SlideShare a Scribd company logo
1 of 29
Download to read offline
CLOUD COMPUTING
CLOUD SECURITY I
PROF. SOUMYA K. GHOSH
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
IIT KHARAGPUR
2
Security - Basic Components
 Confidentiality
 Keeping data and resources hidden
 Integrity
 Data integrity (integrity)
 Origin integrity (authentication)
 Availability
 Enabling access to data and resources
3
Security Attacks
 Any action that compromises the security of
information.
 Four types of attack:
1. Interruption
2. Interception
3. Modification
4. Fabrication
 Basic model:
D
Source Destination
S
4
Security Attacks (contd.)
 Interruption:
 Attack on availability
 Interception:
 Attack on confidentiality
S D
S D
I
5
Security Attacks
 Modification:
 Attack on integrity
 Fabrication:
 Attack on authenticity
S D
S
D
I
I
6
Classes of Threats
 Disclosure
 Snooping
 Deception
 Modification, spoofing, repudiation of origin, denial of receipt
 Disruption
 Modification
 Usurpation
 Modification, spoofing, delay, denial of service
7
Policies and Mechanisms
 Policy says what is, and is not, allowed
 This defines “security” for the site/system/etc.
 Mechanisms enforce policies
 Composition of policies
 If policies conflict, discrepancies may create security
vulnerabilities
8
Goals of Security
 Prevention
 Prevent attackers from violating security policy
 Detection
 Detect attackers’ violation of security policy
 Recovery
 Stop attack, assess and repair damage
 Continue to function correctly even if attack succeeds
9
Trust and Assumptions
 Underlie all aspects of security
 Policies
 Unambiguously partition system states
 Correctly capture security requirements
 Mechanisms
 Assumed to enforce policy
 Support mechanisms work correctly
10
Types of Mechanisms
secure precise broad
set of reachable states set of secure states
11
Assurance
 Specification
 Requirements analysis
 Statement of desired functionality
 Design
 How system will meet specification
 Implementation
 Programs/systems that carry out design
12
Operational Issues
 Cost-Benefit Analysis
 Is it cheaper to prevent or recover?
 Risk Analysis
 Should we protect something?
 How much should we protect this thing?
 Laws and Customs
 Are desired security measures illegal?
 Will people do them?
13
Human Issues
 Organizational Problems
 Power and responsibility
 Financial benefits
 People problems
 Outsiders and insiders
 Social engineering
14
Tying Together
Threats
Policy
Specification
Design
Implementation
Operation
15
Passive and Active Attacks
 Passive attacks
 Obtain information that is being transmitted
(eavesdropping).
 Two types:
 Release of message contents:- It may be desirable to
prevent the opponent from learning the contents of the
transmission.
 Traffic analysis:- The opponent can determine the
location and identity of communicating hosts, and
observe the frequency and length of messages being
exchanged.
 Very difficult to detect.
16
 Active attacks
 Involve some modification of the data stream or the
creation of a false stream.
 Four categories:
 Masquerade:- One entity pretends to be a different entity.
 Replay:- Passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
 Modification:- Some portion of a legitimate message is
altered.
 Denial of service:- Prevents the normal use of
communication facilities.
17
Security Services
 Confidentiality (privacy)
 Authentication (who created or sent the data)
 Integrity (has not been altered)
 Non-repudiation (the order is final)
 Access control (prevent misuse of resources)
 Availability (permanence, non-erasure)
 Denial of Service Attacks
 Virus that deletes files
18
Role of Security
 A security infrastructure provides:
 Confidentiality – protection against loss of privacy
 Integrity – protection against data alteration/ corruption
 Availability – protection against denial of service
 Authentication – identification of legitimate users
 Authorization – determination of whether or not an
operation is allowed by a certain user
 Non-repudiation – ability to trace what happened, &
prevent denial of actions
 Safety – protection against tampering, damage & theft
19
Types of Attack
 Social engineering/phishing
 Physical break-ins, theft, and curb shopping
 Password attacks
 Buffer overflows
 Command injection
 Denial of service
 Exploitation of faulty application logic
 Snooping
 Packet manipulation or fabrication
 Backdoors
20
Network Security…
 Network security works like this:
 Determine network security policy
 Implement network security policy
 Reconnaissance
 Vulnerability scanning
 Penetration testing
 Post-attack investigation
21
Step 1: Determine Security Policy
 A security policy is a full security roadmap
 Usage policy for networks, servers, etc.
 User training about password sharing, password strength,
social engineering, privacy, etc.
 Privacy policy for all maintained data
 A schedule for updates, audits, etc.
 The network design should reflect this policy
 The placement/protection of database/file servers
 The location of demilitarized zones (DMZs)
 The placement and rules of firewalls
 The deployment of intrusion detection systems (IDSs)
22
Step 2: Implement Security Policy
 Implementing a security policy includes:
 Installing and configuring firewalls
 iptables is a common free firewall configuration for Linux
 Rules for incoming packets should be created
 These rules should drop packets by default
 Rules for outgoing packets may be created
 This depends on your security policy
 Installing and configuring IDSes
 snort is a free and upgradeable IDS for several platforms
 Most IDSs send alerts to log files regularly
 Serious events can trigger paging, E-Mail, telephone
23
Step 2: Implement Security Policy
24
Step 2: Implement Security Policy
 Firewall
 Applies filtering rules to packets passing through it
 Comes in three major types:
 Packet filter – Filters by destination IP, port or protocol
 Stateful – Records information about ongoing TCP sessions, and ensures out-of-
session packets are discarded
 Application proxy – Acts as a proxy for a specific application, and scans all layers
for malicious data
 Intrusion Detection System (IDS)
 Scans the incoming messages, and creates alerts when suspected scans/attacks are
in progress
 Honeypot/honeynet (e.g. honeyd)
 Simulates a decoy host (or network) with services
25
Step 3: Reconnaissance
 First, we learn about the network
 IP addresses of hosts on the network
 Identify key servers with critical data
 Services running on those hosts/servers
 Vulnerabilities on those services
 Two forms: passive and active
 Passive reconnaissance is undetectable
 Active reconnaissance is often detectable by IDS
26
Step 4: Vulnerability Scanning
 We now have a list of hosts and services
 We can now target these services for attacks
 Many scanners will detect vulnerabilities (e.g. nessus)
 These scanners produce a risk report
 Other scanners will allow you to exploit them (e.g. metasploit)
 These scanners find ways in, and allow you to choose the payload to
use (e.g. obtain a root shell, download a package)
 The payload is the code that runs once inside
 The best scanners are updateable
 For new vulnerabilities, install/write new plug-ins
 e.g. Nessus Attack Scripting Language (NASL)
27
Step 5: Penetration Testing
 We have identified vulnerabilities
 Now, we can exploit them to gain access
 Using frameworks (e.g. metasploit), this is as simple as
selecting a payload to execute
 Otherwise, we manufacture an exploit
 We may also have to try to find new vulnerabilities
 This involves writing code or testing functions accepting
user input
28
Step 6: Post-Attack Investigation
 Forensics of Attacks
 This process is heavily guided by laws
 Also, this is normally done by a third party
 Retain chain of evidence
 The evidence in this case is the data on the host
 The log files of the compromised host hold the footsteps and
fingerprints of the attacker
 Every minute with that host must be accounted for
 For legal reasons, you should examine a low-level copy of the disk
and not modify the original
29
Thank You!

