This document discusses security considerations for cloud computing platforms like Amazon Web Services (AWS) and Microsoft Azure. It provides an overview of key security features offered by each platform, such as compliance with standards, physical security of data centers, data privacy and encryption, network security controls, and identity and access management. The document analyzes how AWS and Azure compare across these security areas and notes advantages that each platform offers.
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Manoj Kumar
Understand about current cloud market, cloud service providers - Azure or Amazon, cloud fundamentals, VM Virtualization, Cloud deployment models, IaaS vs PaaS vs SaaS, Cloud Security and Risks.
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Manoj Kumar
Understand about current cloud market, cloud service providers - Azure or Amazon, cloud fundamentals, VM Virtualization, Cloud deployment models, IaaS vs PaaS vs SaaS, Cloud Security and Risks.
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
In this session, students will learn about Azure Security Center and Azure platform security.
Azure Security Center makes it easier than ever to protect your Microsoft Azure virtual machines and virtual networks (as well as Azure SQL Databases, Storage, and more), enabling you to move to the cloud with confidence.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
In this session, students will learn about Azure Security Center and Azure platform security.
Azure Security Center makes it easier than ever to protect your Microsoft Azure virtual machines and virtual networks (as well as Azure SQL Databases, Storage, and more), enabling you to move to the cloud with confidence.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
Aov is one of the leading manufacturer & exporter from India. Aov offers comprehensive range of cotton, nylon & polyester socks in size & designs to fit individual customer specifications from Middle East, Europe, Canda & USA.
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
Clouds are finding increased use in core enterprise systems, which mean auditing is the cornerstone expectation. Cloud vendors announce new cloud services, offer new security solutions and refer to the global security standards among of them the requirements look like quite similar. This is series of articles about AWS Cloud Security from the point of view of the compliance to highlight technical requirements of the top Worldwide and Russian security standards for key AWS services, describe how technically prepare to audit and configure AWS services.
http://pentestmag.com/pentest-webapp-1212/
What is Cloud computing?
Advantages & disadvantages of Cloud Computing
Cloud Service models
Software as a service SaaS
Platform as a service PaaS
Infrastructure as a Service IaaS
Cloud Implementation types
Cloud computing means using multiple server computers via a digital network, as though they were one computer.
We can say , it is a new computing paradigm, involving data and/or computation outsourcing.
it has many issues like security issues, privacy issues, data issues, energy issues, bandwidth issues, cloud interoperability.
there are solutions like scaling of resources, distribute servers etc.
SMBs are fast at adapting to innovation and change, cloud computing has grabbed the spotlight for safer business with data security solutions. Know how today's business can reap and adopt cloud security features for public cloud.
Let us understand some of the infrastructural and
security challenges that every organization faces today
before delving into the concept of securing the cloud
data lake platform. Though Data lakes provide scalability,
agility, and cost-effective features, it possesses a unique
infrastructure and security challenges.
Cloud Computing for college presenation project.Mahesh Tibrewal
This presentation I've made on Cloud computing can be used by students for their college projects. I've tried to make this as colourful and attractive as possible without losing the relevance with the topic.
Q.1) The Hardware Layer-The hardware layer is sometimes referred t.pdfpreetajain
Q.1) The Hardware Layer-
The hardware layer is sometimes referred to as the server layer. It represents the physical
hardware that provides actual resources that make up the cloud. Since, by definition, cloud
computing users do not specify the hardware used to provide services, this is the least important
layer of the cloud. Often, hardware resources are inexpensive and are not fault tolerant.
Redundancy is achieved simply by utilizing multiple hardware platforms while fault tolerance is
provided at other layers so that any hardware failure is not noticed by the users.
The Virtualization Layer-
Often referred to as the infrastructure layer, the virtualization layer is the result of various
operating systems being installed as virtual machines. Much of the scalability and flexibility of
the cloud computing model is derived by the inherent ability of virtual machines to be created
and deleted at will.
Infrastructure as a Service (IaaS)-
The infrastructure layer builds on the virtualization layer by offering the virtual machines as a
service to users. Instead of purchasing servers or even hosted services, IaaS customers can create
and remove virtual machines and network them together at will. Clients are billed for
infrastructure services based on what resources are consumed. This eliminates the need to
procure and operate physical servers, data storage systems, or networking resources.
Platform as a Service (PaaS)-
The platform layer rests on the infrastructure layer’s virtual machines. At this layer customers do
not manage their virtual machines, they merely create applications within an existing API or
programing language. There is no need to manage an operating system, let alone the underlying
hardware and virtualization layers. Clients merely create their own programs which are hosted by
the platform services they are paying for.
Software as a Service (SaaS)-
Services at the software level consist of complete applications that do not require development.
Such applications can be email, customer relationship management, and other office productivity
applications. Enterprise services can be billed monthly or by usage, while software as service
offered directly to consumers, such as email, is often provided for free.
The Client Layer-
While this layer is not a cloud computing service, it is an essential part of the model. The client
layer acts as the user interface to which cloud computing services are delivered. Client layer
hardware can include personal computers, web browsers, mobile devices, and even telephones.
