SlideShare a Scribd company logo

Cloud Computing v.s. Cyber Security

Bahtiyar Bircan
Bahtiyar Bircan

This document discusses cloud computing and its implications for cyber security. It begins with definitions of cloud computing and an overview of its key properties and benefits, such as scalability, on-demand access, and lower costs. It then explores both defensive and offensive uses of cloud computing for cyber activities. Defensively, the cloud can enable services like DDoS protection, backup and disaster recovery, and security auditing. However, attackers have also adapted malicious tools and techniques to the cloud, using its resources for activities like password cracking, botnets, and command-and-control servers. The document concludes with a case study showing how easily cyber attacks can be launched from the cloud anonymously and at low or no cost.

Technology
1 of 36
11 Haziran 2015 Cloud Computing v.s. Cyber Security Bahtiyar BİRCAN TOBB-ETU bahtiyarb@gmail.com
Agenda Cloud Computing Definition Cloud Properties and Benefits Cloud Computing fo Cyber Defense Cloud Computing for Cyber Offense Case Study: Cloud Based Cyber Attack 2
Cloud Computing
Cloud Computing Definiton “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. ,networks, servers, storage,applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST Cloud computing refers to the on-demand provision of computational resources (data, software) via a computer network, rather than from a local computer. Wikipedia 4
• On-demand self-service • Dynamic Resource Allocation • Device / Location Independence • Distributed architecture • Scalable and Elastic • High Computing Power • High Bandwith • High Storage Capacity Cloud Characteristics 5
Cloud Computing Benefits 6
Cloud Models 7
Cloud for Cyber Defense
• DDoS Protection • Web Application Attack Prevention • Backup and Disaster Recovery • Vulnerability Scan • Penetration Testing & Security Audit • Log Managamenet / SIEM • Forensics as a Service Cloud Usage for Cyber Defense 9
DDoS Protection Cloud Based DDoS Protection Services • CloudFlare, Incapsula 10
Web Application Attack Prevention 11
Vulnerability Scanning 12
Vulnerability Scanning 13
Penetration Testing & Security Audit 14
Forensics as a Service 15
Cloud for Cyber Offense
Cloud for Cyber Offense Hacking as a Service • Cloud properties for criminals – Scalability, – Quick Deployment – Dynamic resource usage – High computing power – High bandwith • Cyber criminals adapted their tools and techniques for cloud computing • Unfortunately they are better at using cloud platforms 17
Cloud for Cyber Offense Cloud Usage in Cyber Offense • DDoS as a Service • Botnet as a Service • Malware as a Service • Password Cracking • BotClouds • C&C Servers • Warez as a Service 18
DDoS as a Service 19 Source: McAfee
Botnet as a Service 20Source: McAfee
Malware as a Service 21 Source: Solutionary
Password Cracking as a Service Password Cracking Experiment • Lentgth: 1-6 character • Algorithm: SHA1 • Method: Brute Force • Hardware: – Amazon cg1.4xlarge – 22 GB memory – 2 x Intel Xeon X5570, quad-core – 2 x NVIDIA Tesla M2050 GPUs – 1690 GB of instance storage • Crack time: 49 min • Price: 2100 $ 22
Password Cracking as a Service 23
Command & Control Servers 24
Case Study: Cloud Based Cyber Attack
• How easy it is to build cyber attack infrastructure at cloud? • Can we build it at no cost ? • Can we build it anonymously? Case Study: Cloud Based Cyber Attack 26
Get anonymous e-mail account Register to cloud provider Get free trial of cloud Linux image Install attack software on VM Register free DNS domain Start attack Large scale attack Attack Scenario 27
• Known e-mail providers: – Gmail, – Yahoo, – Yandex, – Mail.ru • One-time mail providers – Mailinator Attack Step 1: Get Anonymous E-mail 28
• Lots of cloud providers give free trial accounts – 1 week – 1 year trial – Amazon – Rackspace – Siemens Cloud Services – … Attack Step 2: Register to Cloud Provider 29
Attack Step 3: Get a Trial of Linux VM Image 30
Attack Step 4: Install Attack Software on VM 31
Attack Step 5: Register Free DNS Domain 32
Attack Step 6: Launch an Attack Possible Attacks • Denial of Service • Port Scanning • Vulnerability Scan • Exploitation • Pshishing Site • Malware Server • Password Cracking 33
Attack Step 7: Large Scale Attacks Creating 20 Cloud Bots • Script for creating 20 cloud bot servers 34
Attack Step 7: Large Scale Attacks Creating 1000 Cloud Bots • Script for creating 1000 cloud bot servers 35
Thanks Bahtiyar BİRCAN TOBB-ETU bahtiyarb@gmail.com

