contents...umuc preventive and protective strategies in cybersecurity csec-630 © umuc 2011 page 1...

UMUC Preventive and Protective Strategies in Cybersecurity CSEC-630

© UMUC 2011 of 29

Contents Topic 1: Scenario ............................................................................................................................. 2

Cloud Computing: A View from Above ........................................................................................ 2 Topic 2: Module Introduction ........................................................................................................... 4 Topic 3: Virtualization and Cloud Computing .................................................................................. 5

What Is Cloud Computing? .......................................................................................................... 5 Server Virtualization ..................................................................................................................... 6 Benefits and Features of Cloud Computing ................................................................................. 8 Cloud Computing Security ......................................................................................................... 11 Cloud Storage Security .............................................................................................................. 12 Mobile Cloud Computing ............................................................................................................ 13

Topic 4: Security Concerns and Challenges ................................................................................. 14 Activity: Determining Security Concerns .................................................................................... 14

Topic 5: Cloud Computing Solutions: Present and Future ............................................................ 19 NIST Guidelines ......................................................................................................................... 19 Risks and Mitigations ................................................................................................................. 22 Service Level Agreements ......................................................................................................... 24

Topic 6: Virtualization Case Study ................................................................................................. 25 OrgOne‟s Virtual Library ............................................................................................................ 25

Topic 7: Summary.......................................................................................................................... 27 Glossary ......................................................................................................................................... 28


© UMUC 2011 of 29

Topic 1: Scenario

Cloud Computing: A View from Above

Virtualization and Cloud Computing Security

CSEC-630 – Module 9 Cloud Computing: A View from Above In certain industries, businesses often need to promote special offers in order to drive sales. For example, movie theaters promote a grand opening by offering free movie tickets online. Sometimes, when doing this, their internal servers experience a network traffic spike, which can inadvertently cause a denial-of-service against their assets. As a result, these types of organizations face the need to efficiently and expeditiously adjust their IT infrastructure. They can either purchase or rent the required additional capacity (for example, storage, processing capacity, and bandwidth), or simply outsource some of their key functions. Examples include using software as a service (SaaS) or infrastructure as a service (IaaS). Cloud service and other virtual service providers can be leveraged in multiple ways to address these sporadic and often unpredictable requirements. Scenario Introduction Airange and I-Keep are two cloud service providers. Three organizations that subscribe to their services are Medical Imaging (MI), MediaInc, and Stratus. MedicaI Imaging Medical service provider Medical Imaging (MI) subscribes to the cloud computing services offered by Airange. Medical Imaging is used to process patients‟ digital medical images, such as CT scans, MRIs, and ultrasounds. The confidentiality and integrity of images are very important for MI. As per the agreement with Airange, all Medical Images must be encrypted while at rest or in motion in the cloud. MI requires specific details from Airange to address its security concerns: 1. How is the confidentiality and integrity of these images preserved? 2. Who has access to MI‟s data if it is sharing a server that contains data from other

subscribers of the cloud service? MediaInc Media company MediaInc uses Airange‟s computing services to process various images such as news clips and pictures of its clients. Airange, in turn, stores most of their images with a cloud storage provider named I-Keep. The confidentiality of the images is not a critical factor for MediaInc because all images are publicly available. However, MediaInc has some concerns about specific security requirements. 1. How is the integrity of its images preserved on I-Keep‟s cloud servers?


© UMUC 2011 of 29

2. How is data transferred to the cloud provider in a secure manner, so that unauthorized parties are unable to intercept transmissions?

Stratus Stratus, an application developer, uses Airange‟s software as a service (SaaS) platform. Stratus‟ intellectual property is highly valuable, so the source code must not be available to the public. A networked, real time control system application is set up through Airange for developers to work on their projects concurrently. Stratus faces two main concerns: 1. What is the overall level of security of the virtual storage facility hosting SaaS? How

confident should they feel that someone will not disconnect the server or make a copy of all data on it?

2. To what extent are Stratus‟ security requirements for its software applications and related components addressed by Airange?

Reflect

How does Airange maintain a proper authentication system for its clients?

How does Airange ensure that one client‟s data is kept confidential and protected from other clients who also have access to the same data center?

What are the assurances that the security of the software components and utilities provided by Airange will be consistently maintained?