Q.2)
PaaS is designed for companies who have either an application or a set of applications and wants
to deploy those applications over the cloud. In this situation, a PaaS provider with computer
programming compatibility is the best solution. This gives you the following opportunities:
Q.3)
Answered in above question.
Q.4)
Public Cloud
With the public cloud, the infrastructure and services through which you process or store
inform.
This presentation will give complete information regarding security issues related to cloud computing. To learn cloud computing fill up a simple form.
http://bit.ly/aDegGN
Enterprise IT is transitioning from the use of traditional on-premise data centers to hybrid cloud environments. As a result, we’re experiencing a paradigm shift in the way we must think about and manage enterprise security. From Four Walls to No Walls Until now, the conventional view on IT security has been that applications and data are safe because they’re physically housed within the confines of a company’s data center walls using company-owned equipment. So, it’s not surprising that many decision makers perceive greater risks as they trade physical assets for cloud-based solutions.
Through our partnerships with leading cloud providers, we are able to offer hybrid, private and public cloud solutions. At Epoch Universal, we supply cloud the way you want it with deep control, extreme performance, and broad customization capabilities. When you join the Epoch Universal fold, you take back the keys to your kingdom. Reign as supreme commander in chief of your cloud. No compromises. No exceptions.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
AWS Security Challenges
1.
2. W
e
b
A
p
p
asasa
WS Cloud Security
From the Point of View of the Compliance
Clouds are finding increased use in core enterprise systems, which
mean auditing is the cornerstone expectation. Cloud vendors announce
new cloud services, offer new security solutions and refer to the global
security standards among of them the requirements look like quite
similar. This is series of articles about AWS Cloud Security from the point
of view of the compliance to highlight technical requirements of the
top Worldwide and Russian security standards for key AWS services,
describe how technically prepare to audit and configure AWS services.
C
loud Computing has been one of the top
security topics for the last several years, for
enterprise IT departments, as well as other businesses. Cloud Computing offers unlimited
storage and other resources with flexibility. The
basic idea of the cloud is centralized IT services,
with on-demand services, network access, rapid
elasticity, scalability and resource pooling. There
are known are three models: SaaS, PaaS and
IaaS. Each of them can be deployed as a Cloud,
Community Cloud, Public Cloud, or Hybrid Cloud.
Some security questions about clouds are: how is
it implemented, how are data or communication
channels secured, how are the cloud and application environments secure, etc. The cloud simply uses well-known protocols like SMTP, HTTP,
SSL, TCP/IP etc. to communicate, send email, file
handling and other activity. The methods that are
compliant as a part of the RFC should indicate that
they are OK. Standards like the ISO 27001 series
still provide a measure on information security, but
as minimum set of security only. Third party organizations like the Cloud Security Alliance (CSA)
promote their best practices for cloud security and
have a registry of cloud vendors' security controls
to help users to make right choice.
Cloud security vendors claim that the end-user
companies sometimes prefer cost reduction over
10/2012(10)
increased security to reduce the operation complexity of their cloud. This eventually ends with a
lower amount of cloud security that the end-user
will accept. For example, as VM instances are often visible you should configure the server or firewall “somehow” to protect this flow. Another example talks that the term “physical security” does
not exist anymore since cloud has come. Nevertheless, it was this way as it had been when
the hosting service arrived. Even the new technology is only another way to perform well-known
actions; customer must make any improvements
than by-default configuration to face cyber-attacks and will eventually succeed. Phishing or
SQL injection is not a real concern, because they
have been in existence too long and patches have
been made available. If the virtual OS is a Windows Server or an Ubuntu server, then the OS
has the same security and patch management
state as Desktop/Server OS. The virtual server
can easily be updated and patched, or even reconfigured. This is acceptable, except in the situation where the cloud vendor notifies you that a
patch or update cannot be applied. In addition, it
is mere trust than you download or buy on disk.
Eventually, they offer solution, e.g. buy & sell suitable security solution (third party solution should
be more trustable, than cloud vendor, oh really?),
Page 50
http://pentestmag.com
3. W
e
b
A
p
p
note that logs should be analyzed from time to
time, you should use IDS, find popular software
to protect network ports but such software often
cannot be applied to this case. Someone believes
that if classic network object like server can be
physical near the company then it is more secure
than virtual but it is not true. Significant example
is thinking about cloud like the one about home/
work PC connected to internet that directly or via
router. When you need protect this PC you do not
talk about why is DNS gates are public, if they are
trusted and more. You can keep you hosts file as
a DNS; several clouds provide end user with the
same feature not through the host, but their own
DNS routing service.
General Cloud and Security Points
Security in the cloud is just like traditional security:
network security, authentication, authorization, auditing, and identity management. This is not anything new or revolutionary.
There are several points about security that are
often discussed:
• Perimeter network role and location:
• Location (city/country) where is the data located/stored in the cloud?