More Related Content

What's hot (20)

INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 
Database Security
Database SecurityDatabase Security
Database Security
 
Handover in Mobile Computing
Handover in Mobile ComputingHandover in Mobile Computing
Handover in Mobile Computing
 
Security tools
Security toolsSecurity tools
Security tools
 
MANET
MANETMANET
MANET
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentation
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Internet Leased lines
Internet Leased linesInternet Leased lines
Internet Leased lines
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 
Database security
Database securityDatabase security
Database security
 
Unit1
Unit1Unit1
Unit1
 
Traffic and Congestion Control in ATM Networks Chapter 13
Traffic and Congestion Control in ATM Networks Chapter 13Traffic and Congestion Control in ATM Networks Chapter 13
Traffic and Congestion Control in ATM Networks Chapter 13
 
Mobile ad hoc networks (manets)
Mobile ad hoc networks (manets)Mobile ad hoc networks (manets)
Mobile ad hoc networks (manets)
 
IEEE standards 802.3.&802.11
IEEE standards 802.3.&802.11IEEE standards 802.3.&802.11
IEEE standards 802.3.&802.11
 
Distributed information system
Distributed information systemDistributed information system
Distributed information system
 

Similar to Lecture26 cc-security1

Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressVallie Joseph
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network securityKhaled Omar
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptxRavikumarVadana
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...NISHASOMSCS113
 
Research Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docxResearch Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docxronak56
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical HackingJennifer Wood
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 

Similar to Lecture26 cc-security1 (20)

Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World Congress
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network security
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
 
Network Security
Network SecurityNetwork Security
Network Security
 
Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Module 3.pdf
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & Security
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
Research Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docxResearch Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docx
 
Network Security
Network Security Network Security
Network Security
 
Intro
IntroIntro
Intro
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 

More from Ankit Gupta

Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningAnkit Gupta
 
Week2 cloud computing week2
Week2 cloud computing week2Week2 cloud computing week2
Week2 cloud computing week2Ankit Gupta
 
Week 8 lecture material
Week 8 lecture materialWeek 8 lecture material
Week 8 lecture materialAnkit Gupta
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Ankit Gupta
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material ccAnkit Gupta
 
Week 1 lecture material cc
Week 1 lecture material ccWeek 1 lecture material cc
Week 1 lecture material ccAnkit Gupta
 
Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Ankit Gupta
 
Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Ankit Gupta
 
Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Ankit Gupta
 
Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Ankit Gupta
 
Lecture29 cc-security4
Lecture29 cc-security4Lecture29 cc-security4
Lecture29 cc-security4Ankit Gupta
 
Lecture28 cc-security3
Lecture28 cc-security3Lecture28 cc-security3
Lecture28 cc-security3Ankit Gupta
 
Lecture 30 cloud mktplace
Lecture 30 cloud mktplaceLecture 30 cloud mktplace
Lecture 30 cloud mktplaceAnkit Gupta
 
Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Ankit Gupta
 
Microprocessor full hand made notes
Microprocessor full hand made notesMicroprocessor full hand made notes
Microprocessor full hand made notesAnkit Gupta
 
Transfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch  synopsis Minor project pptxTransfer Leaning Using Pytorch  synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptxAnkit Gupta
 
Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Ankit Gupta
 
Intro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning PresentationIntro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning PresentationAnkit Gupta
 
Cloud computing ebook
Cloud computing ebookCloud computing ebook
Cloud computing ebookAnkit Gupta
 
java program assigment -2
java program assigment -2java program assigment -2
java program assigment -2Ankit Gupta
 

More from Ankit Gupta (20)

Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learning
 
Week2 cloud computing week2
Week2 cloud computing week2Week2 cloud computing week2
Week2 cloud computing week2
 
Week 8 lecture material
Week 8 lecture materialWeek 8 lecture material
Week 8 lecture material
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
 
Week 1 lecture material cc
Week 1 lecture material ccWeek 1 lecture material cc
Week 1 lecture material cc
 
Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)
 
Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)
 
Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)
 
Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)
 
Lecture29 cc-security4
Lecture29 cc-security4Lecture29 cc-security4
Lecture29 cc-security4
 
Lecture28 cc-security3
Lecture28 cc-security3Lecture28 cc-security3
Lecture28 cc-security3
 
Lecture 30 cloud mktplace
Lecture 30 cloud mktplaceLecture 30 cloud mktplace
Lecture 30 cloud mktplace
 
Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16
 
Microprocessor full hand made notes
Microprocessor full hand made notesMicroprocessor full hand made notes
Microprocessor full hand made notes
 
Transfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch  synopsis Minor project pptxTransfer Leaning Using Pytorch  synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptx
 
Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2
 
Intro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning PresentationIntro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning Presentation
 
Cloud computing ebook
Cloud computing ebookCloud computing ebook
Cloud computing ebook
 
java program assigment -2
java program assigment -2java program assigment -2
java program assigment -2
 

Recently uploaded

21scheme vtu syllabus of visveraya technological university
21scheme vtu syllabus of visveraya technological university21scheme vtu syllabus of visveraya technological university
21scheme vtu syllabus of visveraya technological universityMohd Saifudeen
 
Autodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxAutodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxMustafa Ahmed
 
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...drjose256
 
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisSeismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisDr.Costas Sachpazis
 
Diploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfDiploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfJNTUA
 
Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1T.D. Shashikala
 
History of Indian Railways - the story of Growth & Modernization
History of Indian Railways - the story of Growth & ModernizationHistory of Indian Railways - the story of Growth & Modernization
History of Indian Railways - the story of Growth & ModernizationEmaan Sharma
 
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024EMMANUELLEFRANCEHELI
 
21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docxrahulmanepalli02
 
Intro to Design (for Engineers) at Sydney Uni
Intro to Design (for Engineers) at Sydney UniIntro to Design (for Engineers) at Sydney Uni
Intro to Design (for Engineers) at Sydney UniR. Sosa
 