Recommended

Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
RituparnaNag
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber Security
Niki Upadhyay
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
Cloud Computing & Security Concerns
Cloud Computing & Security ConcernsCloud Computing & Security Concerns
Cloud Computing & Security ConcernsUniversity of San Francisco
 
Data Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingData Confidentiality in Cloud Computing
Data Confidentiality in Cloud Computing
Ritesh Dwivedi
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
On technical security issues in cloud computing
On technical security issues in cloud computingOn technical security issues in cloud computing
On technical security issues in cloud computing
sashi799
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGHoang Nguyen
 

Recommended

Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
RituparnaNag
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber Security
Niki Upadhyay
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
Cloud Computing & Security Concerns
Cloud Computing & Security ConcernsCloud Computing & Security Concerns
Cloud Computing & Security ConcernsUniversity of San Francisco
 
Data Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingData Confidentiality in Cloud Computing
Data Confidentiality in Cloud Computing
Ritesh Dwivedi
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
On technical security issues in cloud computing
On technical security issues in cloud computingOn technical security issues in cloud computing
On technical security issues in cloud computing
sashi799
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGHoang Nguyen
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
Mohammed Fazuluddin
 
Cloud computing security and privacy
Cloud computing security and privacyCloud computing security and privacy
Cloud computing security and privacy
Adeel Javaid
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
veena venugopal
 
Ensuring data storage security in cloud computing
Ensuring data storage security in cloud computingEnsuring data storage security in cloud computing
Ensuring data storage security in cloud computing
Uday Wankar
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Gahya Pandian
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
vidhya dharmarajan
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Chris Purrington
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Rohit Buddabathina
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
saurabh soni
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
Jyotika Pandey
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research Topics
PhD Services
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportVivek Maurya
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responses
shafzonly
 
Data security in cloud environment
Data security in cloud environmentData security in cloud environment
Data security in cloud environment
Shivam Singh
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...
SlideTeam
 
Energy conservation week celebration
Energy conservation week celebrationEnergy conservation week celebration
Energy conservation week celebrationSudha Arun
 
Data Warehouse Optimization
Data Warehouse OptimizationData Warehouse Optimization
Data Warehouse OptimizationCloudera, Inc.
 

More Related Content

What's hot

Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
Mohammed Fazuluddin
 
Cloud computing security and privacy
Cloud computing security and privacyCloud computing security and privacy
Cloud computing security and privacy
Adeel Javaid
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
veena venugopal
 
Ensuring data storage security in cloud computing
Ensuring data storage security in cloud computingEnsuring data storage security in cloud computing
Ensuring data storage security in cloud computing
Uday Wankar
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Gahya Pandian
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
vidhya dharmarajan
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Chris Purrington
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Rohit Buddabathina
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
saurabh soni
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
Jyotika Pandey
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research Topics
PhD Services
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportVivek Maurya
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responses
shafzonly
 
Data security in cloud environment
Data security in cloud environmentData security in cloud environment
Data security in cloud environment
Shivam Singh
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...
SlideTeam
 

What's hot (20)

Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
 
Cloud computing security and privacy
Cloud computing security and privacyCloud computing security and privacy
Cloud computing security and privacy
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Ensuring data storage security in cloud computing
Ensuring data storage security in cloud computingEnsuring data storage security in cloud computing
Ensuring data storage security in cloud computing
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research Topics
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responses
 
Data security in cloud environment
Data security in cloud environmentData security in cloud environment
Data security in cloud environment
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...
 

Viewers also liked

Energy conservation week celebration
Energy conservation week celebrationEnergy conservation week celebration
Energy conservation week celebrationSudha Arun
 
Data Warehouse Optimization
Data Warehouse OptimizationData Warehouse Optimization
Data Warehouse OptimizationCloudera, Inc.
 