• What are the compliance with standards
and country regulations?
• What type of firewall (guest, mandatory,
VPN, other) is used?
• Identity and Access Management:
• What is the authentication/authorization and
role-based access control?
• What is the existence of privileged users, or
user access for the cloud services?
• Are there different access types per each
user, application and role?
• Data Privacy:
• How is data separated from other cloud users?
• What type of encryption is used?
• Logging and Auditing
• Endpoint protection Client security
• Misusing as it was shown at the BlackHat Conference like breaking into Wi-Fi network or
password brute-forcing
The virtualization refers primarily to the hypervisor, while a virtual machine works with a configured and snapshot of an OS image and usually includes virtual disk storage. As all virtual machines require memory, storage, or network, a
10/2012(10)
4. W
e
b
A
p
p
asasa
hypervisor supports these virtual machines and
presents the hardware pool that it can work with.
Hypervisors isolate the memory and computing
resources and allows performing actions without affecting other instances. There are security issues when you are using virtualization in the
cloud, no doubt. Each OS running in virtual environment should be patched and monitored like
any non-virtual OS. You may use a gateway device that provides the applicable security configuration to the devices connected. You still have
to use host-based firewalls and IDS to capture,
stop and filter non-allowed activity from applications, network attacks, disable or enable communication between others virtual machines, or to
extend the logging system.
Like a classic datacentrewhere you have to
maintain stability and security by constant monitoring, alerting and reporting about what the customers are doing with the resources, what geographic
locations they are coming from, how many users
connect at certain times of the day, also, the cloud
infrastructure should report misuse or other out-ofpolicy activity taking place. Auditing needs to log
and report on all activities taking place in the cloud
(elastic computing, storage, VPN, etc.). It really
simplifies increasing complex of the clouds. Sometimes, security design failure a single poorly secured service that can easily be compromised to
lead to the risk of stealing valuable data, making
the services unavailable by DDoS or other interruptions.
Accessing solution known as IAM is an important method to authenticate connections and authorizations of the cloud resources. Your IT policy
should take into account the broad range of access
rights, because it often divides access into all, to
owner, and somewhere in between these. Not all
clients should have the right to access all data, but
staff rights need to be set up so that everyone who
is responsible should be approved similar to rolebased access in traditional offices where the end
users can have access to the services, and sometimes the controls, while administrators have access to the controls and managed the functionality
and performance of the workloads.
In the cloud, you will need to think about how
you handle inbound connections to the resources
required to any services, hosting, and client devices and how they will connect. DMZ and firewalls
are a good solution, but belong to different security
zones to prevent access to the whole cloud servic10/2012(10)
es by attacking gateway. The common network IDS
does not necessarily work as well here; it might not
work even as it is on classic network. But, it may
work to monitor suspicious traffic between virtual
machines if the IDS allows network gate or traffic to be moved thought VPN to/from your corporate network where the IDS exists. Another point
is performance that may lead to resource allocation problems and open the service to DoS/DDoS
attacks. Another filtering method for limiting traffic
is firewalling by physical location that isolates different security zones. Network traffic between virtual machines should be encrypted to protect data
while in transit.
Of course, as the hypervisor has access to all
guest OS, and if it is compromised itself, it will
have broad impact to the network isolation, but
the probability of that is low since all hypervisors
very custom. The cloud infrastructure administrator will need to depend on new tools that are
cloud aware, and may not be defined by the current IT department.
Another security issue deals with the (de-)allocating of resources. If data is written to the storage and was not wiped before, or crashed before
reallocation, then there is a data leakage problem
on the HDD. It means the IT department needs
to rely on reallocation feature and perform clean
operations instead of relying on the cloud service. It may need special DOD-tools to run manually, or running processes until OS fires it off
(terminates). This may increases operational expenses. In other words, no sensitive information
should be stored in the plain text. Using whole
volume encryption will protect the physical storage, prevent access to a virtual environment, and
finally reduce the risk of exposure. Also, applications may encrypt data in storage, data in RAM,
and data during processing to make it more difficult for someone gain access to.
Security Overview: Windows Azure vs.
Amazon Web Services
These two platforms differ by the decision made by
each vendor's vision on how the end-users should
access their cloud services. Windows Azure
makes a data spreading to the cornerstone, via
neither storage nor web-server. AWS makes many
services more accessibility that are important with
merging to the cloud. These different goals have a
huge influence on not only the IT policy, but also
the API. Both AWS and Azure services were built
Page 52
http://pentestmag.com
5. W
e
b
A
p
p
in accordance with security best practices, and the
security features are well documented to make it
clear how to use them to design strong protection.
Below I examine the security features offered each
vendor:
Compliance
Azure
Microsoft complies with the data protection and privacy laws, but only customers are responsible for
determining if Windows Azure complies with the
country laws and regulations. For example, ISO for
Azure covers cloud services (web and VM), storage, and networking.
