Social Icons

Showing posts with label cloud secuity. Show all posts
Showing posts with label cloud secuity. Show all posts

Saturday, December 19, 2015

DICE-2015 : CLOUD FORENSICS : Digital Investigations Conference and Exhibition

DICE is the Digital Investigations Conference and Exhibition which is held annually in the Delhi/NCR region in India.It is the only Conference and Exhibition of its kind in all of South Asia. It is targeted towards Digital Investigations and Computer Forensics personnel. At this conference experts showcase best practices, case studies and experiences in dealing with both cyber and conventional crime and security incidents with the help of digital technologies. It is attended by law enforcement, government and corporate investigation professionals. I participated in the conference as a speaker on the topic CLOUD FORENSICS.The presentation brings out the primary challenges in the domain of Cloud Computing.



Few Pics from the conference sharing below :





Saturday, April 27, 2013

Cloud Forensics:The State as on Date

1.   Cloud Forensics per se has got two powerful terms of today's buzzing IT World..... that's Cloud and Forensics...when traditional computing methods of forensics are still to mature...Cloud itself has a long way to go before the final matured model comes up...this combination actually refers to the world of CLOUD FORENSICS. NIST defines it as follows :

"Cloud forensics is the application of digital forensics science in cloud computing environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence. Organizationally, it involves interactions among cloud actors (i.e.,cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi-tenant situations."

2.   Today at NULLs meet,I got an opportunity to give this presentation on Cloud Forensics....the copy is shown below :


3. About NULL...please read about the community at their website at http://null.co.in/. The team is doing a great job for buzzing IT professionals,students,geeks,script kiddies(like me!!! :-). NULL boasts of an active security community where monthly meets and regular security awareness camps in various Institutions and Organizations are held. Basically a bunch of security phreaks who like to share their technical expertise and hacking skills with each other and spread awareness among the common people about the good, the bad and the ugly side of computers and technology. They believe that sharing the right technical knowledge leads to expertise and innovation.I joined them about 4 months back and have learned a lot in few meets that I attended!!!!!

Tuesday, August 28, 2012

Cloud Threat : Malicious Insiders


1.   A lesser known fact but a serious threat comes in form of a malicious insider ie the people who work for the organisation delivering the cloud services.In a typical organisation,one malicious insider can put the company in serious trouble and embarassment unless all are monitored by placing strict access controls and policies.Thus the threat multifolds in capacity of doing damage in case of companies who offer cloud models as service since all services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance.To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. 

2.   Recommendations by CSA are put up below :

-  Enforce strict supply chain management and conduct a comprehensive supplier assessment.

-  Specify human resource requirements as part of legal contracts.

-  Require transparency into overall information security and management practices, as well as compliance reporting.

-   Determine security breach notification processes.

3.   Thanks CSA

Cloud Threat : Unknown risk profile


1.    The best thing all of us like and promote about cloud is that we have very little and reduced investment in software and hardware and also that the cloud user is able to focus on his core business.Like for a bank he should not be worried about what server should he buy or what storage should he provision...the bank should be able to focus on how to improve the banking procedures and profits.So this way the distraction is less for the prime user.But at the same time these benefits must be weighed carefully against the contradictory security concerns which are complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security requirements and musts.Would ever the Bank,in an case example,bother to know the Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design ?I am sure no bank would do that once they have outsourced their worries to the Cloud.Details and Information with whom the same infrastructure is being shared becomes critical.One loose hole and u get compromised.Although this is not so easy....but we should know that the cyber criminals and hackers work more then us to keep all of us on toes and if successful then on Knees:-)

2. An old, 2009, real case example exploiting this specific threat is available at http://www.pcworld.com/article/158038/heartland_has_no_heart_for_violated_customers.html

3.  Recommendations by CSA :

-  Disclosure of applicable logs and data.

-  Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.).

-  Monitoring and alerting on necessary information.

Monday, August 27, 2012

Cloud Threat : Insecure Interfaces and APIs


1.    How does a typical cloud user interacts,manages and configures his cloud ? This interaction is achieved with Cloud Computing providers exposing the user to a set of software interfaces or APIs.Thus the overall demand,settings,managing and all configuration is achieved using this interface and APIs only.Thus comes the aspect of security of handling and designing these interfaces and APIs.The security and availability of ANY cloud service is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.Not only this,but all the third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API.The recommended remediation's vide CSA are mentioned below :

- Analyze the security model of cloud provider interfaces.

- Ensure strong authentication and access controls are implemented in concert with encrypted transmission.

