SlideShare a Scribd company logo
CLOUD COMPUTING
CLOUD SECURITY I
PROF. SOUMYA K. GHOSH
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
IIT KHARAGPUR
2
Security - Basic Components
 Confidentiality
 Keeping data and resources hidden
 Integrity
 Data integrity (integrity)
 Origin integrity (authentication)
 Availability
 Enabling access to data and resources
3
Security Attacks
 Any action that compromises the security of
information.
 Four types of attack:
1. Interruption
2. Interception
3. Modification
4. Fabrication
 Basic model:
D
Source Destination
S
4
Security Attacks (contd.)
 Interruption:
 Attack on availability
 Interception:
 Attack on confidentiality
S D
S D
I
5
Security Attacks
 Modification:
 Attack on integrity
 Fabrication:
 Attack on authenticity
S D
S
D
I
I
6
Classes of Threats
 Disclosure
 Snooping
 Deception
 Modification, spoofing, repudiation of origin, denial of receipt
 Disruption
 Modification
 Usurpation
 Modification, spoofing, delay, denial of service
7
Policies and Mechanisms
 Policy says what is, and is not, allowed
 This defines “security” for the site/system/etc.
 Mechanisms enforce policies
 Composition of policies
 If policies conflict, discrepancies may create security
vulnerabilities
8
Goals of Security
 Prevention
 Prevent attackers from violating security policy
 Detection
 Detect attackers’ violation of security policy
 Recovery
 Stop attack, assess and repair damage
 Continue to function correctly even if attack succeeds
9
Trust and Assumptions
 Underlie all aspects of security
 Policies
 Unambiguously partition system states
 Correctly capture security requirements
 Mechanisms
 Assumed to enforce policy
 Support mechanisms work correctly
10
Types of Mechanisms
secure precise broad
set of reachable states set of secure states
11
Assurance
 Specification
 Requirements analysis
 Statement of desired functionality
 Design
 How system will meet specification
 Implementation
 Programs/systems that carry out design
12
Operational Issues
 Cost-Benefit Analysis
 Is it cheaper to prevent or recover?
 Risk Analysis
 Should we protect something?
 How much should we protect this thing?
 Laws and Customs
 Are desired security measures illegal?
 Will people do them?
13
Human Issues
 Organizational Problems
 Power and responsibility
 Financial benefits
 People problems
 Outsiders and insiders
 Social engineering
14
Tying Together
Threats
Policy
Specification
Design
Implementation
Operation
15
Passive and Active Attacks
 Passive attacks
 Obtain information that is being transmitted
(eavesdropping).
 Two types:
 Release of message contents:- It may be desirable to
prevent the opponent from learning the contents of the
transmission.
 Traffic analysis:- The opponent can determine the
location and identity of communicating hosts, and
observe the frequency and length of messages being
exchanged.
 Very difficult to detect.
16
 Active attacks
 Involve some modification of the data stream or the
creation of a false stream.
 Four categories:
 Masquerade:- One entity pretends to be a different entity.
 Replay:- Passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
 Modification:- Some portion of a legitimate message is
altered.
 Denial of service:- Prevents the normal use of
communication facilities.
17
Security Services
 Confidentiality (privacy)
 Authentication (who created or sent the data)
 Integrity (has not been altered)
 Non-repudiation (the order is final)
 Access control (prevent misuse of resources)
 Availability (permanence, non-erasure)
 Denial of Service Attacks
 Virus that deletes files
18
Role of Security
 A security infrastructure provides:
 Confidentiality – protection against loss of privacy
 Integrity – protection against data alteration/ corruption
 Availability – protection against denial of service
 Authentication – identification of legitimate users
 Authorization – determination of whether or not an
operation is allowed by a certain user
 Non-repudiation – ability to trace what happened, &
prevent denial of actions
