SlideShare a Scribd company logo

Cloud Security in cloud computing 1.pptx

Download as PPTX, PDF
R
RahulBhole12

Security

Engineering
1 of 13
Unit IV Cloud Security Multitenancy issues, Cloud security threats and risks, attacks in cloud environment, virtual machine security: hypervisor attack, guest-hopping attack, DDoS attacks, packet sniffing, man-in-the-middle attack, data privacy and availability in cloud computing.
Multitenancy issues • Multitenancy refers to the ability of a cloud provider to serve multiple clients or tenants using a shared infrastructure. However, this shared infrastructure can lead to various security issues, such as: • Data Leakage: If tenants' data is not properly isolated, it can lead to data leakage. This can happen due to various reasons such as a misconfigured network or access controls, or vulnerabilities in the hypervisor layer. • Co-Mingling of Data: The sharing of resources and services can lead to the co-mingling of data belonging to different tenants. This can happen due to data being stored in the same location or accidentally being routed to the wrong location. • Privilege Escalation: Privilege escalation occurs when a tenant gains unauthorized access to resources or data belonging to another tenant. This can happen due to weak authentication and access control mechanisms. • Service Level Agreements: Service level agreements (SLAs) can be difficult to enforce in a multitenant environment, as service disruptions or data breaches can affect multiple tenants simultaneously. • To mitigate these issues, cloud providers need to implement strong security controls such as isolation, access controls, encryption, and monitoring.
Cloud security threats and risks • Cloud security threats and risks refer to the potential dangers and vulnerabilities that can affect cloud computing systems and the data stored within them. Some common cloud security threats and risks include: • Data breaches: Unauthorized access to confidential data or sensitive information. • DDoS attacks: Distributed Denial of Service attacks that can cause network outages or service disruptions. • Malware and viruses: Malicious software that can infect cloud systems and compromise security. • Insider threats: Malicious or negligent insiders who have access to the cloud system. • Account hijacking: Unauthorized access to user accounts and privileges. • Insecure APIs: Insecure Application Programming Interfaces that can be exploited by attackers. • Lack of encryption: Lack of encryption in data transmission and storage can lead to data breaches. • Data loss or deletion: Accidental or intentional deletion of data or loss of data due to system failures or cyber-attacks. • To mitigate these risks and threats, cloud providers and users need to implement proper security measures and practices such as access controls, encryption, monitoring, and backup and recovery procedures.
attacks in cloud environment • In a cloud environment, various types of attacks can occur due to the complexity of the cloud infrastructure and the large number of users accessing the cloud resources. Some common attacks in cloud environments include: • Hypervisor attack: Hypervisor is a critical component of virtualization technology used in cloud environments. An attacker who gains access to the hypervisor can potentially control all the virtual machines running on that host, compromising the entire cloud environment. • Guest-hopping attack: This attack occurs when an attacker gains access to a virtual machine and then uses that access to jump to other virtual machines running on the same host, potentially accessing sensitive information or causing damage. • DDoS attacks: Distributed Denial of Service (DDoS) attacks can be launched against cloud services, overwhelming the servers and causing service disruption. • Packet sniffing: An attacker can intercept and capture network traffic between cloud resources, potentially gaining access to sensitive information. • Man-in-the-middle attack: This type of attack occurs when an attacker intercepts communication between two cloud resources, potentially modifying or stealing data. • It is important for cloud providers to implement strong security measures to protect against these types of attacks and to regularly monitor the cloud environment for any suspicious activity.
virtual machine security: hypervisor attack • A hypervisor is a software layer that allows multiple virtual machines to run on a single physical machine. It provides a level of abstraction between the physical resources and the virtual machines. However, if the hypervisor is compromised, it can lead to a range of security threats. • A hypervisor attack can occur in two ways: • VM escape attack: An attacker can exploit a vulnerability in the virtual machine to break out of the virtual environment and gain access to the host system. • Hypervisor-level attack: An attacker can directly target the hypervisor layer to gain control of the host system or other virtual machines running on the same physical machine. • To mitigate hypervisor attacks, it is important to regularly patch and update the hypervisor software and implement access control measures to restrict unauthorized access to the hypervisor layer. Additionally, implementing security measures such as encryption and access control for virtual machine images can also help protect against hypervisor attacks.
guest-hopping attack • A guest-hopping attack is a type of virtual machine (VM) escape attack that allows an attacker to move from one guest VM to another on the same physical host. • This type of attack takes advantage of vulnerabilities in the hypervisor or VM monitor that manages multiple VMs on a single physical host. • The attacker can exploit these vulnerabilities to gain unauthorized access to other VMs and potentially compromise sensitive data or applications running in those VMs. • The guest-hopping attack is considered a serious threat to the security of cloud environments, especially in multi-tenant environments where multiple users share the same physical resources. • To prevent guest-hopping attacks, it is important to keep the hypervisor and VM software up to date with the latest security patches and to implement strict access controls and monitoring for VM-to-VM communications. • Additionally, using hardware-assisted virtualization can help to isolate VMs and prevent guest-hopping attacks.