© UMUC 2011 of 29

Topic 2: Module Introduction Module Introduction

Virtualization is an emerging trend within the enterprise computing environment. Its benefits are highly desirable, but there are very few notable drawbacks. Cloud computing is considered an extension of the trends witnessed in computer network virtualization. Cloud computer services are particularly appealing to organizations whose needs are constantly changing or to organizations that do not have the budget or expertise to host and maintain their own infrastructure. However, there are several considerations that must be taken into account when determining whether or not the cloud can be leveraged strategically for business advantage. Upon entering into an agreement with a cloud service provider, companies expect the cloud provider to assure them of quality standards with regard to the privacy and security of their data. It is important that any company interested in using a cloud provider check to ensure that the provider maintains compliance with all Federal, state, and local laws and regulations.


© UMUC 2011 of 29

Topic 3: Virtualization and Cloud Computing

What Is Cloud Computing?

Cloud computing is a relatively recent trend that offers turnkey data processing, networking and storage capabilities, providing its subscribers with resource scalability, and just-in-time provisioning. Cloud services include software, hardware, and network services that organizations outsource to the cloud service providers to limit overhead. Cloud computing achieves flexibility and affordability through its extensive reliance on virtualization, which, in turn, offers significant opportunities, particularly for those organizations that do not wish to maintain the necessary infrastructure “in house.” Virtualization Step 1 Virtualization is the process of creating a non-traditional computing infrastructure, which is managed by a virtual machine. Step 2 Many virtual machines can exist on a single computer. Step 3 A virtualized environment is supported through the deployment of shared services available via the Internet. Step 4 Separate virtual partitions carry out individual functions and are centrally managed by the virtual machine. Step 5 The size of a virtual environment can increase and decrease in size without altering an organization‟s physical infrastructure, resulting in relatively low overheard and increased flexibility. Cloud computing offers all the benefits of virtualization. One of its key selling points is its scalability. Cloud computing data centers use load balancing to spread data storage across multiple machines simultaneously. An additional benefit of cloud computing, particularly useful for companies that have computing needs that fluctuate often, is the „pay-as-you-go‟ services that apply to data usage of servers, bandwidth, and applications. Additionally, cloud computing is premised on the fact that as the cloud infrastructure scale increases, the delivery time of service becomes incrementally small, trending toward zero.


© UMUC 2011 of 29


Server Virtualization

Vulnerabilities An excerpt from a newspaper article is given below. In the traditional security infrastructure environment, organizations typically rely on layered defenses using a combination of firewalls, intrusion detection, packet filters, encryption, and application-level security measures. However, the virtual environment often renders conventional security techniques ineffective. Virtual security therefore must address each component: host, client, and network. Host Hackers can attempt to gain control of the hypervisor in order to compromise the host server. Once the host is compromised, hackers can potentially breach guest servers and misappropriate data. The first line of defense should focus on preventing the breach from affecting underlying layers. As a precautionary measure, antivirus software should be run on the host server. All other applications should run on the more restricted guest servers. Client If a client server is compromised, the affected client should be identified by the security mechanism and immediately disconnected to stop the threat from spreading.

Only Breaches Teach Us Cloud storage vendor Sky Racer reported that their network was hacked into and that several client files were stolen from their datacenter. This is not the first time that virtualization security, or lack of it, has made headlines in the corporate world, especially the IT sector. Sky Racer‟s CEO Natasha Lyte explained: “Once our host server was compromised, all underlying virtual machines also began to fail. We apologize to our clients and assure them that virtualization security is of paramount importance at our company.” At Sky Racer‟s main client, OBK Bank, the head of IT shared his concerns, “At first we were excited about the unlimited cloud storage capacity. However, virtual environments are risky. First, they are not visible, and we cannot see how a virtual machine (VM) operates. Second, we are unable to enforce appropriate policies because the network ports that connect each VM are delegated to the hypervisors that run on host servers. Third, technologies that enable VM migration may result in softening an organization‟s approach to addressing physical network security. The attack on Sky Racer is a reminder that the virtual world in which we operate requires just as much vigilance as the more traditional physical computer networking environment.


© UMUC 2011 of 29

Network The first step to protecting virtual networks is deploying a hardened operating system and network protocols and applying current security algorithms, patches, and identity authentication. The second step is providing restricted or “least privileged” access, in which a person or application can access only what is required to accomplish the task. This not only reduces the attack surface area, it keeps networks from being easily compromised. In the event of a breach, hackers will be able to spy only on limited network traffic and confidential data. References:

McGillicuddy, S. (2010, September 16). Networking vendors aim to improve server virtualization security. Juniper Networks. Retrieved from http://www.altornetworks.com/news-article/networking-vendors-aim-to-improve-server-virtualization-security