 Safety – protection against tampering, damage & theft
19
Types of Attack
 Social engineering/phishing
 Physical break-ins, theft, and curb shopping
 Password attacks
 Buffer overflows
 Command injection
 Denial of service
 Exploitation of faulty application logic
 Snooping
 Packet manipulation or fabrication
 Backdoors
20
Network Security…
 Network security works like this:
 Determine network security policy
 Implement network security policy
 Reconnaissance
 Vulnerability scanning
 Penetration testing
 Post-attack investigation
21
Step 1: Determine Security Policy
 A security policy is a full security roadmap
 Usage policy for networks, servers, etc.
 User training about password sharing, password strength,
social engineering, privacy, etc.
 Privacy policy for all maintained data
 A schedule for updates, audits, etc.
 The network design should reflect this policy
 The placement/protection of database/file servers
 The location of demilitarized zones (DMZs)
 The placement and rules of firewalls
 The deployment of intrusion detection systems (IDSs)
22
Step 2: Implement Security Policy
 Implementing a security policy includes:
 Installing and configuring firewalls
 iptables is a common free firewall configuration for Linux
 Rules for incoming packets should be created
 These rules should drop packets by default
 Rules for outgoing packets may be created
 This depends on your security policy
 Installing and configuring IDSes
 snort is a free and upgradeable IDS for several platforms
 Most IDSs send alerts to log files regularly
 Serious events can trigger paging, E-Mail, telephone
23
Step 2: Implement Security Policy
24
Step 2: Implement Security Policy
 Firewall
 Applies filtering rules to packets passing through it
 Comes in three major types:
 Packet filter – Filters by destination IP, port or protocol
 Stateful – Records information about ongoing TCP sessions, and ensures out-of-
session packets are discarded
 Application proxy – Acts as a proxy for a specific application, and scans all layers
for malicious data
 Intrusion Detection System (IDS)
 Scans the incoming messages, and creates alerts when suspected scans/attacks are
in progress
 Honeypot/honeynet (e.g. honeyd)
 Simulates a decoy host (or network) with services
25
Step 3: Reconnaissance
 First, we learn about the network
 IP addresses of hosts on the network
 Identify key servers with critical data
 Services running on those hosts/servers
 Vulnerabilities on those services
 Two forms: passive and active
 Passive reconnaissance is undetectable
 Active reconnaissance is often detectable by IDS
26
Step 4: Vulnerability Scanning
 We now have a list of hosts and services
 We can now target these services for attacks
 Many scanners will detect vulnerabilities (e.g. nessus)
 These scanners produce a risk report
 Other scanners will allow you to exploit them (e.g. metasploit)
 These scanners find ways in, and allow you to choose the payload to
use (e.g. obtain a root shell, download a package)
 The payload is the code that runs once inside
 The best scanners are updateable
 For new vulnerabilities, install/write new plug-ins
 e.g. Nessus Attack Scripting Language (NASL)
27
Step 5: Penetration Testing
 We have identified vulnerabilities
 Now, we can exploit them to gain access
 Using frameworks (e.g. metasploit), this is as simple as
selecting a payload to execute
 Otherwise, we manufacture an exploit
 We may also have to try to find new vulnerabilities
 This involves writing code or testing functions accepting
user input
28
Step 6: Post-Attack Investigation
 Forensics of Attacks
 This process is heavily guided by laws
 Also, this is normally done by a third party
 Retain chain of evidence
 The evidence in this case is the data on the host
 The log files of the compromised host hold the footsteps and
fingerprints of the attacker
 Every minute with that host must be accounted for
 For legal reasons, you should examine a low-level copy of the disk
and not modify the original
29
Thank You!

