1. Unit IV Cloud Security
Multitenancy issues, Cloud security threats and risks, attacks in cloud
environment, virtual machine security: hypervisor attack, guest-hopping
attack, DDoS attacks, packet sniffing, man-in-the-middle attack, data
privacy and availability in cloud computing.
2. Multitenancy issues
• Multitenancy refers to the ability of a cloud provider to serve multiple clients or tenants using a
shared infrastructure. However, this shared infrastructure can lead to various security issues, such
as:
• Data Leakage: If tenants' data is not properly isolated, it can lead to data leakage. This can happen
due to various reasons such as a misconfigured network or access controls, or vulnerabilities in
the hypervisor layer.
• Co-Mingling of Data: The sharing of resources and services can lead to the co-mingling of data
belonging to different tenants. This can happen due to data being stored in the same location or
accidentally being routed to the wrong location.
• Privilege Escalation: Privilege escalation occurs when a tenant gains unauthorized access to
resources or data belonging to another tenant. This can happen due to weak authentication and
access control mechanisms.
• Service Level Agreements: Service level agreements (SLAs) can be difficult to enforce in a
multitenant environment, as service disruptions or data breaches can affect multiple tenants
simultaneously.
• To mitigate these issues, cloud providers need to implement strong security controls such as
isolation, access controls, encryption, and monitoring.
3. Cloud security threats and risks
• Cloud security threats and risks refer to the potential dangers and vulnerabilities that can affect
cloud computing systems and the data stored within them. Some common cloud security threats
and risks include:
• Data breaches: Unauthorized access to confidential data or sensitive information.
• DDoS attacks: Distributed Denial of Service attacks that can cause network outages or service
disruptions.
• Malware and viruses: Malicious software that can infect cloud systems and compromise security.
• Insider threats: Malicious or negligent insiders who have access to the cloud system.
• Account hijacking: Unauthorized access to user accounts and privileges.
• Insecure APIs: Insecure Application Programming Interfaces that can be exploited by attackers.
• Lack of encryption: Lack of encryption in data transmission and storage can lead to data breaches.
• Data loss or deletion: Accidental or intentional deletion of data or loss of data due to system
failures or cyber-attacks.
• To mitigate these risks and threats, cloud providers and users need to implement proper security
measures and practices such as access controls, encryption, monitoring, and backup and recovery
procedures.
4. attacks in cloud environment
• In a cloud environment, various types of attacks can occur due to the complexity of the cloud
infrastructure and the large number of users accessing the cloud resources. Some common
attacks in cloud environments include:
• Hypervisor attack: Hypervisor is a critical component of virtualization technology used in
cloud environments. An attacker who gains access to the hypervisor can potentially control
all the virtual machines running on that host, compromising the entire cloud environment.
• Guest-hopping attack: This attack occurs when an attacker gains access to a virtual machine
and then uses that access to jump to other virtual machines running on the same host,
potentially accessing sensitive information or causing damage.
• DDoS attacks: Distributed Denial of Service (DDoS) attacks can be launched against cloud
services, overwhelming the servers and causing service disruption.
• Packet sniffing: An attacker can intercept and capture network traffic between cloud
resources, potentially gaining access to sensitive information.
• Man-in-the-middle attack: This type of attack occurs when an attacker intercepts
communication between two cloud resources, potentially modifying or stealing data.
• It is important for cloud providers to implement strong security measures to protect against
these types of attacks and to regularly monitor the cloud environment for any suspicious
activity.
5. virtual machine security: hypervisor attack
• A hypervisor is a software layer that allows multiple virtual machines to run on a
single physical machine. It provides a level of abstraction between the physical
resources and the virtual machines. However, if the hypervisor is compromised, it
can lead to a range of security threats.
• A hypervisor attack can occur in two ways:
• VM escape attack: An attacker can exploit a vulnerability in the virtual machine to
break out of the virtual environment and gain access to the host system.
• Hypervisor-level attack: An attacker can directly target the hypervisor layer to
gain control of the host system or other virtual machines running on the same
physical machine.
• To mitigate hypervisor attacks, it is important to regularly patch and update the
hypervisor software and implement access control measures to restrict
unauthorized access to the hypervisor layer. Additionally, implementing security
measures such as encryption and access control for virtual machine images can
also help protect against hypervisor attacks.
6. guest-hopping attack
• A guest-hopping attack is a type of virtual machine (VM) escape attack that allows
an attacker to move from one guest VM to another on the same physical host.
• This type of attack takes advantage of vulnerabilities in the hypervisor or VM
monitor that manages multiple VMs on a single physical host.
• The attacker can exploit these vulnerabilities to gain unauthorized access to other
VMs and potentially compromise sensitive data or applications running in those
VMs.
• The guest-hopping attack is considered a serious threat to the security of cloud
environments, especially in multi-tenant environments where multiple users
share the same physical resources.
• To prevent guest-hopping attacks, it is important to keep the hypervisor and VM
software up to date with the latest security patches and to implement strict
access controls and monitoring for VM-to-VM communications.
• Additionally, using hardware-assisted virtualization can help to isolate VMs and
prevent guest-hopping attacks.