Logan, M. (2011, January 17). Some Information On Virtualization Security. Retrieved from http://ezinearticles.com/?Some-Information-On-Virtualization-Security&id=5736170

Virtual Servers There are three popular approaches to create virtual servers. They are virtual machine, paravirtual machine, and OS-level virtualization. Virtual Machine Virtual machines use a hypervisor to create guest servers. The hypervisor, also called a virtual machine monitor (VMM), is an application that functions as a host of all virtual consoles. Through the hypervisor, each guest server communicates with the CPU in the host server to access computing resources. Each guest server stands independently, unaware of each other, running multiple operating systems. VMware and Microsoft Virtual Server are examples of two popular virtualization platforms. Paravirtual Machine Like virtual machines, paravirtual machines (PVM) also run multiple operating systems and create guest servers, but with two significant differences: 1. PVM Guest operating systems are aware of each other‟s existence. 2. The hypervisor modifies or “ports” the guest operating system‟s code. OS-Level Virtualization When virtual servers are created at the OS level, no hypervisor is required. The host server OS performs all the functions of a virtual hypervisor. Instead of connecting with each guest server independently, it runs a single OS kernel as its core and exports OS functionality to each of the guests. Guests must, however, use the same operating system as the host, though different distributions of the same OS are allowed.


© UMUC 2011 of 29


Benefits and Features of Cloud Computing

Benefits of Cloud Computing Cloud computing offers potential benefits that include:

Providing a centralized solution for hosting software applications and also providing data storage management, thereby reducing the physical infrastructure overhead, management, and related personnel costs

Allowing IT infrastructure to become more scalable, especially for organizations engaging in enterprise resource planning (ERP)

Using a cloud infrastructure, organizations can connect disparate or otherwise incompatible networks together cost effectively. This is in contrast to what they would need to do otherwise—create and manage their own firewalls and reconfigure ports that, in essence, make it more complex and potentially less manageable for some organizations. However, there are also some concerns particularly with respect to the relative level of security associated with cloud computing services. Stakeholders In cloud computing, there are three stakeholders involved:

Cloud subscribers (client organization, end-user)

Cloud service providers (third-party companies)

Cloud infrastructure providers (sometimes the same company as the service provider)

Cloud Subscribers Cloud subscribers include those organizations that decide to outsource some of their IT requirements to third-party companies. Using the cloud, a client can adjust its monthly plan to expand system resources when need be, allowing use of extra server space, network connectivity, and storage backup.

Cloud Service Providers Cloud service providers are companies that deliver Web-based applications, platforms, server space, and network connectivity to other organizations. They provide central management and can increase the services when requested.

They use virtualized, partitioned hard drives to offer services to clients. Typically, cloud customers can access services through a management panel within a Web browser.

Cloud Infrastructure Providers Cloud infrastructure providers are organizations that provide the computer networking capabilities, including architecture and platform, to support the cloud. It is possible for cloud service providers to outsource their data needs to cloud infrastructure providers in order to optimize efficient operations and reduce cost structure through specialization.


© UMUC 2011 of 29

For this reason, it is incumbent that clients perform due diligence before committing to a cloud service offering, to ensure that the cloud provider(s) comply with any and all applicable regulations. This situation also increases the complexity of liability management. Common cloud infrastructure requirements can include firewalls, VLAN segments, VPNs, SANs, data storage, networks, and operating systems. Examples of popular cloud platforms are Microsoft's Azure Services Platform, Google AppEngine, Amazon Web Services, and IBM‟s Cloud services. Deployment Models Cloud computing has three types of deployment models: public cloud, private cloud, and a hybrid public-private cloud.

Private Cloud A private cloud is essentially self-contained within a customer‟s own IT environment. With a private cloud, the customer has access to all the capabilities that cloud computing offers, such as rapid service provisioning, elasticity of resources, enhanced network performance, and higher asset utilization. This option, however, does not provide the massive scalability that is associated with a public cloud infrastructure.

Public Cloud A public cloud describes the traditional mainstream definition of cloud computing, in which resources are dynamically provisioned and self-service is available over the Internet via Web applications and Web services by a third-party provider.

Hybrid Cloud A hybrid cloud is a cloud computing environment in which an organization provides and manages some resources “in house” and has others provided externally. The hybrid approach allows a business to take advantage of the scalability and cost-effectiveness that a public cloud computing environment offers without exposing mission-critical applications and data to systemic third-party vulnerabilities.

Service Models Cloud service providers can be leveraged in multiple ways, but they mostly offer three service models: software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS).