More Related Content

What's hot

Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Akshay Vasava
 
DHCP server
DHCP serverDHCP server
DHCP server
MAFauzan
 
ZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for TelecomsZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for Telecoms
SysMech
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme
Yves Jean Louis
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)
Vipin Sahu
 
Cloud computing kb gupta
Cloud computing kb guptaCloud computing kb gupta
Cloud computing kb gupta
Shivalik college of engineering
 
Replication and consistns
Replication and consistnsReplication and consistns
Replication and consistns
Rajaly Hartanta
 
VPN
VPNVPN
Aerial fibre optics
Aerial fibre opticsAerial fibre optics
Aerial fibre optics
Harish Agarwal
 
Simulasi praktek management bandwidth simpel queue aijtkjgnc
Simulasi praktek management bandwidth simpel queue aijtkjgncSimulasi praktek management bandwidth simpel queue aijtkjgnc
Simulasi praktek management bandwidth simpel queue aijtkjgnc
AsepSukarya2
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
Ankit Gupta
 
ZigBee Based Wireless Sensor Network
ZigBee Based Wireless Sensor NetworkZigBee Based Wireless Sensor Network
ZigBee Based Wireless Sensor Network
Anand Agrawal
 
Membuat server sederhana dengan debian
Membuat server sederhana dengan debianMembuat server sederhana dengan debian
Membuat server sederhana dengan debianWida Astuti Npp
 
5G Edge Computing IoT Presentation
5G Edge Computing IoT Presentation 5G Edge Computing IoT Presentation
5G Edge Computing IoT Presentation
Rick Stomphorst
 
EDGE SEMINAR.pptx
EDGE SEMINAR.pptxEDGE SEMINAR.pptx
EDGE SEMINAR.pptx
SachuS16
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Fog computing provide security to data in cloud ppt
Fog computing provide security to data in cloud pptFog computing provide security to data in cloud ppt
Fog computing provide security to data in cloud ppt
priyanka reddy
 
Fog computing
Fog computingFog computing
Fog computing
Parmeshwar Wahatule
 
Cloud computing using Eucalyptus
Cloud computing using EucalyptusCloud computing using Eucalyptus
Cloud computing using Eucalyptus
Abhishek Dey
 
Csfb
CsfbCsfb

What's hot (20)

Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
DHCP server
DHCP serverDHCP server
DHCP server
 
ZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for TelecomsZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for Telecoms
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)
 
Cloud computing kb gupta
Cloud computing kb guptaCloud computing kb gupta
Cloud computing kb gupta
 
Replication and consistns
Replication and consistnsReplication and consistns
Replication and consistns
 
VPN
VPNVPN
VPN
 
Aerial fibre optics
Aerial fibre opticsAerial fibre optics
Aerial fibre optics
 
Simulasi praktek management bandwidth simpel queue aijtkjgnc
Simulasi praktek management bandwidth simpel queue aijtkjgncSimulasi praktek management bandwidth simpel queue aijtkjgnc
Simulasi praktek management bandwidth simpel queue aijtkjgnc
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
 
ZigBee Based Wireless Sensor Network
ZigBee Based Wireless Sensor NetworkZigBee Based Wireless Sensor Network
ZigBee Based Wireless Sensor Network
 
Membuat server sederhana dengan debian
Membuat server sederhana dengan debianMembuat server sederhana dengan debian
Membuat server sederhana dengan debian
 
5G Edge Computing IoT Presentation
5G Edge Computing IoT Presentation 5G Edge Computing IoT Presentation
5G Edge Computing IoT Presentation
 
EDGE SEMINAR.pptx
EDGE SEMINAR.pptxEDGE SEMINAR.pptx
EDGE SEMINAR.pptx
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Fog computing provide security to data in cloud ppt
Fog computing provide security to data in cloud pptFog computing provide security to data in cloud ppt
Fog computing provide security to data in cloud ppt
 
Fog computing
Fog computingFog computing
Fog computing
 
Cloud computing using Eucalyptus
Cloud computing using EucalyptusCloud computing using Eucalyptus
Cloud computing using Eucalyptus
 
Csfb
CsfbCsfb
Csfb
 

Similar to Lecture26 cc-security1

Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World Congress
Vallie Joseph
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
EMERSON EDUARDO RODRIGUES
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network security
Khaled Omar
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
backdoor
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
FumikageTokoyami4
 
Network Security
Network SecurityNetwork Security
Network Security
Fatima Zohra BENHACINE
 
Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:
Sitamarhi Institute of Technology
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
RavikumarVadana
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & Security
Awais Mansoor Chohan
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Research Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docxResearch Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docx
ronak56
 
Network Security
Network Security Network Security
Network Security
Vipul Mosaic
 
Intro
IntroIntro
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
Jennifer Wood
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
AlexisHarvey8
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 

