud computing security challenges fall into three broad categories: • Data Protection: Securing your data both at rest and in transit User Authentication: Limiting access to data and monitoring who accesses the data. • Disaster and Data Breach: Contingency Planning • Advanced Attacks & Cyber Conflicts • Service Provider Visibility • Translating Enterprise Requirements into the Cloud
Thank You By Prof. Raj Sarode 17

Recommended

Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 

Recommended

Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
tmather
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a Cloud
Divya S
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing risks
sripriya78
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
Animesh Chaturvedi
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Cloud service models
Cloud service modelsCloud service models
Cloud service models
Prem Sanil
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperability
gaurav jain
 
Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)
Raj Sarode
 
Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)
Raj Sarode
 

More Related Content

What's hot

Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
tmather
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a Cloud
Divya S
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing risks
sripriya78
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
Animesh Chaturvedi
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Cloud service models
Cloud service modelsCloud service models
Cloud service models
Prem Sanil
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperability
gaurav jain
 

What's hot (20)

Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a Cloud
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing risks
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Cloud service models
Cloud service modelsCloud service models
Cloud service models
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperability
 

Viewers also liked

Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)
Raj Sarode
 
Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)
Raj Sarode
 
Chap 2 virtulizatin
Chap 2 virtulizatinChap 2 virtulizatin
Chap 2 virtulizatin
Raj Sarode
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Gahya Pandian
 
Chap 1 introduction to cloud computing
Chap 1 introduction to cloud computingChap 1 introduction to cloud computing
Chap 1 introduction to cloud computing
Raj Sarode
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)
Raj Sarode
 
The Economic Gains of Cloud Computing
The Economic Gains of Cloud ComputingThe Economic Gains of Cloud Computing
The Economic Gains of Cloud Computing
GovCloud Network
 
stack
stackstack
stack
Raj Sarode
 
Queue
QueueQueue
Queue
Raj Sarode
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
cloud computing ppt
cloud computing pptcloud computing ppt
cloud computing ppt
himanshuawasthi2109
 
Datastructures and algorithms prepared by M.V.Brehmanada Reddy
Datastructures and algorithms prepared by M.V.Brehmanada ReddyDatastructures and algorithms prepared by M.V.Brehmanada Reddy
Datastructures and algorithms prepared by M.V.Brehmanada ReddyMalikireddy Bramhananda Reddy
 
IDC Infographic - How Flash Fits into Your Cloud
IDC Infographic - How Flash Fits into Your CloudIDC Infographic - How Flash Fits into Your Cloud
IDC Infographic - How Flash Fits into Your Cloud
Western Digital
 
Chapter 5 data processing
Chapter 5 data processingChapter 5 data processing
Chapter 5 data processingUMaine
 
Chap 8 graph
Chap 8 graphChap 8 graph
Chap 8 graph
Raj Sarode
 
Government Applications of Cloud Computing
Government Applications of Cloud ComputingGovernment Applications of Cloud Computing
Government Applications of Cloud Computing
Roger Smith
 
Iaas storage-170302090824
Iaas storage-170302090824Iaas storage-170302090824
Iaas storage-170302090824
Okcan Yasin Saygılı
 
Chap 7 binary threaded tree
Chap 7 binary threaded treeChap 7 binary threaded tree
Chap 7 binary threaded tree
Raj Sarode
 
How Analytics Optimize Migration to Amazon Web Services, Microsoft Azure and ...
How Analytics Optimize Migration to Amazon Web Services, Microsoft Azure and ...How Analytics Optimize Migration to Amazon Web Services, Microsoft Azure and ...
How Analytics Optimize Migration to Amazon Web Services, Microsoft Azure and ...
Enterprise Management Associates
 

Viewers also liked (20)

Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)
 
Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)
 
Chap 2 virtulizatin
Chap 2 virtulizatinChap 2 virtulizatin
Chap 2 virtulizatin
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Chap 1 introduction to cloud computing
Chap 1 introduction to cloud computingChap 1 introduction to cloud computing
Chap 1 introduction to cloud computing
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)
 
The Economic Gains of Cloud Computing
The Economic Gains of Cloud ComputingThe Economic Gains of Cloud Computing
The Economic Gains of Cloud Computing
 
stack
stackstack
stack
 
Queue
QueueQueue
Queue
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
cloud computing ppt
cloud computing pptcloud computing ppt
cloud computing ppt
 
Datastructures and algorithms prepared by M.V.Brehmanada Reddy
Datastructures and algorithms prepared by M.V.Brehmanada ReddyDatastructures and algorithms prepared by M.V.Brehmanada Reddy
Datastructures and algorithms prepared by M.V.Brehmanada Reddy
 
IDC Infographic - How Flash Fits into Your Cloud
IDC Infographic - How Flash Fits into Your CloudIDC Infographic - How Flash Fits into Your Cloud
IDC Infographic - How Flash Fits into Your Cloud
 