What is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, FunctionsWhat is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, FunctionsVIEW
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxMustafa Ahmed
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsMathias Magdowski
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxMustafa Ahmed
 
Independent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging StationIndependent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging Stationsiddharthteach18
 
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and ToolsMaximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Toolssoginsider
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxKarpagam Institute of Teechnology
 
Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..MaherOthman7
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxMustafa Ahmed
 
The Entity-Relationship Model(ER Diagram).pptx
The Entity-Relationship Model(ER Diagram).pptxThe Entity-Relationship Model(ER Diagram).pptx
The Entity-Relationship Model(ER Diagram).pptxMANASINANDKISHORDEOR
 

Recently uploaded (20)

21scheme vtu syllabus of visveraya technological university
21scheme vtu syllabus of visveraya technological university21scheme vtu syllabus of visveraya technological university
21scheme vtu syllabus of visveraya technological university
 
Autodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxAutodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptx
 
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
 
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisSeismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
 
Diploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfDiploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdf
 
Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1
 
History of Indian Railways - the story of Growth & Modernization
History of Indian Railways - the story of Growth & ModernizationHistory of Indian Railways - the story of Growth & Modernization
History of Indian Railways - the story of Growth & Modernization
 
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
 
21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx
 
Intro to Design (for Engineers) at Sydney Uni
Intro to Design (for Engineers) at Sydney UniIntro to Design (for Engineers) at Sydney Uni
Intro to Design (for Engineers) at Sydney Uni
 
What is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, FunctionsWhat is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, Functions
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptx
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptx
 
Independent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging StationIndependent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging Station
 
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and ToolsMaximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptx
 
Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptx
 
The Entity-Relationship Model(ER Diagram).pptx
The Entity-Relationship Model(ER Diagram).pptxThe Entity-Relationship Model(ER Diagram).pptx
The Entity-Relationship Model(ER Diagram).pptx
 