DDoS attacks • DDoS (Distributed Denial of Service) attacks are a type of cyber attack that involves overwhelming a targeted network or website with a flood of internet traffic from multiple sources, making the service unavailable to legitimate users. In a cloud environment, DDoS attacks can target the cloud service provider's infrastructure, as well as the applications and services of cloud customers. • DDoS attacks are typically launched using a botnet, which is a network of compromised computers that are under the control of the attacker. The botnet is used to generate a high volume of traffic that overwhelms the targeted network or website. This can cause a range of problems, including service disruption, slow response times, and in some cases, complete system failure. • Cloud service providers typically have measures in place to detect and mitigate DDoS attacks, such as traffic filtering and traffic diversion to absorb the traffic. However, cloud customers also need to take steps to protect themselves from DDoS attacks, such as using a content delivery network (CDN) or a DDoS protection service. It's also important to have a response plan in place in case of a successful DDoS attack.
packet sniffing • Packet sniffing is a technique used to intercept and capture network traffic in order to gain access to sensitive information such as passwords, usernames, and credit card numbers. This is accomplished by using software or hardware tools that can analyze network packets as they are transmitted across a network. • Packet sniffing can be used for both legitimate and illegitimate purposes. Legitimate uses include network monitoring and troubleshooting, while illegitimate uses include stealing sensitive information and launching attacks. • To prevent packet sniffing, it is recommended to use encryption protocols such as SSL or TLS. Additionally, it is important to use secure passwords and avoid sending sensitive information over unsecured networks.
Man-in-the-Middle Attack • Man-in-the-middle (MITM) attack is a type of cyber attack where an attacker intercepts communication between two parties to steal or modify information exchanged between them. • In cloud computing, MITM attacks can occur in the communication between the cloud service provider and the customer or between different cloud services. • MITM attacks can be performed through various techniques, such as ARP spoofing, DNS spoofing, and SSL stripping. • The attacker can intercept and modify the data transmitted between the parties, leading to the compromise of sensitive information or unauthorized access to cloud resources. • To prevent MITM attacks, the use of encryption and digital certificates is recommended, along with proper network configuration and monitoring.
Data Privacy in Cloud Computing • Data privacy is a major concern in cloud computing as it involves storing sensitive data on remote servers. Here are some ways to ensure data privacy in cloud computing: • Encryption: Encrypting sensitive data before storing it in the cloud is one way to protect it from unauthorized access. • Access controls: Implementing access controls like multi-factor authentication, identity and access management (IAM), and role-based access control (RBAC) can ensure that only authorized personnel can access sensitive data. • Secure protocols: Using secure protocols like HTTPS and SSL/TLS for data transfer and communication can also prevent data breaches. • Data classification: Classifying data based on its sensitivity and implementing different levels of protection based on the classification can also help in ensuring data privacy. • Examples of data privacy breaches in cloud computing include the 2014 iCloud celebrity photo leak and the 2017 Equifax data breach, which compromised the personal information of millions of customers.
Data Availability in Cloud Computing • Data availability is another critical aspect of cloud computing. Here are some ways to ensure data availability in cloud computing: • Redundancy: Storing data in multiple locations or using redundant servers can ensure that data is available even if one server or location goes down. • Disaster recovery: Having a disaster recovery plan in place can help in quickly recovering data in case of natural disasters, cyber attacks, or other emergencies. • Service level agreements (SLAs): Negotiating and including SLAs in cloud computing contracts can ensure that service providers guarantee a certain level of data availability. • Backups: Regularly backing up data and storing it in secure locations can also help in ensuring data availability. • Examples of data availability issues in cloud computing include the 2017 AWS S3 outage, which affected major websites and services, and the 2020 Microsoft Office 365 outage, which impacted users worldwide.
Questions • What are some of the common multitenancy issues in cloud computing? • What are the major cloud security threats and risks that organizations should be aware of? • What are some of the common attacks that occur in a cloud environment? • What is a hypervisor attack and how does it compromise virtual machine security? • Explain the guest-hopping attack and how it can be prevented in cloud computing. • How do DDoS attacks work and what are some strategies for mitigating them in a cloud environment? • What is packet sniffing and how does it pose a threat to data security in the cloud? • What is a man-in-the-middle attack and how can it be prevented in a cloud environment?
Unit III Questions • Explain the difference between Direct-Attached Storage (DAS) and Networked Attached Storage (NAS). • What are the attributes, components, and topologies of a Storage Area Network (SAN)? • Describe the different connectivity options and zoning techniques used in SANs. • Discuss the FC protocol stack, addressing, and flow control used in Storage Area Networks. • What are the components, protocols, and architecture of IP Storage Area Network (IP SAN)? • Explain the differences between iSCSI, FCIP, and FCoE in IP SAN architecture. • Describe the elements and processes involved in Content Addressed Storage (CAS). • Discuss the different server architectures, including stand-alone, blades, stateless, and clustering, used in cloud storage infrastructure.