CUDA performance study on Hadoop MapReduce Cluster
CUDA performance study on Hadoop MapReduce ClusterCUDA performance study on Hadoop MapReduce Cluster
CUDA performance study on Hadoop MapReduce Clusterairbots
 
Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...
Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...
Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...Dr.Choen Krainara
 
Making Display Advertising Work for Auto Dealers
Making Display Advertising Work for Auto DealersMaking Display Advertising Work for Auto Dealers
Making Display Advertising Work for Auto Dealers
Speed Shift Media
 
Real-World Data Governance: Data Governance Roles & Responsibilities
Real-World Data Governance: Data Governance Roles & ResponsibilitiesReal-World Data Governance: Data Governance Roles & Responsibilities
Real-World Data Governance: Data Governance Roles & Responsibilities
DATAVERSITY
 
Top 10 heavy duty diesel mechanic interview questions and answers
Top 10 heavy duty diesel mechanic interview questions and answersTop 10 heavy duty diesel mechanic interview questions and answers
Top 10 heavy duty diesel mechanic interview questions and answerstonychoper8206
 
Seminar datawarehousing
Seminar datawarehousingSeminar datawarehousing
Seminar datawarehousing
Kavisha Uniyal
 
Lab Report on copper cycle
Lab Report on copper cycle Lab Report on copper cycle
Lab Report on copper cycle
Karanvir Sidhu
 
Equity derivatives
Equity derivativesEquity derivatives
Equity derivativesRahul Sane
 
How to perform an efficient Cold Chain Compliance and Gap Analysis
How to perform an efficient Cold Chain Compliance and Gap Analysis How to perform an efficient Cold Chain Compliance and Gap Analysis
How to perform an efficient Cold Chain Compliance and Gap Analysis
Alternatives Technologie Pharma
 
Financial Management Best Practices
Financial Management Best PracticesFinancial Management Best Practices
Financial Management Best Practices
Autotask
 
AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나
AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나
AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나
Amazon Web Services Korea
 
Churn management
Churn managementChurn management
Churn management
Mohammed Akram Ayyubi
 
Consulting Company Valuation Model
Consulting Company Valuation ModelConsulting Company Valuation Model
Consulting Company Valuation Model
Tony Rice
 
Lecture 1 introduction to construction procurement process.
Lecture 1 introduction to construction procurement process.Lecture 1 introduction to construction procurement process.
Lecture 1 introduction to construction procurement process.Aszahari Aie
 
Bài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theo
Bài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theoBài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theo
Bài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theo
MasterCode.vn
 
Energy management final ppt
Energy management final pptEnergy management final ppt
Energy management final ppt
EcoEvents
 
Top 10 electrical project engineer interview questions and answers
Top 10 electrical project engineer interview questions and answersTop 10 electrical project engineer interview questions and answers
Top 10 electrical project engineer interview questions and answersrobin26331
 
Energy management system
Energy management systemEnergy management system
Energy management system
kashbhat
 

Viewers also liked (20)

Energy conservation week celebration
Energy conservation week celebrationEnergy conservation week celebration
Energy conservation week celebration
 
Data Warehouse Optimization
Data Warehouse OptimizationData Warehouse Optimization
Data Warehouse Optimization
 
CUDA performance study on Hadoop MapReduce Cluster
CUDA performance study on Hadoop MapReduce ClusterCUDA performance study on Hadoop MapReduce Cluster
CUDA performance study on Hadoop MapReduce Cluster
 
Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...
Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...
Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...
 
Making Display Advertising Work for Auto Dealers
Making Display Advertising Work for Auto DealersMaking Display Advertising Work for Auto Dealers
Making Display Advertising Work for Auto Dealers
 
Real-World Data Governance: Data Governance Roles & Responsibilities
Real-World Data Governance: Data Governance Roles & ResponsibilitiesReal-World Data Governance: Data Governance Roles & Responsibilities
Real-World Data Governance: Data Governance Roles & Responsibilities
 
Top 10 heavy duty diesel mechanic interview questions and answers
Top 10 heavy duty diesel mechanic interview questions and answersTop 10 heavy duty diesel mechanic interview questions and answers
Top 10 heavy duty diesel mechanic interview questions and answers
 
Seminar datawarehousing
Seminar datawarehousingSeminar datawarehousing
Seminar datawarehousing
 
Lab Report on copper cycle
Lab Report on copper cycle Lab Report on copper cycle
Lab Report on copper cycle
 
Equity derivatives
Equity derivativesEquity derivatives
Equity derivatives
 
How to perform an efficient Cold Chain Compliance and Gap Analysis
How to perform an efficient Cold Chain Compliance and Gap Analysis How to perform an efficient Cold Chain Compliance and Gap Analysis
How to perform an efficient Cold Chain Compliance and Gap Analysis
 
