Social Icons

Showing posts with label cloud security alliance. Show all posts
Showing posts with label cloud security alliance. Show all posts

Wednesday, June 10, 2015

Cloud Forensics: Challenges Only Ahead

1.   Cloud Computing is emerging amongst all the bombilate words of acclivitous technologies as the most prodigious maturations in the chronicles of computing. As it still takes time to settle, a new egressing challenge as felt whilst its implementation across has been a relatively more newfangled field known as Cloud Forensics. Today as Cloud still needs time to mature and offer its full exploitation, the even newer subfield Cloud Forensics is a carking cause to negate immediate acceptance of cloud computing with open arms. The research in this field is still in parturient stages to say from perspective of the way cases and incidents are being handled on ground today. 

2.   My paper got published in "Cyber Times International Journal of Technology & Management".The "Cyber Times International Journal of Technology & Management" (CTIJTM) was launched in 2007 by "Cyber Times - PRESS" in order to promote Latest Research and innovations in the Area of Technology & Management.The"Cyber Times International Journal of Technology & Management" (CTIJTM) is Bi-Annual, Double Blind Peer Reviewed, International Journal with International Serial Standard Number which is available in print and online versions. It provides the new paradigms in the embryonic fields of Technology, Management, Science, Electronics, Law, Economy etc. and visualizes the future developments in the respective areas. It is meant to publish High Quality Research Papers with innovative ideas, inventions, and rigorous research which will ultimately interest to research scholars, academicians, industry professionals, etc.The paper is available at the following links :

http://journal.cybertimes.in/?q=Vol8_A_P1_01


and also for viewing at scribd as below :

Saturday, April 27, 2013

Cloud Forensics:The State as on Date

1.   Cloud Forensics per se has got two powerful terms of today's buzzing IT World..... that's Cloud and Forensics...when traditional computing methods of forensics are still to mature...Cloud itself has a long way to go before the final matured model comes up...this combination actually refers to the world of CLOUD FORENSICS. NIST defines it as follows :

"Cloud forensics is the application of digital forensics science in cloud computing environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence. Organizationally, it involves interactions among cloud actors (i.e.,cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi-tenant situations."

2.   Today at NULLs meet,I got an opportunity to give this presentation on Cloud Forensics....the copy is shown below :


3. About NULL...please read about the community at their website at http://null.co.in/. The team is doing a great job for buzzing IT professionals,students,geeks,script kiddies(like me!!! :-). NULL boasts of an active security community where monthly meets and regular security awareness camps in various Institutions and Organizations are held. Basically a bunch of security phreaks who like to share their technical expertise and hacking skills with each other and spread awareness among the common people about the good, the bad and the ugly side of computers and technology. They believe that sharing the right technical knowledge leads to expertise and innovation.I joined them about 4 months back and have learned a lot in few meets that I attended!!!!!

Tuesday, August 28, 2012

Cloud Threat : Malicious Insiders


1.   A lesser known fact but a serious threat comes in form of a malicious insider ie the people who work for the organisation delivering the cloud services.In a typical organisation,one malicious insider can put the company in serious trouble and embarassment unless all are monitored by placing strict access controls and policies.Thus the threat multifolds in capacity of doing damage in case of companies who offer cloud models as service since all services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance.To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. 

2.   Recommendations by CSA are put up below :

-  Enforce strict supply chain management and conduct a comprehensive supplier assessment.

-  Specify human resource requirements as part of legal contracts.

-  Require transparency into overall information security and management practices, as well as compliance reporting.

-   Determine security breach notification processes.