These models provide varying levels of services, ranging from general infrastructure services, such as operating systems or database services provided by IaaS vendors to targeted functional services provided by SaaS vendors. Infrastructure as a service (IaaS) remains the most widely used application of virtualization in the cloud computing context.

Software as a Service Software as a service (SaaS), sometimes referred to as “software on demand,” allows users the ability to access software applications in the cloud through different client interfaces such as Web browsers. It appeals to companies because third-party cloud providers manage, own, change, and control the physical hardware.


© UMUC 2011 of 29

Platform as a Service Platform as a service (PaaS) facilitates the deployment of applications without the cost and complexity of buying and managing the underlying hardware, software, and hosting capabilities. This provides the complete lifecycle of building and delivering Web applications and services. PaaS offerings may include facilities for application design, application development, testing, deployment, hosting, Web service integration, database integration, security, scalability, storage, persistence, state management, and application versioning.

Infrastructure as a Service Infrastructure as a service (IaaS) provides a service in which the processing, storage, networking, and other fundamental computing resources are able to deploy and run arbitrary software, including operating systems and applications. Service users are not allowed to manage, change, or control the underlying cloud infrastructure but have control over operating systems, storage, deployed applications, and possibly select networking components (for example, firewalls, load balancers). IaaS evolved from the concept of a virtual private server.


© UMUC 2011 of 29


Cloud Computing Security

Many companies are concerned that cloud service providers do not provide sufficient security measures to guard against invasion of data privacy and preserve data integrity. With multiple parties handling potentially sensitive data, the attack surface increases. Other concerns are that the cloud provider will not provide the necessary safeguards to protect against malicious activities that will compromise an organization‟s data. The bottom line is that it is inherently more challenging to secure data that is not directly controlled internally within the organization. Therefore, cloud service providers must make security a top priority in order to attract and retain customers. There are three areas in which cloud security measures should be applied.

Internet Security Where cloud applications interface with end-users through the Internet, any vulnerabilities common to Web security also apply to the cloud computing environment. These may include SQL injection, cross-site scripting, and cross-site request forgeries.

Physical Security Cloud subscribers do not control the physical aspects of how their data is stored or handled by one or more servers or storage devices. For example, cloud based servers may be geographically distributed yet appear to the client as residing on one physical device.

Perimeter Security Traditional firewalls and network intrusion detection systems can leave the cloud open to intra-server attacks. Virtual firewalls that check intrusions at several layers can better safeguard the network when it connects to the cloud. For example, an Open Source Host-Based Intrusion Detection System is an IDS specifically designed to support virtualized environments.

Additionally, customers can extend their existing internal network security to those parts of the cloud they are using. For example some cloud service providers implement mandatory inbound firewalls configured in a default deny mode, whereby customers must specify specific ports for inbound connections.


© UMUC 2011 of 29


Cloud Storage Security

The notion of the virtual infrastructure is such that cloud storage facilities appear limitless. However, the contrary notion is that they are “invisible”—that is, it is sometimes impossible for clients to know the physical location of the cloud storage facilities. Data in transit is at risk while it travels from the client‟s network to the cloud and back. Data at rest is also at risk when it is stored or archived in the cloud. Understandably, cloud storage vendors face four main data-related challenges.

Data Confidentiality How do cloud storage providers make sure that each client‟s data is kept confidential from others sharing the same physical infrastructure? Moreover, if one client‟s data is compromised or hacked, how safe are the other clients? Virtualization is the first line of defense, but that does not guarantee that data is protected if the virtual machine becomes compromised. Data encryption is another solution.

Data Encryption Integrity of data at rest or in motion can be protected by data encryption even if it is stolen or wrongly accessed. Organizations should check with cloud providers to see if data in transit can be transparently encrypted or if the data can be encrypted prior to sending it over the cloud. One drawback of doing so is that illegal content can be hosted if the data is encrypted ahead of time. Hosting illegal content creates potential legal liability for the cloud provider.

Data Reliability Cloud computing is still relatively new, and there is some degree of uncertainty regarding its sustainability and reliability. Organizations tend to be particularly cautious about storing mission-critical information on an infrastructure that cannot be internally managed and audited. Data unavailable for extended periods of time can be as crippling to an enterprise as compromised data.

Data Liability Cloud computing networks are based on an infrastructure with distributed ownership—that is, they are owned by several stakeholders that make up the cloud. The question of who retains data ownership therefore becomes crucial, especially if a breach occurs.

Usually the company hosting and the company that collects personal information are one and the same, so they are liable for any data loss or damage that may occur. However, in the case of cloud computing, the owner of the data has little control over it.

