CEH 19- Cloud Computing

By

What is Cloud?

  • The Cloud refers to Servers that are accessed over the Internet.

  • The software and databases runs on those servers. 

  • Cloud servers are located in data centers all over the world. 

  • By using cloud computing, users and companies don't have to manage physical servers themselves or run software applications on their own machines.

Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. 

What is Cloud Computing?

  • Cloud Computing is the practice of using a network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer. 

  • The information being accessed is found in "the cloud" so the user need not to be in a specific place to gain access in which data is stored.

Characteristics of Cloud Computing:

  • On-demand self-service
  • Distributed storage
  • Rapid elasticity
  • Automated management
  • Broad network access
  • Resource pooling
  • Measured service
  • Virtualization technology
  • Pay per use

Cloud Computing Services: 

  1. Infrastructure as a Service (IaaS) 
  2. Platform as a service (PaaS) 
  3. Software as a service (SaaS)

1. Infrastructure as a Service (IaaS): 

  • Infrastructure-as-a-Service (IaaS) provides virtual machines and other abstracted hardware and operating systems which may be controlled through service API. 

  • In these services, cloud service providers install operating system images, and application software’s on the cloud infrastructure based on user’s requirement. 

  • The cloud service provider is responsible for patching and maintains the operating systems and the application software.

  • Examples: Amazon Web Services, Google Compute Engine, IBM Cloud etc. 

2. Platform-as-a-Service (PaaS): 

  • Platform-as-a-Service (PaaS) offers development tools, configuration management, and development platforms on-demand that can be used by subscribers to develop custom applications. 

  • Typically it includes a framework that satisfies the requirement of a developer. 

  • The Application developers can take advantage of using the licensed software without worrying about the cost and complexity involved in maintaining the underlying hardware and software layers. 

  • Examples: Google App Engine, Microsoft Azure, etc.

3. Software as a Service (SaaS): 

  • Software-as-a-Service (SaaS) offers software to subscribers on-demand over the Internet. 

  • CSP (Cloud service provider) manages the infrastructure and platforms that run these applications. 

  • This service eliminates the need for installing and running the applications on the user's computers. 

  • Examples: Google Docs, Calendar, Web-based office applications, etc.

Cloud Deployment Models: 

  1. Public cloud 
  2. Private cloud 
  3. Community cloud 
  4. Hybrid Cloud

Benefits of Cloud Computing:

1. Security: 

  • Less investment in security. 
  • Better disaster recovery. 
  • Effective patch management and implementation of security updates. 

2. Economic: 

  • Environment-friendly. 
  • Less maintenance. 
  • Less power consumption. 

3. Operational: 

  • Deploy applications quickly. 
  • Scale as needed. 

4. Staffing: 

  • Less IT staff. 
  • Well usage of resources. 
  • Less personnel training. 

Cloud Computing Threats: 

  1. Illegal access to the Cloud. 
  2. Privilege Escalation. 
  3. Hardware Failure. 
  4. VM-Level attacks. 
  5. Cryptanalysis Attacks. 
  6. SQL Injection Attacks. 
  7. DoS and DDoS Attacks. 
  8. Session Hijacking using XSS Attacks. 
  9. Loss of Business Reputation due to Co-tenant Activity.

Cloud Security Tools: 

  1. Applications: Web App Firewalls, Scanners, Transactional Security.

  2. Information: Strong Encryption, Database Activity Monitoring, DLP.

  3. Network: NIDP/NIPS, Firewall, Deep Packet Inspection, Anti-DDoS.

  4. Trusted Computing: Hardware and Software API's. 

  5. Computer and Storage: Host-based Firewall, HIDS/HIPS, Integrity and File/Log Management. 

  6. Management: Patch Management, Configuration Management.

  7. Physical: Physical Plant Security, CCTV, Guards.

Mitigations: 

  • Enforce data protection, backup and retention mechanisms. 
  • Disclose relevant logs and data to customers. 
  • Prevent unauthorized server access using security checkpoint. 
  • Monitor the client’s traffic for any malicious activity. 
  • Implement strong key generation, stronger authentication management, and destruction practices. 
  • Check for data protection at both design and runtime.
  • Enforce legal contracts in employee behavior policy. 
  • Prohibit users from sharing application and services credentials. 
  • Ensure that physical security is a 24 x 7. 
  • Leverage strong two-factor authentication techniques where possible.

Be Aware, Be Secure.

Thank You 🙏

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment

Popular posts from this blog

Demo 1- How to Track Location by a Link

By
Image
↑ GPS: GPS stands for Global Positioning System . The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system (GNSS) that provides geolocation and time information to a GPS receiver anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Obstacles such as mountains and buildings block the relatively weak GPS signals. Locator v1.0: Locator is a tool developed by "thelinuxchoice".This tool is implemented in Shell Scripting. This tool is implemented in Shell Scripting. Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Disclaimer:  Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable lo
Read more

Snyk - Ubuntu 20.04 (Linux)

By
Image
In this article, we are going to learn about Snyk, features, and hands-on demo on how to install, usage and uninstall on Ubuntu 20.04(Linux).   Disclaimer:   The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking,  Software Development and  IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. Table of Content What is Snyk ?   Jump to Features   Jump to Hands-On   Jump to Requirements   Jump to Download   Jump to Install   Jump to Usage   Jump to Uninstall    Jump to Cheat Sheet    Jump to    What is Snyk ?  Snyk is a developer security platform for securing code , dependencies , containers , and infrastructure as code .  Integra
Read more

Cracking VNC Password Using Hydra

By
Image
Today we are going learn how to crack the password of VNC service using Hydra Tool.  Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. What is VNC? Virtual Network Computing ( VNC ) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol ( RFB ) to remotely control another computer.  What is Hydra? Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, i
Read more