Financial Management Best Practices
Financial Management Best PracticesFinancial Management Best Practices
Financial Management Best Practices
 
AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나
AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나
AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나
 
Churn management
Churn managementChurn management
Churn management
 
Consulting Company Valuation Model
Consulting Company Valuation ModelConsulting Company Valuation Model
Consulting Company Valuation Model
 
Lecture 1 introduction to construction procurement process.
Lecture 1 introduction to construction procurement process.Lecture 1 introduction to construction procurement process.
Lecture 1 introduction to construction procurement process.
 
Bài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theo
Bài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theoBài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theo
Bài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theo
 
Energy management final ppt
Energy management final pptEnergy management final ppt
Energy management final ppt
 
Top 10 electrical project engineer interview questions and answers
Top 10 electrical project engineer interview questions and answersTop 10 electrical project engineer interview questions and answers
Top 10 electrical project engineer interview questions and answers
 
Energy management system
Energy management systemEnergy management system
Energy management system
 

Similar to Cloud Computing v.s. Cyber Security

Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptx
ssuser0fc2211
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Ashish Mishra
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
abhisheknayak29
 
Virtualization and cloud computing
Virtualization and cloud computingVirtualization and cloud computing
Virtualization and cloud computing
Deep Gupta
 
Skip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized appsSkip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized apps
Haidee McMahon
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
Peter HJ van Eijk
 
4831586.ppt
4831586.ppt4831586.ppt
4831586.ppt
ahmad21315
 
Agility and Cloud Computing - Voices 2015
Agility and Cloud Computing - Voices 2015Agility and Cloud Computing - Voices 2015
Agility and Cloud Computing - Voices 2015
Deanna Kosaraju
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
 
Trend and Future of Cloud Computing
Trend and Future of Cloud ComputingTrend and Future of Cloud Computing
Trend and Future of Cloud Computing
hybrid cloud
 
12-cloud-security.ppt
12-cloud-security.ppt12-cloud-security.ppt
12-cloud-security.ppt
chelsi33
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
Shannon Lietz
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
Clould Computing and its application in Libraries
Clould Computing and its application in LibrariesClould Computing and its application in Libraries
Clould Computing and its application in LibrariesAmit Shaw
 
Cloud Security and their classifications
Cloud Security and their classificationsCloud Security and their classifications
Cloud Security and their classifications
KENNEDYDONATO1
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Shivananda Rai
 
Basics of cloud
Basics of cloudBasics of cloud
Basics of cloud
Syborg Services
 
A Complete Guide Cloud Computing
A Complete Guide Cloud ComputingA Complete Guide Cloud Computing
A Complete Guide Cloud Computing
Sripati Mahapatra
 
Introduction to Cloud computing
Introduction to Cloud computing Introduction to Cloud computing
Introduction to Cloud computing
mehanasshahul
 

Similar to Cloud Computing v.s. Cyber Security (20)

Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptx
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
 
Virtualization and cloud computing
Virtualization and cloud computingVirtualization and cloud computing
Virtualization and cloud computing
 
Skip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized appsSkip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized apps
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
4831586.ppt
4831586.ppt4831586.ppt
4831586.ppt
 
Agility and Cloud Computing - Voices 2015
Agility and Cloud Computing - Voices 2015Agility and Cloud Computing - Voices 2015
Agility and Cloud Computing - Voices 2015
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
 
Trend and Future of Cloud Computing
Trend and Future of Cloud ComputingTrend and Future of Cloud Computing
Trend and Future of Cloud Computing
 
12-cloud-security.ppt
12-cloud-security.ppt12-cloud-security.ppt
12-cloud-security.ppt
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Clould Computing and its application in Libraries
Clould Computing and its application in LibrariesClould Computing and its application in Libraries
Clould Computing and its application in Libraries
 
Cloud Security and their classifications
Cloud Security and their classificationsCloud Security and their classifications
Cloud Security and their classifications
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
 
Basics of cloud
Basics of cloudBasics of cloud
Basics of cloud
 
Jjm cloud computing
Jjm cloud computingJjm cloud computing
Jjm cloud computing
 
A Complete Guide Cloud Computing
A Complete Guide Cloud ComputingA Complete Guide Cloud Computing
A Complete Guide Cloud Computing
 