Recommended

Cloud computing
Cloud computingCloud computing
Cloud computing
Ganesh Pasnurwar
 
Lecture Cloud Security.pptx
Lecture Cloud Security.pptxLecture Cloud Security.pptx
Lecture Cloud Security.pptx
ShimoFcis
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
SubhadipDutta36
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
yasirkhokhar7
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
OTechs Cloud computing security
OTechs Cloud computing securityOTechs Cloud computing security
OTechs Cloud computing security
Osman Suliman
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
taufiq463421
 

Recommended

Cloud computing
Cloud computingCloud computing
Cloud computing
Ganesh Pasnurwar
 
Lecture Cloud Security.pptx
Lecture Cloud Security.pptxLecture Cloud Security.pptx
Lecture Cloud Security.pptx
ShimoFcis
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
SubhadipDutta36
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
yasirkhokhar7
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
OTechs Cloud computing security
OTechs Cloud computing securityOTechs Cloud computing security
OTechs Cloud computing security
Osman Suliman
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
taufiq463421
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
Tejaswi Agarwal
 
cloud security.pptx
cloud security.pptxcloud security.pptx
cloud security.pptx
Nickjohn33
 
Secure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfSecure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdf
NK Carpenter
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
taufiq463421
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
Database Security.pptx
Database Security.pptxDatabase Security.pptx
Database Security.pptx
muhammedsinan34
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
Manimaran A
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
HTS Hosting
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
Revital Lapidot
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
Revital Lapidot
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
MsVaishaliKumar
 
Network security
Network securityNetwork security
Network security
Sri Manakula Vinayagar Engineering College
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
Webinar 2.1 - Network protection and devices.pptx
Webinar 2.1 - Network protection and devices.pptxWebinar 2.1 - Network protection and devices.pptx
Webinar 2.1 - Network protection and devices.pptx
RoyMurillo4
 
CLOUD COMPUTING.pdf
CLOUD COMPUTING.pdfCLOUD COMPUTING.pdf
CLOUD COMPUTING.pdf
Protelion
 
CLOUD COMPUTING.pdf
CLOUD COMPUTING.pdfCLOUD COMPUTING.pdf
CLOUD COMPUTING.pdf
Protelion
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...
SyvilMaeTapinit
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
EduclentMegasoftel
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
cloud computing virtual machine UNIT 5 PPT
cloud computing virtual machine UNIT 5 PPTcloud computing virtual machine UNIT 5 PPT
cloud computing virtual machine UNIT 5 PPT
RahulBhole12
 
Cloud computing UNIT 2.1 presentation in
Cloud computing UNIT 2.1 presentation inCloud computing UNIT 2.1 presentation in
Cloud computing UNIT 2.1 presentation in
RahulBhole12
 