AWS
AWS offers compliance with FISMA to allow the
government and federal agencies implement AWS
solutions and security configurations at their security system. In addition, VPN (Virtual Private
Cloud), GovCloud and SSL mechanism sustain a
FIPS 140-2. AWS has validated with Level 1 PCI
DSS physical infrastructure and such services like
EC2, S3, EBS, VPC, RDS, and IAM that allows
to the end customers perform storing, processing,
transmitting credit card information with properly
security. EC2, S3, and VPC as well as AWS datacentres are covered by a global security standard
ISO 27001 too.
Physical Security
Azure
Azure designed to be available 24 x 7; their datacentres are managed, monitored, administered by
Microsoft and, of course, compliant with applicable
industry standards for physical security. Azure staff
is limited by the number of operations, and must
regularly change access passwords (if performed
by administrators). All administrative actions are
audited to determine the history of changes. Finally, you can know what services are affected through
the Health Dashboard (https://www.windowsazure.
com/ru-ru/support/service-dashboard/).
AWS
AWS datacentres are located throughout the
world (US, EU, and Asia) and available 24 x 7 x
365. Actual location is known by those that have
a legitimate business need. Amazon datacentres are secured to prevent unauthorized access;
the access tickets will immediately be destroyed
when someone leaves the company or when they
10/2012(10)
continue to be an Amazon employee but promoted to another position.
A standard employee, or a third-party contractor,
has a minimum set of privileges and can be disabled by the hiring manager. All types of access
to any resources logged, as well as its changes,
it must be explicitly approved in Amazon's proprietary permission management system. All changes led to revocation of previous access because
of explicitly approving type to the resource. Every
access grant will revoked since 90 days as it was
approved too. Access to services, resources and
devices relies on user IDs, passwords and Kerberos. In addition, Amazon mentioned about expiration intervals for passwords.
"Physical access is logged and audited and
is strictly controlled both at the perimeter and at
building ingress points by professional security
staff utilizing video surveillance, intrusion detection
systems, and other electronic means". Staff uses a
two-factor authentication while third party contractors escorted by authorized staff have to present
signed IDs.
Also, Amazon describes important things like fire
detection, power or climate control by mentioning
UPS to keep services functional 24 hours per day
while Microsoft just tells that is. Finally, you can
know what services is affected through the AWS
Service Health Dashboard (http://status.aws.amazon.com/).
Data Privacy
Azure
Azure runs in multiple datacentres around the
world and offers to the customer deploy redundancy and backup features.
AWS
AWS offers data encryption, backup and redundancy features. For example, services that store
data in S3, EBS use redundancy in different physical locations but inside one “Available Zone” except you set-up backup services to duplicate data.
This way (not across multiple zones) works EBS,
while S3 provide durability across multiple Availability Zones. To extend and fix EBS redundancy
users enabled to backup AMI images stored on
EBS to the S3. Object deletion executes un-mapping process to prevent remote access. When a
storage device has reached the end of its useful life, AWS initiates destroying procedures within DOD 5220.22-M ("National Industrial Securi-
Page 53
http://pentestmag.com
6. W
e
b
A
p
p
asasa
ty Program Operating Manual ") or NIST 800-88
("Guidelines for Media Sanitization"). AWS allows
encryption of sensitive data and perform actions
before uploads it in S3; additionally, there is no
permission to use own and commercial encryption tools.
Network Security
Azure
Microsoft uses a variety of technologies to
keep customers away from unauthorized traffic
through the firewalls, NAT boxes (load balancers), and filtering routers. Azure relies on 128-
Table 1. Cloud security features
Type
Compliance
Cloud Vendor
AWS
Azure
+
N/A
+
N/A
+
N/A
FIPS 140-2
+
N/A
HIPAA
+
+
Actions & events logging
+
+
Logs audit
+
+
Minimum access rights
+
+
Auto revocation access after N days
+
N/A
Auto revocation access after role changed
+
N/A
Two-factor authentication
+
N/A
Escort
+
N/A
Backup
+
+
Redundancy inside one GeoLocation
+
N/A
Redundancy across several GeoLocation
+
+
Encryption
+
N/A
DoD/NIST Destruction
+
N/A
MITM Protection
+
+
DDoS Protection
+
N/A
Host-Based Firewall (ip,port,mac)
+
+
Mandatory Firewall
+
+
Extended Firewall (Geo, date’n’time)
+
N/A
Hypervisor protection from promiscuous
+
+
Pentesting offer
+
+
Login and Passwords
+
+
SSL
+
+
Cross account IAM
+
N/A
MFA hardware
+
N/A
MFA software
+
N/A
Key-Rotation
10/2012(10)
N/A
CSA
Credentials
+
NIST
Network Security
+
FISMA
Data Privacy
+
PCI DSS
Physical Security
ISO 27001
+
N/A
Page 54
http://pentestmag.com
7. W
e
b
A
p
p
bit TLS protection for communications inside datacentres and between end users and customer
VMs. Filtering routers reject all non-allowed attempts, i.e. addresses and ports that prevent attacks that use "drones" or "zombies" searching
for vulnerable servers as the most popular way
to break into network.