7. DDoS attacks
• DDoS (Distributed Denial of Service) attacks are a type of cyber attack that involves
overwhelming a targeted network or website with a flood of internet traffic from
multiple sources, making the service unavailable to legitimate users. In a cloud
environment, DDoS attacks can target the cloud service provider's infrastructure, as well
as the applications and services of cloud customers.
• DDoS attacks are typically launched using a botnet, which is a network of compromised
computers that are under the control of the attacker. The botnet is used to generate a
high volume of traffic that overwhelms the targeted network or website. This can cause a
range of problems, including service disruption, slow response times, and in some cases,
complete system failure.
• Cloud service providers typically have measures in place to detect and mitigate DDoS
attacks, such as traffic filtering and traffic diversion to absorb the traffic. However, cloud
customers also need to take steps to protect themselves from DDoS attacks, such as
using a content delivery network (CDN) or a DDoS protection service. It's also important
to have a response plan in place in case of a successful DDoS attack.
8. packet sniffing
• Packet sniffing is a technique used to intercept and capture network
traffic in order to gain access to sensitive information such as
passwords, usernames, and credit card numbers. This is accomplished
by using software or hardware tools that can analyze network packets
as they are transmitted across a network.
• Packet sniffing can be used for both legitimate and illegitimate
purposes. Legitimate uses include network monitoring and
troubleshooting, while illegitimate uses include stealing sensitive
information and launching attacks.
• To prevent packet sniffing, it is recommended to use encryption
protocols such as SSL or TLS. Additionally, it is important to use secure
passwords and avoid sending sensitive information over unsecured
networks.
9. Man-in-the-Middle Attack
• Man-in-the-middle (MITM) attack is a type of cyber attack where an
attacker intercepts communication between two parties to steal or modify
information exchanged between them.
• In cloud computing, MITM attacks can occur in the communication
between the cloud service provider and the customer or between different
cloud services.
• MITM attacks can be performed through various techniques, such as ARP
spoofing, DNS spoofing, and SSL stripping.
• The attacker can intercept and modify the data transmitted between the
parties, leading to the compromise of sensitive information or
unauthorized access to cloud resources.
• To prevent MITM attacks, the use of encryption and digital certificates is
recommended, along with proper network configuration and monitoring.
10. Data Privacy in Cloud Computing
• Data privacy is a major concern in cloud computing as it involves storing sensitive data on
remote servers. Here are some ways to ensure data privacy in cloud computing:
• Encryption: Encrypting sensitive data before storing it in the cloud is one way to protect
it from unauthorized access.
• Access controls: Implementing access controls like multi-factor authentication, identity
and access management (IAM), and role-based access control (RBAC) can ensure that
only authorized personnel can access sensitive data.
• Secure protocols: Using secure protocols like HTTPS and SSL/TLS for data transfer and
communication can also prevent data breaches.
• Data classification: Classifying data based on its sensitivity and implementing different
levels of protection based on the classification can also help in ensuring data privacy.
• Examples of data privacy breaches in cloud computing include the 2014 iCloud celebrity
photo leak and the 2017 Equifax data breach, which compromised the personal
information of millions of customers.
11. Data Availability in Cloud Computing
• Data availability is another critical aspect of cloud computing. Here are some ways to ensure data availability in cloud computing:
• Redundancy: Storing data in multiple locations or using redundant servers can ensure that data is available even if one server or
location goes down.
• Disaster recovery: Having a disaster recovery plan in place can help in quickly recovering data in case of natural disasters, cyber
attacks, or other emergencies.
• Service level agreements (SLAs): Negotiating and including SLAs in cloud computing contracts can ensure that service providers
guarantee a certain level of data availability.
• Backups: Regularly backing up data and storing it in secure locations can also help in ensuring data availability.
• Examples of data availability issues in cloud computing include the 2017 AWS S3 outage, which affected major websites and
services, and the 2020 Microsoft Office 365 outage, which impacted users worldwide.
12. Questions
• What are some of the common multitenancy issues in cloud computing?
• What are the major cloud security threats and risks that organizations should be
aware of?
• What are some of the common attacks that occur in a cloud environment?
• What is a hypervisor attack and how does it compromise virtual machine
security?
• Explain the guest-hopping attack and how it can be prevented in cloud
computing.
• How do DDoS attacks work and what are some strategies for mitigating them in a
cloud environment?
• What is packet sniffing and how does it pose a threat to data security in the
cloud?
• What is a man-in-the-middle attack and how can it be prevented in a cloud
environment?
13. Unit III Questions
• Explain the difference between Direct-Attached Storage (DAS) and Networked
Attached Storage (NAS).
• What are the attributes, components, and topologies of a Storage Area Network
(SAN)?
• Describe the different connectivity options and zoning techniques used in SANs.
• Discuss the FC protocol stack, addressing, and flow control used in Storage Area
Networks.
• What are the components, protocols, and architecture of IP Storage Area
Network (IP SAN)?
• Explain the differences between iSCSI, FCIP, and FCoE in IP SAN architecture.
• Describe the elements and processes involved in Content Addressed Storage
(CAS).
• Discuss the different server architectures, including stand-alone, blades, stateless,
and clustering, used in cloud storage infrastructure.