More Related Content

Similar to Cloud Security in cloud computing 1.pptx

Secure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfSecure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdf
NK Carpenter
 
Webinar 2.1 - Network protection and devices.pptx
Webinar 2.1 - Network protection and devices.pptxWebinar 2.1 - Network protection and devices.pptx
Webinar 2.1 - Network protection and devices.pptx
RoyMurillo4
 

Similar to Cloud Security in cloud computing 1.pptx (20)

ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
 
cloud security.pptx
cloud security.pptxcloud security.pptx
cloud security.pptx
 
Secure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfSecure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdf
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
Database Security.pptx
Database Security.pptxDatabase Security.pptx
Database Security.pptx
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Network security
Network securityNetwork security
Network security
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devices
 
Webinar 2.1 - Network protection and devices.pptx
Webinar 2.1 - Network protection and devices.pptxWebinar 2.1 - Network protection and devices.pptx
Webinar 2.1 - Network protection and devices.pptx
 
CLOUD COMPUTING.pdf
CLOUD COMPUTING.pdfCLOUD COMPUTING.pdf
CLOUD COMPUTING.pdf
 
CLOUD COMPUTING.pdf
CLOUD COMPUTING.pdfCLOUD COMPUTING.pdf
CLOUD COMPUTING.pdf
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 

More from RahulBhole12

More from RahulBhole12 (8)

cloud computing virtual machine UNIT 5 PPT
cloud computing virtual machine UNIT 5 PPTcloud computing virtual machine UNIT 5 PPT
cloud computing virtual machine UNIT 5 PPT
 
Cloud computing UNIT 2.1 presentation in
Cloud computing UNIT 2.1 presentation inCloud computing UNIT 2.1 presentation in
Cloud computing UNIT 2.1 presentation in
 
Cloud interconnection networks basic .pptx
Cloud interconnection networks basic .pptxCloud interconnection networks basic .pptx
Cloud interconnection networks basic .pptx
 
Basic ppt on cloud computing on amazon web
Basic ppt on cloud computing on amazon webBasic ppt on cloud computing on amazon web
Basic ppt on cloud computing on amazon web
 
Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understand
 
industry 4.pdf the whole syllabus of bsc
industry 4.pdf the whole syllabus of bscindustry 4.pdf the whole syllabus of bsc
industry 4.pdf the whole syllabus of bsc
 
ch22a_ParallelDBs how parallel Datab.ppt
ch22a_ParallelDBs how parallel Datab.pptch22a_ParallelDBs how parallel Datab.ppt
ch22a_ParallelDBs how parallel Datab.ppt
 
Ch5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA CertificationCh5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA Certification
 

Recently uploaded

Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 

Recently uploaded (20)

Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Intro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdfIntro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdf
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 