Filtering routers also support configuring back
end services to be accessible only from their corresponding front ends. Firewalls restrict incoming and outgoing communication with known
IP addresses, ports, protocols. Microsoft offers an authorized penetration testing for customers applications hosted in Windows Azure
if requests for it submitted 7 days beforehand
at least.
AWS
AWS forces MITM protection by SSL-protected endpoints for example EC2 generates new
SSH host certificates on first boot and log them
to the instance's console. EC2 instances designed to be non-spoofed by host-based firewall
that restricts traffic with a source IP or MAC address other than its own and block non-allowed
traffic (IP, port, geo location, date and time and
more). Despite of instance running in promiscuous mode the hypervisor will not deliver any traffic relies on explicit restrictions that protect from
traffic capturing on the same physical host on
neither EC2 nor VPC. Unauthorized port scans
are a violation of the AWS Acceptable Use Policy, however customers permit to Pentest their
AWS services that should be proved by IP, port,
date and time and login and contact before pentesting with AWS support. Violations may lead to
revocation of AWS accounts after investigation
by Amazon. Moreover, if illegal activity will AWS
customers should inform AWS about that. In addition, AWS has a proprietary DDoS mitigation
technique but does not describe any key features
of it.
AWS
IAM enables to manage multiple users, their permissions, password and password policy under
one AWS account or among several AWS accounts as unique security credentials. New IAM
users as well entire IAM and EC2 has no (“deny”
access type) access to all resources by default
and deals with explicitly granted permissions only. AWS Multi-Factor Authentication is an additional security to the basic credentials providing by a
six-digit single-use code. This code usually generates by an authentication device or similar applications like Google Authenticator. It works very
well for AWS account or user accounts within IAM.
AWS offers key and certificate rotation on a regular basis to mitigate compromising risk from lost
or compromised access keys or certificates. It is
available for AWS account or user accounts within
IAM too (Table 1).
How is AWS Services Secure
Access and Credentials
An access to applications and services within AWS
cloud is protected in multiple ways and it requires
special credentials:
• Access Credentials:
• Access Keys to manage with REST or Query protocol requests to any AWS service
API, and S3. The possible states:
• Active – Can be used.
• Inactive – Cannot be used, but can be
moved back to the Active state.
• Deleted – Can never be used again
• X.509 Certificates to manage SOAP protocol
requests to AWS service APIs, except S3
• Key Pairs to manage with CloudFront
Credentials
Azure
Azure provides virtual machines to customers, giving them access to most of the same security options available in Windows Server. Customers use
SSL client certificates to control up-dates to their
software and configuration. The basic credentials
like username and password are common within
Azure resources.
10/2012(10)
Figure 1. AWS Access Credentials I
Figure 2. AWS Access Credentials II
Page 55
http://pentestmag.com
8. W
e
b
A
p
p
asasa
• Sign-In Credentials:
• E-mail Address, and Password to sign in
to AWS web sites, the AWS Management
Console, the AWS Discussion Forums, and
the AWS Premium Support site,
• AWS Multi-Factor Authentication Device as
an optional credential that increases the security level to manage with the AWS web
site and the AWS Management Console.
• Account Identifiers:
• AWS Account ID to manage with all AWS
service resources except Amazon S3 and
looks like 8xxx-xxxx-xxx8
• Canonical User ID to manage with for Amazon S3 resources such as buckets or files
only and looks like 64 bytes length string
“7xbxxxxxxcdxcxbbxcxxxxxe08xxxxx44xxxaaxdx0xxbxxxxxeaxed8xxxbxd4x”
The purpose of the access keys is a management of requests to the AWS product REST, Query APIs, or third-party product with Access Key
ID; the Access Key ID is not a secret. EC2 is enabled to use access keys, usually known as SSH
key pair and/or X.509 certificates, to interact with
the services. The secret/private part of access
key is used to retrieve an administrator password,
REST and Query APIs, while the X.509 certificate
is used with command line operations and SOAP
APIs, except S3, which is managed with access
keys. When AWS receives a request, the Access
Key ID is checked to its own Secret Access Key
to validate the signature and confirm that the request sender is legitimate. The key rotation is
manually at current moment and looks like:
• Make second active credentials.
• Update applications and services with new credential.
• Move first credential to Inactive.
• Check that working with the new credential is
OK
• Delete the first credential.
To add an extra layer of security, use AWS MFA
feature that provide a six-digit, single-use code in
addition to the email and password. All details, activation hardware or software MFA and more is
on link http://aws.amazon.com/mfa. (Figure 1 nad
Figure 2, Table 2)
Additionally, AWS offers so-called Identity and
Access Management that easy integrates with almost of all AWS services, e.g. EC2, S3 and more.