3.   Thanks CSA

Cloud Threat : Unknown risk profile


1.    The best thing all of us like and promote about cloud is that we have very little and reduced investment in software and hardware and also that the cloud user is able to focus on his core business.Like for a bank he should not be worried about what server should he buy or what storage should he provision...the bank should be able to focus on how to improve the banking procedures and profits.So this way the distraction is less for the prime user.But at the same time these benefits must be weighed carefully against the contradictory security concerns which are complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security requirements and musts.Would ever the Bank,in an case example,bother to know the Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design ?I am sure no bank would do that once they have outsourced their worries to the Cloud.Details and Information with whom the same infrastructure is being shared becomes critical.One loose hole and u get compromised.Although this is not so easy....but we should know that the cyber criminals and hackers work more then us to keep all of us on toes and if successful then on Knees:-)

2. An old, 2009, real case example exploiting this specific threat is available at http://www.pcworld.com/article/158038/heartland_has_no_heart_for_violated_customers.html

3.  Recommendations by CSA :

-  Disclosure of applicable logs and data.

-  Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.).

-  Monitoring and alerting on necessary information.

Monday, August 27, 2012

Cloud Threat : Insecure Interfaces and APIs


1.    How does a typical cloud user interacts,manages and configures his cloud ? This interaction is achieved with Cloud Computing providers exposing the user to a set of software interfaces or APIs.Thus the overall demand,settings,managing and all configuration is achieved using this interface and APIs only.Thus comes the aspect of security of handling and designing these interfaces and APIs.The security and availability of ANY cloud service is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.Not only this,but all the third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API.The recommended remediation's vide CSA are mentioned below :

- Analyze the security model of cloud provider interfaces.

- Ensure strong authentication and access controls are implemented in concert with encrypted transmission.

- Understand the dependency chain associated with the API

Cloud Threat : Shared Technology Issues


1.   When a computer processor is designed/manufactured...viz core 2 Duo or quad-core processor or for this purpose any processor,the processor doesn't know what will it be finally used for....I mean it may be used as a standalone machine or a server machine!!!Here's the issue..ie this processor was not meant to be used for cloud....but how does this matter?This matter because from the security point of view this processor was meant to support strong ISOLATION properties which is not the case in routine manufacturing.Only dependent on the hypervisors for the regular interface as discussed at an earlier post here.In cases of cloud we have to handle two platforms ..one is the OS running like windows or any other OS which comes along with inbuilt and already exploited vulnerabilities that keep getting patched(what about Zero day???) and the other is hypervisor vulnerabilities(just google on hypersvisor vulnerabilities and u see what's in store to get surprised).Both of these combined together would be deadly if not taken care of...because in the cloud world, reacting to a damage would be like taking some one to hospital after an accident or a bomb blast whereas it should be the other way round....remove all possibilities of the accident and ensure 100% secure Areas....latter being too tough to imagine in current environment.

2.   I read about this few years back when I was not very much clear on Cloud Computing concepts(though still naive but better then past!!! :-),there was an incident involving a hypervisor breach that was not widely publicized.Now if u know about XBox 360(is a video game console developed by Microsoft that competes with Sony's PlayStation 3 and Nintendo's Wii),it has an embedded hypervisor (surprisingly not Hyper-V),so it was some time in 2007, that there was a documented buffer overflow vulnerability in this hypervisor which could be exploited to gain access to the hypervisor mode and thus, to the entire system. Microsoft immediately released a patch for this.Now unlike regular Windows OS Option, patches are not optional for Xbox users. Thus,the patch was applied the next time a user connected to Xbox Live or installed a new game. Proof of concepts quickly appeared that exploited the hypervisor vulnerability as well as online documentation on how people have used the Xbox “hypervisor exploit” to crack their systems.(...got this info from http://blogs.gartner.com/neil_macdonald/2009/02/20/hypervisor-attacks-in-the-real-world/)

3.   Thus arises a need for strong secured compartments to ensure that the individual cloud users are not compromised in a manner that would ensure unmanageable losses in monitory terms as well as brand devaluation.The CSA gives the following point wise remidiation format for designing the policy boundaries to counter Shared Technology Issues : 

-  Promote strong authentication and access control for administrative access and operations.

-  Monitor environment for unauthorized changes/activity.

-  Enforce service level agreements for patching and vulnerability remediation.

-  Implement security best practices for installation/configuration.

-  Conduct vulnerability scanning and configuration audits.
Powered By Blogger