Similar to Lecture26 cc-security1 (20)

Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World Congress
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network security
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
 
Network Security
Network SecurityNetwork Security
Network Security
 
Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Module 3.pdf
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & Security
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
Research Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docxResearch Paper on STRIDEPresented By.docx
Research Paper on STRIDEPresented By.docx
 
Network Security
Network Security Network Security
Network Security
 
Intro
IntroIntro
Intro
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 

More from Ankit Gupta

Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learning
Ankit Gupta
 
Week2 cloud computing week2
Week2 cloud computing week2Week2 cloud computing week2
Week2 cloud computing week2
Ankit Gupta
 
Week 8 lecture material
Week 8 lecture materialWeek 8 lecture material
Week 8 lecture material
Ankit Gupta
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
Ankit Gupta
 
Week 1 lecture material cc
Week 1 lecture material ccWeek 1 lecture material cc
Week 1 lecture material cc
Ankit Gupta
 
Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)
Ankit Gupta
 
Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)
Ankit Gupta
 
Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)
Ankit Gupta
 
Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)
Ankit Gupta
 
Lecture29 cc-security4
Lecture29 cc-security4Lecture29 cc-security4
Lecture29 cc-security4
Ankit Gupta
 
Lecture28 cc-security3
Lecture28 cc-security3Lecture28 cc-security3
Lecture28 cc-security3
Ankit Gupta
 
Lecture 30 cloud mktplace
Lecture 30 cloud mktplaceLecture 30 cloud mktplace
Lecture 30 cloud mktplace
Ankit Gupta
 
Week 7 lecture material
Week 7 lecture materialWeek 7 lecture material
Week 7 lecture material
Ankit Gupta
 
Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16
Ankit Gupta
 
Microprocessor full hand made notes
Microprocessor full hand made notesMicroprocessor full hand made notes
Microprocessor full hand made notes
Ankit Gupta
 
Transfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch  synopsis Minor project pptxTransfer Leaning Using Pytorch  synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptx
Ankit Gupta
 
Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2
Ankit Gupta
 
Intro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning PresentationIntro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning Presentation
Ankit Gupta
 
Cloud computing ebook
Cloud computing ebookCloud computing ebook
Cloud computing ebook
Ankit Gupta
 
java program assigment -2
java program assigment -2java program assigment -2
java program assigment -2
Ankit Gupta
 

More from Ankit Gupta (20)

Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learning
 
Week2 cloud computing week2
Week2 cloud computing week2Week2 cloud computing week2
Week2 cloud computing week2
 
Week 8 lecture material
Week 8 lecture materialWeek 8 lecture material
Week 8 lecture material
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
 
Week 1 lecture material cc
Week 1 lecture material ccWeek 1 lecture material cc
Week 1 lecture material cc
 
Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)
 
Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)
 
Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)
 
Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)
 
Lecture29 cc-security4
Lecture29 cc-security4Lecture29 cc-security4
Lecture29 cc-security4
 
Lecture28 cc-security3
Lecture28 cc-security3Lecture28 cc-security3
Lecture28 cc-security3
 
Lecture 30 cloud mktplace
Lecture 30 cloud mktplaceLecture 30 cloud mktplace
Lecture 30 cloud mktplace
 
Week 7 lecture material
Week 7 lecture materialWeek 7 lecture material
Week 7 lecture material
 
Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16
 
Microprocessor full hand made notes
Microprocessor full hand made notesMicroprocessor full hand made notes
Microprocessor full hand made notes
 
Transfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch  synopsis Minor project pptxTransfer Leaning Using Pytorch  synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptx
 
Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2
 
Intro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning PresentationIntro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning Presentation
 
Cloud computing ebook
Cloud computing ebookCloud computing ebook
Cloud computing ebook
 
java program assigment -2
java program assigment -2java program assigment -2
java program assigment -2
 

Recently uploaded

Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
Atif Razi
 
Levelised Cost of Hydrogen (LCOH) Calculator Manual
Levelised Cost of Hydrogen  (LCOH) Calculator ManualLevelised Cost of Hydrogen  (LCOH) Calculator Manual
Levelised Cost of Hydrogen (LCOH) Calculator Manual
Massimo Talia
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
Paris Salesforce Developer Group
 