IAM provides the following:
• Create users and groups under your organization's AWS account
• Easily share your AWS account resources between the users in the account
• Assign unique security credentials to each user
• Granular control user's access to services and
resources
Table 2. Resource credentials
Resource
Access type
REST or Query API request to an AWS, S3
Access Keys
SOAP API request to an AWS
X.509 Certificates (except for Amazon)
Access to the secure pages or AWS Management Console
Amazon E-mail Address and Password with optional AWS
Multi-Factor Authentication
Manage to EC2 command line tools
Your X.509 Certificates
Launch or connect to an EC2
Your Amazon EC2 Key Pairs
Bundle an Amazon EC2 AMI
For Linux/UNIX AMIs: your X.509 Certificates and AWS Account ID to bundle the AMI, and your Access Keys to upload it to Amazon S3.
For Windows AMIs: your Access Keys for both bundling
and uploading the AMI.
Share an EC2 AMI or EBS snapshot
The AWS Account ID of the account you want to share
with (without the hyphens)
Send email by using the Amazon SES SMTP endpoint
Your Amazon SES SMTP user name and password
Access to the AWS Discussion Forums or AWS Premium
Support site
Your Amazon E-mail Address and Password
10/2012(10)
Page 56
http://pentestmag.com
9. W
e
b
A
p
p
Virtual Instances (Amazon Elastic Compute
Cloud)
EC2 is a web service that provides resizable compute capacity in the cloud that allows paying for capacity only and supports OS's like Windows Server,
RedHat, OpenSuSE Linux, and more. EC2 allows
setting up everything according to OS. Moreover,
you are enabled to export preconfigured OS's from
VMware, through the AWS console commands,
AWS API, or special VMware Connector. It helps
to leverage the configuration management or compliance requirements. VM Import/Export is available for use in all Amazon EC2 regions and with
VPC even.
The final goal is protection from interception and
unauthorized actions and EC2 security is designed
to protect several attack vectors.
• Host OS protection usually includes event logging, multi-factor authentication, regular ac-
cess revocation (this case is talking about
AWS that manages with host OS set)
• Guest OS protection usually includes native
firewall (Windows Firewall, IPTables, etc.), basic credentials, such login/email and password,
as well as extended by multi-factor authentication based on SSH Version 2 access, EC2
keys that should unique per each virtual instance.
• Firewall protection includes pre-configured in a
default deny-all mode mandatory inbound firewall that allows the following restriction
by protocol
by service port
by source IP address
• This firewall is not controlled through the Guest
OS without X.509 certificate and key to authorize changes. Additionally, customers may use
and guest OS firewall to filter inbound and outbound traffic.
Table 3. Requirements of the Russian Federal Law about Personal Data
Requirements
AWS Solution
Access management Users require using alphanumeric
Native AWS solution implemented in IAM and MFA in adpassword long six characters at least dition
and special code in addition.
All devices (incl. external), instances, Canonical name developed for users and resources and
network nodes require identification enabled mainly through IAM, EC2 identifies by tags
by logical name
Access event logging
Login and logout events
Date and time of login and logout
events
Not yet released for IAM and come to EC2 OS solution
(Windows, *nix)
Credentials used to login
Access to the file events
Date and time of access to the file
events
Not yet released for IAM
and come to EC2 OS solution (Windows, *nix)
User ID/equivalent used to access to
the file events
Native solution implemented in S3 that provides canonical user id and IP address accessed to the file,
date and time or more
Allocated drive wiping
Additional
Physical security, control access
management, restriction of employee or third contractor
AWS solution described above at physical security and
compliance on physical security
Backup and restore for protection
solution
Integrity
Native AWS solution on un-mapping, termination, etc.
Depend on designed; generally AMI image stored on EBS
and backed up into S3
Network packet filtering by date and Native solution implemented in EC2 mandatory firewall
time
that includes IP, port, protocol, additional solutions of
EC2 OS (Windows and *nix), additional IAM solution to
Network packet filtering by IP adthe resources enabled geo filtering and date and time fildress
tering.
Network packet filtering by date and
time
Network packet filtering by protocol
10/2012(10)
Page 57
http://pentestmag.com
10. W
e
b
A
p
p
asasa
• API calls signed by X509 certificates is a kind
of protection that helps to the Xen keep the different instances isolated from each other.
Moreover, EC2 designed to prevent a mass
spam distribution by limitations of sending
email. Any wishes about mass email are available through the request by URL (https://portal.aws.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request).
The main concept of cloud security is visibility by guest OS firewall, mandatory firewall and
geo availability (Regions and Availability Zones)
because such zone managed with physically independent infrastructure. Different areas of the
world .i.e. USA or EU are known as region in-
side of which there several physically independent zones. Each zone is isolated from failures
in other; some AWS services is allowed to move
data between zones to keep away from failure,
some not, but moving across regions is manually only.
Virtual Storage (Amazon Simple Storage
Service and Elastic Block Store volume)
S3 is a simple storage for the Internet with several interfaces (for example, web service and API
calls) to store and retrieve data from anywhere.