Chapter 5 data processing
Chapter 5 data processingChapter 5 data processing
Chapter 5 data processing
 
Chap 8 graph
Chap 8 graphChap 8 graph
Chap 8 graph
 
Government Applications of Cloud Computing
Government Applications of Cloud ComputingGovernment Applications of Cloud Computing
Government Applications of Cloud Computing
 
Iaas storage-170302090824
Iaas storage-170302090824Iaas storage-170302090824
Iaas storage-170302090824
 
Chap 7 binary threaded tree
Chap 7 binary threaded treeChap 7 binary threaded tree
Chap 7 binary threaded tree
 
Brain gate system
Brain gate systemBrain gate system
Brain gate system
 
How Analytics Optimize Migration to Amazon Web Services, Microsoft Azure and ...
How Analytics Optimize Migration to Amazon Web Services, Microsoft Azure and ...How Analytics Optimize Migration to Amazon Web Services, Microsoft Azure and ...
How Analytics Optimize Migration to Amazon Web Services, Microsoft Azure and ...
 

Similar to Chap 6 cloud security

Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
Happiest Minds Technologies
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
Amazon Web Services
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
Integral university, India
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Forgeahead Solutions
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
Intelligentia IT Systems Pvt. Ltd.
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
Cloudride LTD
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
LokNathRegmi1
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
Abhishek Sood
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Pyingkodi Maran
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
VAST
 
R ramya devi cloud computing
R ramya devi cloud computingR ramya devi cloud computing
R ramya devi cloud computing
PriyadharshiniVS
 

Similar to Chap 6 cloud security (20)

Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
 
R ramya devi cloud computing
R ramya devi cloud computingR ramya devi cloud computing
R ramya devi cloud computing
 

Recently uploaded

[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 

Recently uploaded (20)