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
MadhavJungKarki
 
FULL STACK PROGRAMMING - Both Front End and Back End
FULL STACK PROGRAMMING - Both Front End and Back EndFULL STACK PROGRAMMING - Both Front End and Back End
FULL STACK PROGRAMMING - Both Front End and Back End
PreethaV16
 
Digital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptxDigital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptx
aryanpankaj78
 
Height and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdfHeight and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdf
q30122000
 
SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m                 .pptxSCALING OF MOS CIRCUITS m                 .pptx
SCALING OF MOS CIRCUITS m .pptx
harshapolam10
 
Digital Image Processing Unit -2 Notes complete
Digital Image Processing Unit -2 Notes completeDigital Image Processing Unit -2 Notes complete
Digital Image Processing Unit -2 Notes complete
shubhamsaraswat8740
 
Call Girls Chennai +91-8824825030 Vip Call Girls Chennai
Call Girls Chennai +91-8824825030 Vip Call Girls ChennaiCall Girls Chennai +91-8824825030 Vip Call Girls Chennai
Call Girls Chennai +91-8824825030 Vip Call Girls Chennai
paraasingh12 #V08
 
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptxSENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
b0754201
 
Introduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.pptIntroduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.ppt
Dwarkadas J Sanghvi College of Engineering
 
Accident detection system project report.pdf
Accident detection system project report.pdfAccident detection system project report.pdf
Accident detection system project report.pdf
Kamal Acharya
 
Assistant Engineer (Chemical) Interview Questions.pdf
Assistant Engineer (Chemical) Interview Questions.pdfAssistant Engineer (Chemical) Interview Questions.pdf
Assistant Engineer (Chemical) Interview Questions.pdf
Seetal Daas
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Transcat
 
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdfAsymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
felixwold
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
ElakkiaU
 
Object Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOADObject Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOAD
PreethaV16
 
SELENIUM CONF -PALLAVI SHARMA - 2024.pdf
SELENIUM CONF -PALLAVI SHARMA - 2024.pdfSELENIUM CONF -PALLAVI SHARMA - 2024.pdf
SELENIUM CONF -PALLAVI SHARMA - 2024.pdf
Pallavi Sharma
 
Beckhoff Programmable Logic Control Overview Presentation
Beckhoff Programmable Logic Control Overview PresentationBeckhoff Programmable Logic Control Overview Presentation
Beckhoff Programmable Logic Control Overview Presentation
VanTuDuong1
 

Recently uploaded (20)

Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
 
Levelised Cost of Hydrogen (LCOH) Calculator Manual
Levelised Cost of Hydrogen  (LCOH) Calculator ManualLevelised Cost of Hydrogen  (LCOH) Calculator Manual
Levelised Cost of Hydrogen (LCOH) Calculator Manual
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
 
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
 
FULL STACK PROGRAMMING - Both Front End and Back End
FULL STACK PROGRAMMING - Both Front End and Back EndFULL STACK PROGRAMMING - Both Front End and Back End
FULL STACK PROGRAMMING - Both Front End and Back End
 
Digital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptxDigital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptx
 
Height and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdfHeight and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdf
 
SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m                 .pptxSCALING OF MOS CIRCUITS m                 .pptx
SCALING OF MOS CIRCUITS m .pptx
 
Digital Image Processing Unit -2 Notes complete
Digital Image Processing Unit -2 Notes completeDigital Image Processing Unit -2 Notes complete
Digital Image Processing Unit -2 Notes complete
 
Call Girls Chennai +91-8824825030 Vip Call Girls Chennai
Call Girls Chennai +91-8824825030 Vip Call Girls ChennaiCall Girls Chennai +91-8824825030 Vip Call Girls Chennai
Call Girls Chennai +91-8824825030 Vip Call Girls Chennai
 
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptxSENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
 
Introduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.pptIntroduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.ppt
 
