Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Suronapee Phoomvuthisarn, Ph.D. / NETE4631:Cloud Privacy and Security - Lecture 12.

Published byVirgil Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Suronapee Phoomvuthisarn, Ph.D. / NETE4631:Cloud Privacy and Security - Lecture 12."— Presentation transcript:

1 1 Suronapee Phoomvuthisarn, Ph.D. Email: suronape@mut.ac.th / Q305suronape@mut.ac.th NETE4631:Cloud Privacy and Security - Lecture 12

2 Characteristics of Cloud (NIST) 2

3 Statistical Challenges in the Cloud 3

4 Security & Privacy Challenges 4  Outsourcing Data and Applications  Extensibility and Shared Responsibility  Service-Level Agreements (SLAs)  Virtualization and Hypervisors  Heterogeneity  Compliance and Regulations  Three kinds of issues in standards and regulations  “How” issues – how an application of specific type should operate in order to protect certain concerns specific to its problem domain  “Where” issues – where you can store certain information  “What“ issues – standards that prescribe specific components to your infrastructure

5 The Life Cycle of a Modern Attack 5

6 Functional Traits of Botnets 6

7 Key Components and Tools in the Modern Attack Strategy 7

8 Data Security 8  Physical security  Data control  Encryption (both in transit and storage)  Off-side backups regularly  Data segmentation  Minimize the impact of the compromise of specific nodes

9 Network security  Firewall  Firewall-like traffic rules to govern which traffic can reach which virtual servers, such as security groups in Amazon EC2  Network Intrusion Detection  monitor local traffic for anything that looks irregular 9

10 Firewall rules 10 A firewall rules in AmazonTraditional firewall

11 Brokered Cloud Storage Access 11

12 Network Intrusion Detection Systems (NIDS)  NIDS  to monitor local traffic for anything that looks irregular  scans/ Denial-of-service attacks/known vulnerability exploit attempts 12

13 Host Security  Host security describes how your server is set up for the following tasks  Preventing attacks  Minimizing the impact of a successful attack on the overall system  Responding to attacks when they occurs 13

14 Host Security (2)  Security patches  In cloud environments, rolling out a patch across the infrastructure takes three simple steps:  Patch you machine images with the new security fixes  Test the results  Re-launch your virtual servers  System hardening  The process of disabling or removing unnecessary services and eliminate unimportant user accounts  Antivirus protection  Selection criteria – (1) how wide the known exploits does it covers (2) time when a virus is released and recovered  Host Intrusion Detection Systems (HIDS) 14

15 Host Intrusion Detection Systems (HIDS) 15

16 Identity Management  What is the identity?  Things you are  Things you know  Things you have  Things you relate to  They can be used to authenticate client requests for services and preventing unauthorized uses  Maintain user roles  Use secure approach such as SSH and public private keys pair rather than password-based method (brute force attack) to access virtual servers  Encryption in transit  Only user that have an operational needs in certain time period 16

17 Defining Identity as a Service (IDaaS) 17  Store the information that associates with a digital entity used in electronic transactions  Core functions  Data store  Query engine  Policy engine

18 Core IDaaS applications 18

19 Authentication Protocol Standards 19  OpenID 2.0 http://openid.nethttp://openid.net  OAuth http://oauth.nethttp://oauth.net

20 Auditing 20  Auditing is the ability to monitor the events to understand performance  Challenges  Proprietary log formats  Might not be co-located

21 Auditing (2) 21 Picture from Alexandra Institute

22 Security Mapping 22  Determine which resources you are planning to move to the cloud  Determine the sensitivity of the resources to risk  Determine the risk associated with the particular cloud deployment type (public, private, or hybrid models) of a resource  Take into account the particular cloud service model that you will be using  If you have selected a particular cloud provider, you need to evaluate its system to understand how data is transferred, where it is stored, and how to move data both in and out of the cloud

23 The AWS Security Center 23

24 Security Responsibilities 24  Cloud Deployment Models (NIST)  Public clouds  Private clouds  Hybrid clouds

25 Security Service Boundary 25 By Cloud Security Alliance (CSA)

26 Regulatory Compliance 26  All regulations were written without keeping Cloud Computing in mind.  Clients are held responsible for compliance under the laws that apply to the location where the processing or storage takes place.  Security laws that requires companies providing sensitive personal information have to encrypt data transmitted and stored on their systems (Massachusetts March, 2012).

27 Regulatory Compliance (2) 27  You have to ensure the followings:  Contracts reviewed by your legal staff  The right to audit in your SLA  Review cloud service providers their security and regulatory compliance  Understand the scope of the regulations that apply to your cloud-based applications  Consider what steps to take to comply with the demand of regulations that apply and/ or adjusting your procedures to this matter  Collect and maintain the evidence of your compliance with regulations

28 Defining Compliance as a Service (CaaS) 28  CaaS needs to  Serve as a trusted party  Be able to manage cloud relationships  Be able to understand security policies and procedures  Be able to know how to handle information and administer policy  Be aware of geographic location  Provide an incidence response, archive, and allow for the system to be queried, all to a level that can be captured in a SLA

29 Defining Compliance as a Service (CaaS) (2) 29  Examples of clouds that advertise CaaS capabilities include the following:  Athenahealth for the medical industry  Bankserv for the banking industry  ClearPoint PCI for mechant transactions  FedCloud for goverment

30 Techniques for securing resources 30 Picture from Alexandra Institute

31 Virtualized Data Center Network Security Challenges  The major network security challenges in the virtualized data center include  Hypervisor integrity.  A successful attack against a host’s hypervisor can compromise all of the workloads being delivered by the host.  Intra-host communications.  Communications traffic between different VMs on the same physical host is often not visible and therefore cannot be controlled by traditional physical firewalls and IPS.  VM migration.  When VMs migrate from one physical host to another or from one physical site to another, they tend to break network security tools that rely on physical and/or network-layer attributes. 31

32 Data center evolution and security requirements 32

33 Criteria for Network Security in the Virtualized Data Center  Safe Application Enablement of Data Center Applications  Identification Based on Users, Not IP Addresses  Comprehensive Threat Protection  Flexible, Adaptive Integration  High-Throughput, Low-Latency Performance  Secure Access for Mobile and Remote Users  One Comprehensive Policy, One Management Platform 33

34 References 34  Chapter 4, 12 of Course Book: Cloud Computing Bible, 2011, Wiley Publishing Inc.  Chapter 6, Cloud Application Architectures, building applications and infrastructure in the cloud, O’Reilly, Reese, G., 2009  Network Security in Virtualized Data Centers For DUMMIES, Lawrence C. Miller, John Wiley& Sons  Research paper - Security and Privacy Challenges in Cloud Computing Environments, Hassan Takabi and James B.D. Joshi, University of Pittsburgh

Download ppt "1 Suronapee Phoomvuthisarn, Ph.D. / NETE4631:Cloud Privacy and Security - Lecture 12."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Security Controls – What Works

Security Controls – What Works
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 12 Network Security.

Chapter 12 Network Security.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Similar presentations

Ads by Google