Cloud Security in cloud computing 1.pptx

  • 1. Unit IV Cloud Security Multitenancy issues, Cloud security threats and risks, attacks in cloud environment, virtual machine security: hypervisor attack, guest-hopping attack, DDoS attacks, packet sniffing, man-in-the-middle attack, data privacy and availability in cloud computing.
  • 2. Multitenancy issues • Multitenancy refers to the ability of a cloud provider to serve multiple clients or tenants using a shared infrastructure. However, this shared infrastructure can lead to various security issues, such as: • Data Leakage: If tenants' data is not properly isolated, it can lead to data leakage. This can happen due to various reasons such as a misconfigured network or access controls, or vulnerabilities in the hypervisor layer. • Co-Mingling of Data: The sharing of resources and services can lead to the co-mingling of data belonging to different tenants. This can happen due to data being stored in the same location or accidentally being routed to the wrong location. • Privilege Escalation: Privilege escalation occurs when a tenant gains unauthorized access to resources or data belonging to another tenant. This can happen due to weak authentication and access control mechanisms. • Service Level Agreements: Service level agreements (SLAs) can be difficult to enforce in a multitenant environment, as service disruptions or data breaches can affect multiple tenants simultaneously. • To mitigate these issues, cloud providers need to implement strong security controls such as isolation, access controls, encryption, and monitoring.
  • 3. Cloud security threats and risks • Cloud security threats and risks refer to the potential dangers and vulnerabilities that can affect cloud computing systems and the data stored within them. Some common cloud security threats and risks include: • Data breaches: Unauthorized access to confidential data or sensitive information. • DDoS attacks: Distributed Denial of Service attacks that can cause network outages or service disruptions. • Malware and viruses: Malicious software that can infect cloud systems and compromise security. • Insider threats: Malicious or negligent insiders who have access to the cloud system. • Account hijacking: Unauthorized access to user accounts and privileges. • Insecure APIs: Insecure Application Programming Interfaces that can be exploited by attackers. • Lack of encryption: Lack of encryption in data transmission and storage can lead to data breaches. • Data loss or deletion: Accidental or intentional deletion of data or loss of data due to system failures or cyber-attacks. • To mitigate these risks and threats, cloud providers and users need to implement proper security measures and practices such as access controls, encryption, monitoring, and backup and recovery procedures.
  • 4. attacks in cloud environment • In a cloud environment, various types of attacks can occur due to the complexity of the cloud infrastructure and the large number of users accessing the cloud resources. Some common attacks in cloud environments include: • Hypervisor attack: Hypervisor is a critical component of virtualization technology used in cloud environments. An attacker who gains access to the hypervisor can potentially control all the virtual machines running on that host, compromising the entire cloud environment. • Guest-hopping attack: This attack occurs when an attacker gains access to a virtual machine and then uses that access to jump to other virtual machines running on the same host, potentially accessing sensitive information or causing damage. • DDoS attacks: Distributed Denial of Service (DDoS) attacks can be launched against cloud services, overwhelming the servers and causing service disruption. • Packet sniffing: An attacker can intercept and capture network traffic between cloud resources, potentially gaining access to sensitive information. • Man-in-the-middle attack: This type of attack occurs when an attacker intercepts communication between two cloud resources, potentially modifying or stealing data. • It is important for cloud providers to implement strong security measures to protect against these types of attacks and to regularly monitor the cloud environment for any suspicious activity.
  • 5. virtual machine security: hypervisor attack • A hypervisor is a software layer that allows multiple virtual machines to run on a single physical machine. It provides a level of abstraction between the physical resources and the virtual machines. However, if the hypervisor is compromised, it can lead to a range of security threats. • A hypervisor attack can occur in two ways: • VM escape attack: An attacker can exploit a vulnerability in the virtual machine to break out of the virtual environment and gain access to the host system. • Hypervisor-level attack: An attacker can directly target the hypervisor layer to gain control of the host system or other virtual machines running on the same physical machine. • To mitigate hypervisor attacks, it is important to regularly patch and update the hypervisor software and implement access control measures to restrict unauthorized access to the hypervisor layer. Additionally, implementing security measures such as encryption and access control for virtual machine images can also help protect against hypervisor attacks.
  • 6. guest-hopping attack • A guest-hopping attack is a type of virtual machine (VM) escape attack that allows an attacker to move from one guest VM to another on the same physical host. • This type of attack takes advantage of vulnerabilities in the hypervisor or VM monitor that manages multiple VMs on a single physical host. • The attacker can exploit these vulnerabilities to gain unauthorized access to other VMs and potentially compromise sensitive data or applications running in those VMs. • The guest-hopping attack is considered a serious threat to the security of cloud environments, especially in multi-tenant environments where multiple users share the same physical resources. • To prevent guest-hopping attacks, it is important to keep the hypervisor and VM software up to date with the latest security patches and to implement strict access controls and monitoring for VM-to-VM communications. • Additionally, using hardware-assisted virtualization can help to isolate VMs and prevent guest-hopping attacks.