Accident detection system project report.pdf
Accident detection system project report.pdfAccident detection system project report.pdf
Accident detection system project report.pdf
 
Assistant Engineer (Chemical) Interview Questions.pdf
Assistant Engineer (Chemical) Interview Questions.pdfAssistant Engineer (Chemical) Interview Questions.pdf
Assistant Engineer (Chemical) Interview Questions.pdf
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
 
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdfAsymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
Asymmetrical Repulsion Magnet Motor Ratio 6-7.pdf
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
 
Object Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOADObject Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOAD
 
SELENIUM CONF -PALLAVI SHARMA - 2024.pdf
SELENIUM CONF -PALLAVI SHARMA - 2024.pdfSELENIUM CONF -PALLAVI SHARMA - 2024.pdf
SELENIUM CONF -PALLAVI SHARMA - 2024.pdf
 
Beckhoff Programmable Logic Control Overview Presentation
Beckhoff Programmable Logic Control Overview PresentationBeckhoff Programmable Logic Control Overview Presentation
Beckhoff Programmable Logic Control Overview Presentation
 

Lecture26 cc-security1

  • 1. CLOUD COMPUTING CLOUD SECURITY I PROF. SOUMYA K. GHOSH DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING IIT KHARAGPUR
  • 2. 2 Security - Basic Components  Confidentiality  Keeping data and resources hidden  Integrity  Data integrity (integrity)  Origin integrity (authentication)  Availability  Enabling access to data and resources
  • 3. 3 Security Attacks  Any action that compromises the security of information.  Four types of attack: 1. Interruption 2. Interception 3. Modification 4. Fabrication  Basic model: D Source Destination S
  • 4. 4 Security Attacks (contd.)  Interruption:  Attack on availability  Interception:  Attack on confidentiality S D S D I
  • 5. 5 Security Attacks  Modification:  Attack on integrity  Fabrication:  Attack on authenticity S D S D I I
  • 6. 6 Classes of Threats  Disclosure  Snooping  Deception  Modification, spoofing, repudiation of origin, denial of receipt  Disruption  Modification  Usurpation  Modification, spoofing, delay, denial of service
  • 7. 7 Policies and Mechanisms  Policy says what is, and is not, allowed  This defines “security” for the site/system/etc.  Mechanisms enforce policies  Composition of policies  If policies conflict, discrepancies may create security vulnerabilities
  • 8. 8 Goals of Security  Prevention  Prevent attackers from violating security policy  Detection  Detect attackers’ violation of security policy  Recovery  Stop attack, assess and repair damage  Continue to function correctly even if attack succeeds
  • 9. 9 Trust and Assumptions  Underlie all aspects of security  Policies  Unambiguously partition system states  Correctly capture security requirements  Mechanisms  Assumed to enforce policy  Support mechanisms work correctly
  • 10. 10 Types of Mechanisms secure precise broad set of reachable states set of secure states
  • 11. 11 Assurance  Specification  Requirements analysis  Statement of desired functionality  Design  How system will meet specification  Implementation  Programs/systems that carry out design
  • 12. 12 Operational Issues  Cost-Benefit Analysis  Is it cheaper to prevent or recover?  Risk Analysis  Should we protect something?  How much should we protect this thing?  Laws and Customs  Are desired security measures illegal?  Will people do them?
  • 13. 13 Human Issues  Organizational Problems  Power and responsibility  Financial benefits  People problems  Outsiders and insiders  Social engineering
  • 15. 15 Passive and Active Attacks  Passive attacks  Obtain information that is being transmitted (eavesdropping).  Two types:  Release of message contents:- It may be desirable to prevent the opponent from learning the contents of the transmission.  Traffic analysis:- The opponent can determine the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged.  Very difficult to detect.
  • 16. 16  Active attacks  Involve some modification of the data stream or the creation of a false stream.  Four categories:  Masquerade:- One entity pretends to be a different entity.  Replay:- Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.  Modification:- Some portion of a legitimate message is altered.  Denial of service:- Prevents the normal use of communication facilities.
  • 17. 17 Security Services  Confidentiality (privacy)  Authentication (who created or sent the data)  Integrity (has not been altered)  Non-repudiation (the order is final)  Access control (prevent misuse of resources)  Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files