Lecture26 cc-security1

  • 1. CLOUD COMPUTING CLOUD SECURITY I PROF. SOUMYA K. GHOSH DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING IIT KHARAGPUR
  • 2. 2 Security - Basic Components  Confidentiality  Keeping data and resources hidden  Integrity  Data integrity (integrity)  Origin integrity (authentication)  Availability  Enabling access to data and resources
  • 3. 3 Security Attacks  Any action that compromises the security of information.  Four types of attack: 1. Interruption 2. Interception 3. Modification 4. Fabrication  Basic model: D Source Destination S
  • 4. 4 Security Attacks (contd.)  Interruption:  Attack on availability  Interception:  Attack on confidentiality S D S D I
  • 5. 5 Security Attacks  Modification:  Attack on integrity  Fabrication:  Attack on authenticity S D S D I I
  • 6. 6 Classes of Threats  Disclosure  Snooping  Deception  Modification, spoofing, repudiation of origin, denial of receipt  Disruption  Modification  Usurpation  Modification, spoofing, delay, denial of service
  • 7. 7 Policies and Mechanisms  Policy says what is, and is not, allowed  This defines “security” for the site/system/etc.  Mechanisms enforce policies  Composition of policies  If policies conflict, discrepancies may create security vulnerabilities
  • 8. 8 Goals of Security  Prevention  Prevent attackers from violating security policy  Detection  Detect attackers’ violation of security policy  Recovery  Stop attack, assess and repair damage  Continue to function correctly even if attack succeeds
  • 9. 9 Trust and Assumptions  Underlie all aspects of security  Policies  Unambiguously partition system states  Correctly capture security requirements  Mechanisms  Assumed to enforce policy  Support mechanisms work correctly
  • 10. 10 Types of Mechanisms secure precise broad set of reachable states set of secure states
  • 11. 11 Assurance  Specification  Requirements analysis  Statement of desired functionality  Design  How system will meet specification  Implementation  Programs/systems that carry out design
  • 12. 12 Operational Issues  Cost-Benefit Analysis  Is it cheaper to prevent or recover?  Risk Analysis  Should we protect something?  How much should we protect this thing?  Laws and Customs  Are desired security measures illegal?  Will people do them?
  • 13. 13 Human Issues  Organizational Problems  Power and responsibility  Financial benefits  People problems  Outsiders and insiders  Social engineering
  • 15. 15 Passive and Active Attacks  Passive attacks  Obtain information that is being transmitted (eavesdropping).  Two types:  Release of message contents:- It may be desirable to prevent the opponent from learning the contents of the transmission.  Traffic analysis:- The opponent can determine the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged.  Very difficult to detect.
  • 16. 16  Active attacks  Involve some modification of the data stream or the creation of a false stream.  Four categories:  Masquerade:- One entity pretends to be a different entity.  Replay:- Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.  Modification:- Some portion of a legitimate message is altered.  Denial of service:- Prevents the normal use of communication facilities.
  • 17. 17 Security Services  Confidentiality (privacy)  Authentication (who created or sent the data)  Integrity (has not been altered)  Non-repudiation (the order is final)  Access control (prevent misuse of resources)  Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files
  • 18. 18 Role of Security  A security infrastructure provides:  Confidentiality – protection against loss of privacy  Integrity – protection against data alteration/ corruption  Availability – protection against denial of service  Authentication – identification of legitimate users  Authorization – determination of whether or not an operation is allowed by a certain user  Non-repudiation – ability to trace what happened, & prevent denial of actions  Safety – protection against tampering, damage & theft
  • 19. 19 Types of Attack  Social engineering/phishing  Physical break-ins, theft, and curb shopping  Password attacks  Buffer overflows  Command injection  Denial of service  Exploitation of faulty application logic  Snooping  Packet manipulation or fabrication  Backdoors
  • 20. 20 Network Security…  Network security works like this:  Determine network security policy  Implement network security policy  Reconnaissance  Vulnerability scanning  Penetration testing  Post-attack investigation
  • 21. 21 Step 1: Determine Security Policy  A security policy is a full security roadmap  Usage policy for networks, servers, etc.  User training about password sharing, password strength, social engineering, privacy, etc.  Privacy policy for all maintained data  A schedule for updates, audits, etc.  The network design should reflect this policy  The placement/protection of database/file servers  The location of demilitarized zones (DMZs)  The placement and rules of firewalls  The deployment of intrusion detection systems (IDSs)
  • 22. 22 Step 2: Implement Security Policy  Implementing a security policy includes:  Installing and configuring firewalls  iptables is a common free firewall configuration for Linux  Rules for incoming packets should be created  These rules should drop packets by default  Rules for outgoing packets may be created  This depends on your security policy  Installing and configuring IDSes  snort is a free and upgradeable IDS for several platforms  Most IDSs send alerts to log files regularly  Serious events can trigger paging, E-Mail, telephone
  • 23. 23 Step 2: Implement Security Policy
  • 24. 24 Step 2: Implement Security Policy  Firewall  Applies filtering rules to packets passing through it  Comes in three major types:  Packet filter – Filters by destination IP, port or protocol  Stateful – Records information about ongoing TCP sessions, and ensures out-of- session packets are discarded  Application proxy – Acts as a proxy for a specific application, and scans all layers for malicious data  Intrusion Detection System (IDS)  Scans the incoming messages, and creates alerts when suspected scans/attacks are in progress  Honeypot/honeynet (e.g. honeyd)  Simulates a decoy host (or network) with services
  • 25. 25 Step 3: Reconnaissance  First, we learn about the network  IP addresses of hosts on the network  Identify key servers with critical data  Services running on those hosts/servers  Vulnerabilities on those services  Two forms: passive and active  Passive reconnaissance is undetectable  Active reconnaissance is often detectable by IDS
  • 26. 26 Step 4: Vulnerability Scanning  We now have a list of hosts and services  We can now target these services for attacks  Many scanners will detect vulnerabilities (e.g. nessus)  These scanners produce a risk report  Other scanners will allow you to exploit them (e.g. metasploit)  These scanners find ways in, and allow you to choose the payload to use (e.g. obtain a root shell, download a package)  The payload is the code that runs once inside  The best scanners are updateable  For new vulnerabilities, install/write new plug-ins  e.g. Nessus Attack Scripting Language (NASL)
  • 27. 27 Step 5: Penetration Testing  We have identified vulnerabilities  Now, we can exploit them to gain access  Using frameworks (e.g. metasploit), this is as simple as selecting a payload to execute  Otherwise, we manufacture an exploit  We may also have to try to find new vulnerabilities  This involves writing code or testing functions accepting user input
  • 28. 28 Step 6: Post-Attack Investigation  Forensics of Attacks  This process is heavily guided by laws  Also, this is normally done by a third party  Retain chain of evidence  The evidence in this case is the data on the host  The log files of the compromised host hold the footsteps and fingerprints of the attacker  Every minute with that host must be accounted for  For legal reasons, you should examine a low-level copy of the disk and not modify the original