[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 

Chap 6 cloud security

  • 1. Chapter 6 Cloud Security By Prof. Raj Sarode
  • 2. Cloud Security Fundamentals • There are a lot of security myths about cloud security needed to be clarified. lot of people think that as soon as they give something to the cloud, they do not have to worry about compliance with security. That is absolutely not correct. If you are a business, your clients are looking at you for security. Whether you go to the cloud or you do it internally using your private infrastructure, that doesn’t change your responsibility in terms of who owns compliance to security. There needs to be a Has to do with black and white, that either cloud is insecure by default or cloud is secure by default. None of that is correct. It really depends on the controls. You’re not reinventing or eliminating any controls. You’re just moving where the controls reside and changing who owns the controls. Cloud by default is neither insecure nor secure, end of the day it’s how everything is implemented and how the data flows. very clear demarcation line. By Prof. Raj Sarode 2
  • 3. Cloud Security Fundamentals Data is encrypted all the time. It really depends, and that’s a big myth. Some cloud service providers encrypt your data; some do not. You need to find and understand how your data is handled. Does your service providers have the key or does not. It all depends on the model of the cloud. Whether you are at box.com or Dropbox or Salesforce, it all depends on various processes that they’re doing on your data and whether your data is really encrypted or not. “It’s my data, I’ll get it back when I need it.” It’s not necessarily, it depends on where typically the data has been residing. And there are country specific laws that you need to know and understand how to get your data ba Cloud security considerations, whether it is compliance, identity and access management, service integrity, endpoint integrity, information protection, IP specific protection, all needs to be taken into consideration no matter how you are using cloud and for what reasons. By Prof. Raj Sarode 3
  • 4. Cloud Security Fundamentals Cloud Security: The security and risk management mechanisms and operational proce As a consumer of a cloud platform, application or service, it is the customer’s responsibility to understand the inner-workings of the cloud model and inherent risks with applicable available controls. This includes understanding not only the services being provided but the back-end processes including governance, physical security, network security and other critical controls. The Cloud Security Alliance (CSA) maintains an active body of work titled the Cloud Controls Matrix, or CCM, currently in version 3.0.1 (here: https:// cloudsecurityalliance.org/research/ccm/), which provides an excellent way to understand common available security controls for cloud services. sses supporting the cloud computing IT model. By Prof. Raj Sarode 4
  • 5. Vulnerability Assessment Tool For Cloud By Prof. Raj Sarode 5
  • 6. Vulnerability Assessment Tool For Cloud • Clouds provide a powerful computing platform that enables individuals and organizations to perform variety levels of tasks such as: use of online storage space, adoption of business applications, development of customized computer software, and creation of a “realistic” network environment. • Vulnerability management tools help information security teams stay ahead of the rising tide of security issues in their organizations. • They combine state-of-the art vulnerability detection capabilities with prioritization algorithms that help organizations identify the issues requiring immediate attention, so they can focus efforts on the vulnerabilities most likely to result in a breach. By Prof. Raj Sarode 6
  • 7. Vulnerability Assessment Life Cycle By Prof. Raj Sarode 7
  • 8. Vulnerability Management Product Features  Quality and Speed of Updates.  Compatibility with Your Environment.  Support for Cloud Services.  Compliance.  Prioritization.  Active and Passive Detection.  Authenticated and Unauthenticated Scanning.  Remediation Guidance.  Vendor Support. By Prof. Raj Sarode 8
  • 9. List Of Vulnerability Tools Name Owner Licence Platforms Acunetix WVS Acunetix Commercial / Free (Limited Capability) Windows AppScan IBM Commercial Windows App Scanner Trustwave Commercial Windows AppSpider Rapid7 Commercial Windows AVDS Beyond Security Commercial / Free (Limited Capability) N/A BlueClosure BC Detect BlueClosure Commercial, 2 weeks trial Most platforms supported Burp Suite PortSwiger Commercial / Free (Limited Capability) Most platforms supported Contrast Contrast Security Commercial / Free (Limited Capability) SaaS or On-Premises GamaScan GamaSec Commercial Windows Grabber Romain Gaucher Open Source Python 2.4, BeautifulSoup and PyXML Grendel-Scan David Byrne Open Source Windows, Linux and Macintosh GoLismero GoLismero Team GPLv2.0 Windows, Linux and Macintosh IKare ITrust Commercial N/A Indusface Web Application Scanning Indusface Commercial SaaS N-Stealth N-Stalker Commercial Windows Netsparker MavitunaSecurity Commercial Windows Nexpose Rapid7 Commercial / Free (Limited Capability) Windows/Linux Nikto CIRT Open Source Unix/Linux ParosPro MileSCAN Commercial Windows Proxy.app Websecurify Commercial Macintosh QualysGuard Qualys Commercial N/A Retina BeyondTrust Commercial Windows By Prof. Raj Sarode 9
  • 10. List Of Vulnerability Tools By Prof. Raj Sarode 10 Securus Orvant, Inc Commercial N/A Sentinel WhiteHat Security Commercial N/A SOATest Parasoft Commercial Windows / Linux / Solaris Tinfoil Security Tinfoil Security, Inc. Commercial / Free (Limited Capability) SaaS or On-Premises Trustkeeper Scanner Trustwave SpiderLabs Commercial SaaS Vega Subgraph Open Source Windows, Linux and Macintosh Wapiti Informática Gesfor Open Source Windows, Unix/Linux and Macintosh WebApp360 TripWire Commercial Windows WebInspect HP Commercial Windows WebReaver Websecurify Commercial Macintosh WebScanService German Web Security Commercial N/A Websecurify Suite Websecurify Commercial / Free (Limited Capability) Windows, Linux, Macintosh Wikto Sensepost Open Source Windows w3af w3af.org GPLv2.0 Linux and Mac Xenotix XSS Exploit Framework OWASP Open Source Windows Zed Attack Proxy OWASP Open Source Windows, Unix/Linux and Macintosh
  • 11. Privacy and Security in Cloud By Prof. Raj Sarode 11 • Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security. • Well-known security issues such as data loss, phishing, botnet (running remotely on a collection of machines) pose serious threats to organization's data and software. • Moreover, the multi- tenancy model and the pooled computing resources in cloud computing has introduced new security challenges that require novel techniques to tackle with. • For example, hackers can use Cloud to organize botnet as Cloud often provides more reliable infrastructure services at a relatively cheaper price for them to start an attack
  • 12. Cloud Security Architecture By Prof. Raj Sarode 12
  • 13. Cloud Security Architecture By Prof. Raj Sarode 13
  • 14. Identity Management & Access Control By Prof. Raj Sarode 14 • Business demands on Identity Management & Access Control are changing rapidly, resulting in the requirement to adopt emerging technologies • Identity Management: Your online identity is established when you register. During registration, some attributes are collected and stored in the database. • The registration process can be quite different depending on what kind of digital identity you will be issued. • An identity management access (IAM) system is a framework for business processes that facilitates the management of electronic identities. • Access Control: So when the user identity is established he can access the service? Wrong. Authentication != Authorization (!= is nerd language and means “not equal”). After authentication there needs to be an access control decision. • The decision is based on the information available about the user. This is where the attributes come into play. • If the authentication process can deliver the required set of attributes to the access control decision point, the process can then evaluate the attributes and make the Yes/No decision.
  • 15. Identity Management & Access Control By Prof. Raj Sarode 15 • The difference between identity management and access management is thus: • Identity Management is about managing the attributes related to the user • Access Management is about evaluating the attributes based on policies and making Yes/No decisions
  • 16. Cloud computing security challenges By Prof. Raj Sarode 16 • Cloud computing security challenges fall into three broad categories: • Data Protection: Securing your data both at rest and in transit User Authentication: Limiting access to data and monitoring who accesses the data. • Disaster and Data Breach: Contingency Planning • Advanced Attacks & Cyber Conflicts • Service Provider Visibility • Translating Enterprise Requirements into the Cloud
  • 17. Thank You By Prof. Raj Sarode 17