  • 7. DDoS attacks • DDoS (Distributed Denial of Service) attacks are a type of cyber attack that involves overwhelming a targeted network or website with a flood of internet traffic from multiple sources, making the service unavailable to legitimate users. In a cloud environment, DDoS attacks can target the cloud service provider's infrastructure, as well as the applications and services of cloud customers. • DDoS attacks are typically launched using a botnet, which is a network of compromised computers that are under the control of the attacker. The botnet is used to generate a high volume of traffic that overwhelms the targeted network or website. This can cause a range of problems, including service disruption, slow response times, and in some cases, complete system failure. • Cloud service providers typically have measures in place to detect and mitigate DDoS attacks, such as traffic filtering and traffic diversion to absorb the traffic. However, cloud customers also need to take steps to protect themselves from DDoS attacks, such as using a content delivery network (CDN) or a DDoS protection service. It's also important to have a response plan in place in case of a successful DDoS attack.
  • 8. packet sniffing • Packet sniffing is a technique used to intercept and capture network traffic in order to gain access to sensitive information such as passwords, usernames, and credit card numbers. This is accomplished by using software or hardware tools that can analyze network packets as they are transmitted across a network. • Packet sniffing can be used for both legitimate and illegitimate purposes. Legitimate uses include network monitoring and troubleshooting, while illegitimate uses include stealing sensitive information and launching attacks. • To prevent packet sniffing, it is recommended to use encryption protocols such as SSL or TLS. Additionally, it is important to use secure passwords and avoid sending sensitive information over unsecured networks.
  • 9. Man-in-the-Middle Attack • Man-in-the-middle (MITM) attack is a type of cyber attack where an attacker intercepts communication between two parties to steal or modify information exchanged between them. • In cloud computing, MITM attacks can occur in the communication between the cloud service provider and the customer or between different cloud services. • MITM attacks can be performed through various techniques, such as ARP spoofing, DNS spoofing, and SSL stripping. • The attacker can intercept and modify the data transmitted between the parties, leading to the compromise of sensitive information or unauthorized access to cloud resources. • To prevent MITM attacks, the use of encryption and digital certificates is recommended, along with proper network configuration and monitoring.
  • 10. Data Privacy in Cloud Computing • Data privacy is a major concern in cloud computing as it involves storing sensitive data on remote servers. Here are some ways to ensure data privacy in cloud computing: • Encryption: Encrypting sensitive data before storing it in the cloud is one way to protect it from unauthorized access. • Access controls: Implementing access controls like multi-factor authentication, identity and access management (IAM), and role-based access control (RBAC) can ensure that only authorized personnel can access sensitive data. • Secure protocols: Using secure protocols like HTTPS and SSL/TLS for data transfer and communication can also prevent data breaches. • Data classification: Classifying data based on its sensitivity and implementing different levels of protection based on the classification can also help in ensuring data privacy. • Examples of data privacy breaches in cloud computing include the 2014 iCloud celebrity photo leak and the 2017 Equifax data breach, which compromised the personal information of millions of customers.
  • 11. Data Availability in Cloud Computing • Data availability is another critical aspect of cloud computing. Here are some ways to ensure data availability in cloud computing: • Redundancy: Storing data in multiple locations or using redundant servers can ensure that data is available even if one server or location goes down. • Disaster recovery: Having a disaster recovery plan in place can help in quickly recovering data in case of natural disasters, cyber attacks, or other emergencies. • Service level agreements (SLAs): Negotiating and including SLAs in cloud computing contracts can ensure that service providers guarantee a certain level of data availability. • Backups: Regularly backing up data and storing it in secure locations can also help in ensuring data availability. • Examples of data availability issues in cloud computing include the 2017 AWS S3 outage, which affected major websites and services, and the 2020 Microsoft Office 365 outage, which impacted users worldwide.
  • 12. Questions • What are some of the common multitenancy issues in cloud computing? • What are the major cloud security threats and risks that organizations should be aware of? • What are some of the common attacks that occur in a cloud environment? • What is a hypervisor attack and how does it compromise virtual machine security? • Explain the guest-hopping attack and how it can be prevented in cloud computing. • How do DDoS attacks work and what are some strategies for mitigating them in a cloud environment? • What is packet sniffing and how does it pose a threat to data security in the cloud? • What is a man-in-the-middle attack and how can it be prevented in a cloud environment?
  • 13. Unit III Questions • Explain the difference between Direct-Attached Storage (DAS) and Networked Attached Storage (NAS). • What are the attributes, components, and topologies of a Storage Area Network (SAN)? • Describe the different connectivity options and zoning techniques used in SANs. • Discuss the FC protocol stack, addressing, and flow control used in Storage Area Networks. • What are the components, protocols, and architecture of IP Storage Area Network (IP SAN)? • Explain the differences between iSCSI, FCIP, and FCoE in IP SAN architecture. • Describe the elements and processes involved in Content Addressed Storage (CAS). • Discuss the different server architectures, including stand-alone, blades, stateless, and clustering, used in cloud storage infrastructure.