- Understand the dependency chain associated with the API

Cloud Threat : Shared Technology Issues


1.   When a computer processor is designed/manufactured...viz core 2 Duo or quad-core processor or for this purpose any processor,the processor doesn't know what will it be finally used for....I mean it may be used as a standalone machine or a server machine!!!Here's the issue..ie this processor was not meant to be used for cloud....but how does this matter?This matter because from the security point of view this processor was meant to support strong ISOLATION properties which is not the case in routine manufacturing.Only dependent on the hypervisors for the regular interface as discussed at an earlier post here.In cases of cloud we have to handle two platforms ..one is the OS running like windows or any other OS which comes along with inbuilt and already exploited vulnerabilities that keep getting patched(what about Zero day???) and the other is hypervisor vulnerabilities(just google on hypersvisor vulnerabilities and u see what's in store to get surprised).Both of these combined together would be deadly if not taken care of...because in the cloud world, reacting to a damage would be like taking some one to hospital after an accident or a bomb blast whereas it should be the other way round....remove all possibilities of the accident and ensure 100% secure Areas....latter being too tough to imagine in current environment.

2.   I read about this few years back when I was not very much clear on Cloud Computing concepts(though still naive but better then past!!! :-),there was an incident involving a hypervisor breach that was not widely publicized.Now if u know about XBox 360(is a video game console developed by Microsoft that competes with Sony's PlayStation 3 and Nintendo's Wii),it has an embedded hypervisor (surprisingly not Hyper-V),so it was some time in 2007, that there was a documented buffer overflow vulnerability in this hypervisor which could be exploited to gain access to the hypervisor mode and thus, to the entire system. Microsoft immediately released a patch for this.Now unlike regular Windows OS Option, patches are not optional for Xbox users. Thus,the patch was applied the next time a user connected to Xbox Live or installed a new game. Proof of concepts quickly appeared that exploited the hypervisor vulnerability as well as online documentation on how people have used the Xbox “hypervisor exploit” to crack their systems.(...got this info from http://blogs.gartner.com/neil_macdonald/2009/02/20/hypervisor-attacks-in-the-real-world/)

3.   Thus arises a need for strong secured compartments to ensure that the individual cloud users are not compromised in a manner that would ensure unmanageable losses in monitory terms as well as brand devaluation.The CSA gives the following point wise remidiation format for designing the policy boundaries to counter Shared Technology Issues : 

-  Promote strong authentication and access control for administrative access and operations.

-  Monitor environment for unauthorized changes/activity.

-  Enforce service level agreements for patching and vulnerability remediation.

-  Implement security best practices for installation/configuration.

-  Conduct vulnerability scanning and configuration audits.

Cloud Computing : The Darker Side


1.            Cloud computing…the word has generated enough buzz already across the corporate…the techies…the possibilities in future but all this comes at a backend question on security. If there is one thing that stops 80% of possible users using this powerful technology,it is only one aspect of it and that’s SECURITY….The question that comes in an auto mode to any possible cloud service enthusiast like how safe will be my data stored with them…even if its private who controls the key generation algorithms code…who is the single point of contact and so many…but perhaps evry question on this comes under one umbrella by the name of SECURITY…..

2.            So …are they right in thinking so?…when a technology that’s coming up so strong and so globally accepted  is it possible that the giant rise comes without an inbuilt security module? Actually it goes like right they are…the users…their fears stand right when they think about their data ownership.Released by https://cloudsecurityalliance.org,  in Dec 2010,they have identified few imminent threats in the sphere of cloud computing which they have meticulously covered under few major heads as identified below.These are not in the sequence of severity of threat as no seniority levels in this have been identified by the CSA.The original version of this paper by the Cloud Security Aalliance is at https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

Threat  1: Shared Technology Issues
Threat  2: Insecure Interfaces and APIs
Threat  3: Unknown Risk Profile
Threat  4: Malicious Insiders
Threat  5: Data Loss or Leakage
Threat  6: Abuse and Nefarious Use of Cloud Computing
Threat  7: Account or Service Hijacking

3.            Each of these security threats, I plan to discuss further in other posts within the week or as I am able to spare time….read some from CSA and put it in the manner I understand that.Thanks https://cloudsecurityalliance.org

Wednesday, August 15, 2012

Cloud Computing & Virtualisation

 1.    Recently got an opportunity to give a presentation to a school/college audience about whats all the fuzz of Cloud Computing and Virtualization about?I tried building up the presentation from scratch to handling some secuity issues in the cloud.The copy is for you to see for reference : 

Cloud computing and Virtualisation
Powered By Blogger