  • 18. 18 Role of Security  A security infrastructure provides:  Confidentiality – protection against loss of privacy  Integrity – protection against data alteration/ corruption  Availability – protection against denial of service  Authentication – identification of legitimate users  Authorization – determination of whether or not an operation is allowed by a certain user  Non-repudiation – ability to trace what happened, & prevent denial of actions  Safety – protection against tampering, damage & theft
  • 19. 19 Types of Attack  Social engineering/phishing  Physical break-ins, theft, and curb shopping  Password attacks  Buffer overflows  Command injection  Denial of service  Exploitation of faulty application logic  Snooping  Packet manipulation or fabrication  Backdoors
  • 20. 20 Network Security…  Network security works like this:  Determine network security policy  Implement network security policy  Reconnaissance  Vulnerability scanning  Penetration testing  Post-attack investigation
  • 21. 21 Step 1: Determine Security Policy  A security policy is a full security roadmap  Usage policy for networks, servers, etc.  User training about password sharing, password strength, social engineering, privacy, etc.  Privacy policy for all maintained data  A schedule for updates, audits, etc.  The network design should reflect this policy  The placement/protection of database/file servers  The location of demilitarized zones (DMZs)  The placement and rules of firewalls  The deployment of intrusion detection systems (IDSs)
  • 22. 22 Step 2: Implement Security Policy  Implementing a security policy includes:  Installing and configuring firewalls  iptables is a common free firewall configuration for Linux  Rules for incoming packets should be created  These rules should drop packets by default  Rules for outgoing packets may be created  This depends on your security policy  Installing and configuring IDSes  snort is a free and upgradeable IDS for several platforms  Most IDSs send alerts to log files regularly  Serious events can trigger paging, E-Mail, telephone
  • 23. 23 Step 2: Implement Security Policy
  • 24. 24 Step 2: Implement Security Policy  Firewall  Applies filtering rules to packets passing through it  Comes in three major types:  Packet filter – Filters by destination IP, port or protocol  Stateful – Records information about ongoing TCP sessions, and ensures out-of- session packets are discarded  Application proxy – Acts as a proxy for a specific application, and scans all layers for malicious data  Intrusion Detection System (IDS)  Scans the incoming messages, and creates alerts when suspected scans/attacks are in progress  Honeypot/honeynet (e.g. honeyd)  Simulates a decoy host (or network) with services
  • 25. 25 Step 3: Reconnaissance  First, we learn about the network  IP addresses of hosts on the network  Identify key servers with critical data  Services running on those hosts/servers  Vulnerabilities on those services  Two forms: passive and active  Passive reconnaissance is undetectable  Active reconnaissance is often detectable by IDS
  • 26. 26 Step 4: Vulnerability Scanning  We now have a list of hosts and services  We can now target these services for attacks  Many scanners will detect vulnerabilities (e.g. nessus)  These scanners produce a risk report  Other scanners will allow you to exploit them (e.g. metasploit)  These scanners find ways in, and allow you to choose the payload to use (e.g. obtain a root shell, download a package)  The payload is the code that runs once inside  The best scanners are updateable  For new vulnerabilities, install/write new plug-ins  e.g. Nessus Attack Scripting Language (NASL)
  • 27. 27 Step 5: Penetration Testing  We have identified vulnerabilities  Now, we can exploit them to gain access  Using frameworks (e.g. metasploit), this is as simple as selecting a payload to execute  Otherwise, we manufacture an exploit  We may also have to try to find new vulnerabilities  This involves writing code or testing functions accepting user input
  • 28. 28 Step 6: Post-Attack Investigation  Forensics of Attacks  This process is heavily guided by laws  Also, this is normally done by a third party  Retain chain of evidence  The evidence in this case is the data on the host  The log files of the compromised host hold the footsteps and fingerprints of the attacker  Every minute with that host must be accounted for  For legal reasons, you should examine a low-level copy of the disk and not modify the original