EBS provides so-called block-level storage; in
other words, it equals to the physical and logical
hard disks. The multiple volumes can be attached
to an instance while the same volume cannot
Table 4. Requirements of CSA CAI Questionnaire
Requirements
Data Governance
AWS Solution
Do you provide a capability to identiAWS provides the ability to tag EC2 resources. A form
fy virtual machines via policy tags/meta- of metadata, EC2 tags can be used to create userdata (ex. Tags can be used to limit guest friendly names
operating systems from booting/instantiating/transporting data in the wrong
country, etc.)?
Do you provide a capability to identify
hardware via policy tags/metadata/hardware tags (ex. TXT/TPM, VN-Tag, etc.)?
Do you have a capability to use system
geographic location as an authentication factor?
Native solution implemented in EC2 mandatory firewall that includes IP, port, protocol, additional solutions of EC2 OS (Windows and *nix), additional IAM
solution to the resources enabled geo filtering and
date and time filtering.
Can you provide the physical location/
geography of storage of a tenant’s data
upon request?
AWS currently offers six regions which customer data and servers will be located designated by customers: US East (Northern Virginia), US West (Northern California and Oregon), GovCloud (US) (Oregon), South America (Sao Paulo), EU (Ireland), Asia
Pacific(Singapore) and Asia Pacific (Tokyo).
Do you allow tenants to define acceptable geographical locations for data
routing or resource instantiation?
Do you support secure deletion (ex. degaussing / cryptographic wiping) of archived data as determined by the tenant?
Native AWS solution on un-mapping, termination, etc.
as well as DoD 5220.22-M / NIST 800-88 to destroy data discussed above.
Facility Security
Are physical security perimeters (fences,
walls, barriers, guards, gates, electronic surveillance, physical authentication
mechanisms, reception desks and security patrols) implemented?
Physical security controls include but are not limited to perimeter controls such as fencing, walls, security staff, video surveillance, intrusion detection systems and other electronic means; compliance with
AWS SOC 1 Type 2 and ISO 27001 standard, Annex A,
domain 9.1.
Information Security
Do you encrypt tenant data at rest (on
disk/storage) within your environment?
Encryption mechanisms for almost of all the services,
including S3, EBS, SimpleDB and EC2 and VPC sessions
as well as Amazon S3 Server Side Encryption.
Do you leverage encryption to protect
data and virtual machine images during
transport across and between networks
and hypervisor instances?
10/2012(10)
Page 58
http://pentestmag.com
11. W
e
b
A
p
p
be attached to different instance. EBS provides
backup feature through the S3. S3 is “unlimited”
storage while customers size EBS. S3 APIs provide both bucket- and object-level access controls, with defaults that only permit authenticated
access by the bucket and/or object creator. As
opposed to EC2 where all activity restricted by
default, S3 starts with open for all access under
current AWS account only that means all buckets
and other folders and files should controlled by
IAM and canonical user ID that finally authenticates with an HMAC-SHA1 signature of the request using the user's private key. S3 provides
Read, List and Write permissions in an own ACL
at the bucket level or IAM permissions list those
independent and supplements each other. S3
provides file versioning as a kind of protection to
restore any version of every object on the bucket.
Additionally, “S3 versioning's MFA Delete” feature
will request typing the six-digit code and serial
number from MFA device. Also, a valuable feature
for audit and forensics case is logging S3 events
that can be configured per bucket on initialization.
These logs will contain information about each
access request and include
• request type,
• the requested resource,
• the requestor's IP,
• the time and date of the request.
EBS restriction access looks similar to the S3; resources are accessible under current AWS Account only, and to the users those granted with
AWS IAM (this case may be affected cross AWS
Accounts as well if it is explicitly allowed. Snapshots backed up to the S3 and shared enable indirect access (only read permission, not alteration, deletion or another modification) to the EBS.
There is an interesting point suitable for forensics that snapshot stored on S3 will keep all deleted data from EBS volume, they were not altered,
or DOD wiped. Talking about secure wiping, AWS
provides “destroying” data feature via a specific
method, such as those detailed in DoD 5220.22M ("National Industrial Security Program Operating Manual") or NIST 800-88 ("Guidelines for Media Sanitization"); AWS perform these actions for
S3 and EBS. In case, it is impossible to wipe data
after storage disk lifetime such disk will be physically destroyed.