Introduction to Cloud computing
Introduction to Cloud computing Introduction to Cloud computing
Introduction to Cloud computing
 

Recently uploaded

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 

Recently uploaded (20)

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 

Cloud Computing v.s. Cyber Security

  • 1. 11 Haziran 2015 Cloud Computing v.s. Cyber Security Bahtiyar BİRCAN TOBB-ETU bahtiyarb@gmail.com
  • 2. Agenda Cloud Computing Definition Cloud Properties and Benefits Cloud Computing fo Cyber Defense Cloud Computing for Cyber Offense Case Study: Cloud Based Cyber Attack 2
  • 4. Cloud Computing Definiton “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. ,networks, servers, storage,applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST Cloud computing refers to the on-demand provision of computational resources (data, software) via a computer network, rather than from a local computer. Wikipedia 4
  • 5. • On-demand self-service • Dynamic Resource Allocation • Device / Location Independence • Distributed architecture • Scalable and Elastic • High Computing Power • High Bandwith • High Storage Capacity Cloud Characteristics 5
  • 8. Cloud for Cyber Defense
  • 9. • DDoS Protection • Web Application Attack Prevention • Backup and Disaster Recovery • Vulnerability Scan • Penetration Testing & Security Audit • Log Managamenet / SIEM • Forensics as a Service Cloud Usage for Cyber Defense 9
  • 10. DDoS Protection Cloud Based DDoS Protection Services • CloudFlare, Incapsula 10
  • 11. Web Application Attack Prevention 11
  • 14. Penetration Testing & Security Audit 14
  • 15. Forensics as a Service 15
  • 16. Cloud for Cyber Offense
  • 17. Cloud for Cyber Offense Hacking as a Service • Cloud properties for criminals – Scalability, – Quick Deployment – Dynamic resource usage – High computing power – High bandwith • Cyber criminals adapted their tools and techniques for cloud computing • Unfortunately they are better at using cloud platforms 17
  • 18. Cloud for Cyber Offense Cloud Usage in Cyber Offense • DDoS as a Service • Botnet as a Service • Malware as a Service • Password Cracking • BotClouds • C&C Servers • Warez as a Service 18
  • 19. DDoS as a Service 19 Source: McAfee
  • 20. Botnet as a Service 20Source: McAfee
  • 21. Malware as a Service 21 Source: Solutionary
  • 22. Password Cracking as a Service Password Cracking Experiment • Lentgth: 1-6 character • Algorithm: SHA1 • Method: Brute Force • Hardware: – Amazon cg1.4xlarge – 22 GB memory – 2 x Intel Xeon X5570, quad-core – 2 x NVIDIA Tesla M2050 GPUs – 1690 GB of instance storage • Crack time: 49 min • Price: 2100 $ 22
  • 23. Password Cracking as a Service 23
  • 24. Command & Control Servers 24
  • 25. Case Study: Cloud Based Cyber Attack
  • 26. • How easy it is to build cyber attack infrastructure at cloud? • Can we build it at no cost ? • Can we build it anonymously? Case Study: Cloud Based Cyber Attack 26
  • 27. Get anonymous e-mail account Register to cloud provider Get free trial of cloud Linux image Install attack software on VM Register free DNS domain Start attack Large scale attack Attack Scenario 27
  • 28. • Known e-mail providers: – Gmail, – Yahoo, – Yandex, – Mail.ru • One-time mail providers – Mailinator Attack Step 1: Get Anonymous E-mail 28
  • 29. • Lots of cloud providers give free trial accounts – 1 week – 1 year trial – Amazon – Rackspace – Siemens Cloud Services – … Attack Step 2: Register to Cloud Provider 29
  • 30. Attack Step 3: Get a Trial of Linux VM Image 30
  • 31. Attack Step 4: Install Attack Software on VM 31
  • 32. Attack Step 5: Register Free DNS Domain 32
  • 33. Attack Step 6: Launch an Attack Possible Attacks • Denial of Service • Port Scanning • Vulnerability Scan • Exploitation • Pshishing Site • Malware Server • Password Cracking 33
  • 34. Attack Step 7: Large Scale Attacks Creating 20 Cloud Bots • Script for creating 20 cloud bot servers 34
  • 35. Attack Step 7: Large Scale Attacks Creating 1000 Cloud Bots • Script for creating 1000 cloud bot servers 35