Gross Inspection on AWS Compliance
from customer side
As it is first part of series of articles, I briefly examine several standards and order documents re-
On the Net
• http://www.windowsecurity.com/articles/Cloud-computing-can-we-trust-how-can-be-used-whilst-being-secure.html
– Cloud computing, can we trust it and how can it be used whilst being secure, Ricky M. Magalhaes
• http://www.windowsecurity.com/articles/Security-Considerations-Cloud-Computing-Part1.html – Security Considerations for Cloud Computing (Part 1) – Virtualization Platform, Deb Shinder
• http://www.windowsecurity.com/articles/Security-Considerations-Cloud-Computing-Part2.html – Security Considerations for Cloud Computing (Part 2), Deb Shinder
• http://www.windowsecurity.com/articles/Security-Considerations-Cloud-Computing-Part3.html – Security Considerations for Cloud Computing (Part 3) – Broad Network Access, Deb Shinder
• http://www.windowsecurity.com/articles/Security-Considerations-Cloud-Computing-Part4.html – Security Considerations for Cloud Computing (Part 4) – Resource Pooling, Deb Shinder
• http://www.windowsecurity.com/articles/Security-Considerations-Cloud-Computing-Part5.html – Security Considerations for Cloud Computing (Part 5) – Rapid Elasticity, Deb Shinder
• http://www.windowsecurity.com/articles/Security-Considerations-Cloud-Computing-Part6.html – Security Considerations for Cloud Computing (Part 6) – Metered Services, Deb Shinder
• https://www.windowsazure.com/en-us/support/legal/security-overview/ – Technical Overview of the Security Features in the Windows Azure Platform, April 2011
• http://www.baselinemag.com/c/a/Security/Securing-Data-in-the-Cloud/ – Securing Data in the Cloud, Eric Friedberg
• http://d36cz9buwru1tt.cloudfront.net/Whitepaper_Security_Best_Practices_2010.pdf – AWS Security Best Practices,
January 2011
• http://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_Whitepaper.pdf – Amazon Web Services: Overview of Security Processes, May 2011
• https://www.windowsazure.com/en-us/support/trust-center/compliance/ – Trust Center Home, Compliance
• http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm – Convention for the Protection of Individuals with regard to Automatic Processing of Personal Datat
10/2012(10)
Page 59
http://pentestmag.com
12. W
e
b
A
p
p
asasa
ferred to security on compliance; some of them is
worldwide and some is Russian. In further articles,
I will provide a detail AWS services’ examination
with the most known documents to explain and
show if cloud services (mainly AWS and Azure)
are so insecure, if configuring with compliance is
so complex and if compliance makes a sense for
end customers on security. Some requirements
and entire documents are going to be discussed
will deliberately be used as outdated to highlight
comparison. One of them, the Russian Federal
Law about Personal Data refers to the “Convention for the Protection of Individuals with regard to
Automatic Processing of Personal Data” that was
confirmed in 2006. This reference allows storing
data out Russia and 1C Company has already offer a cloud solution in accordance with Chapter
III about “Transborder data flows” and Article 12
about “Transborder flows of personal data and domestic law”.
• The following provisions shall apply to the
transfer across national borders, by whatever
medium, of personal data undergoing automatic processing or collected with a view to their
being automatically processed.
• A Party shall not, for the sole purpose of the
protection of privacy, prohibit or subject to special authorization transborder flows of personal
data going to the another territory.
• Nevertheless, each Party shall be entitled to
derogate from the provisions of paragraph 2:
• insofar as its legislation includes specific
regulations for certain categories of personal data or of automated personal data files,
because of the nature of those data or those
files, except where the regulations of the
other Party provide an equivalent protection;
• when the transfer is made from its territory to the territory of a non-ing State through
the intermediary of the territory of another Party, in order to avoid such transfers resulting in circumvention of the legislation of
the Party referred to at the beginning of this
paragraph.
The Russian law refers to another documents provided several requirements to protection some of
them I will examine right now. These requirements
divide into three categories based on which data is processed (medical, religion, nationality, etc.)
(Table 3).
10/2012(10)
Some non-profit organizations try to unify best
practices for clouds, help the vendors to improve
their security features and provide customers with
best choice of solution they need. One of them is
CSA that offers range of industry security practitioners, corporations, and associations participate in
this organization to achieve its mission. They create so-called “CSA Consensus Assessments Initiative Questionnaire” that provides a set of questions the CSA anticipates a cloud consumer and/or
a cloud auditor would ask of a cloud provider. AWS
announced that they has completed the CSA CAI
(Table 4).
Conclusion
Some companies have to manage with regulations because of legal proceedings to how the data should be handled, where they should be stored
and how the consumer data are protected. On another hand, security audit may uncover the vulnerabilities. Whether audit makes sense or not, there
is case when you or someone else have to validate with standard. In these articles, I briefly analyze security features of WS with several requirements. In further articles, I will provide a detail AWS
services' examination with the most known documents to explain and show if cloud services (mainly AWS and Azure) are so insecure, if configuring
with compliance is so complex and if compliance
makes a sense for end customers on security.
Yury Chemerkin
Yury Chemerkin graduated from RSUH in 2010 (http://
rggu.com/) on the BlackBerry diploma thesis. Currently
in the postgraduate program at RSUH on the Cloud Security thesis. Experience in Reverse Engineering, Software Programming, Cyber & Mobile Security Research,
Documentation, and as a contributing Security Writer.
Also, researching Cloud Security and Social Privacy. The
last several years, I have worked on mobile social security, cloud security and compliance, mobile security and
forensics; additionally develops solutions based on exploiting, not only OS vulnerabilities, but also third-party products and solutions.
Regular
blog:
http://security-through-obscurity.
blogspot.com.
Regular Email: yury.chemerkin@gmail.com
Skype: yury.chemerkin
Page 60
http://pentestmag.com