If data stored on a cloud is misappropriated, should the liability rest with the cloud service providers? Potential confusion can be mitigated by performing proper due diligence. It is important for companies to be able to perform a system audit on its cloud provider to ensure compliance.


© UMUC 2011 of 29


Mobile Cloud Computing

Cloud to Device Messaging As cloud computing continues to expand its reach to new platforms, service providers are increasingly offering cloud-on-mobile or mobile cloud computing in order to manage and operate mobile applications. The first iteration of mobile cloud computing has come in the form of mobile Gmail and Google Maps, which carry out data storage and processing activities on mobile devices, not necessarily on the cloud. The next generation of mobile cloud computing, such as Android 2.2‟s “Cloud to Device Messaging (C2DM)” feature, conducts data storage and processing outside the mobile device, on the cloud. One example of this is the “Chrome to Phone” app. Benefits versus Barriers Mobile cloud computing offers many benefits but also faces certain barriers to growth, such as scalability and security. Benefits

Web developed applications, requiring only one version, will run on servers rather than on-site, and handset requirements will be automatically minimized and simplified.

Mobile devices will become more powerful when their memory is freed, as data storage and processing will be offloaded to the cloud.

Organizations will benefit from data-sharing applications and enhanced collaboration. Individual users will discover that remote-access applications enable them to monitor their PCs, DVRs, and home security systems.

Barriers

Mobile Web connectivity is still inconsistent in most areas. This can be addressed with technologies like HTML5, which uses local caching to help mobile cloud applications transmit at faster speeds.

All platforms (physical, virtual, and mobile) connected to the cloud need to be adequately secured. However, keeping in mind the limited storage capacity of mobile devices, these security technologies must run on the cloud without adversely affecting device performance, battery life, or processing resources.


© UMUC 2011 of 29

Topic 4: Security Concerns and Challenges

Activity: Determining Security Concerns

Let‟s revisit the companies using cloud services from Airange. Let‟s also meet the representatives of Airange, I-Keep, and Stratus to understand how these stakeholders work to protect the functioning of the cloud.

Companies’ Viewpoints

CTO, Medical Imaging Medical Imaging uses Airange‟s cloud services to process patients‟ digital images. Cloud infrastructure provider I-Keep stores a large number of our images.

CIO, MediaInc MediaInc uses Airange‟s computing services to process news clips and pictures. Cloud infrastructure provider I-Keep stores some of these images.

Systems Analyst, Stratus Stratus creates software applications deployed on a platform offered by Airange. For the software to run optimally, the security requirements of Airange and Stratus need to support each other.

Network Administrator, Airange Airange is a cloud service provider that processes tasks and provides software support for its clients. It uses applications developed by other vendors and integrates them on its platform.

VP Marketing, I-Keep I-Keep is a cloud infrastructure provider that stores confidential data for various clients. I-Keep has to make sure that unauthorized entities do not tamper with or modify any images.

Activity Answer this series of questions to identify the main security concerns of each stakeholder and possible solutions to resolve them. Question 1: What are the security concerns of end-user Medical Imaging? a. Confidentiality of the data b. Loss of productivity c. Loss of control over the data d. Unknown security profiles e. High initial costs f. End-to-end encryption of the data Correct Answer: Options a, c, d, f


© UMUC 2011 of 29

Feedback: The main security concerns of the stakeholder Medical Imaging are confidentiality, loss of control on their digital images, and unknown security profiles of third-party providers such as Airange and I-Keep. Medical Imaging is aware that its images are hosted and stored on external servers such as the ones from Airange‟s and I-Keep‟s infrastructure. It can easily lose control over its data assets. The problem is compounded with the fact that the service adds additional communication links in the chain, as with I-Keep. This third-party inclusion in the service introduces additional security attack vulnerabilities. Medical Imaging‟s data is transmitted first to Airange, and then next to I-Keep. Data may not be adequately protected while it moves within the various layers or across multiple sites operated by different ISPs. Medical Imaging and MediaInc have reasons to doubt whether data is encrypted on an end-to-end basis; it may only be encrypted while it is transmitted across the cloud network. Question 2: Based on your understanding of the security requirements of MediaInc, do you think that a cloud computing environment can provide a “one-security-fits-all” solution to its subscribers? a. Yes b. No c. Maybe Correct Answer: Option b Feedback: Medical Imaging and MediaInc are two different end users that have different sets of security requirements for the same service offered by the same cloud service provider, Airange. They show that no one-size security fits for all stakeholders. The security assurances associated with a cloud service could be customized according to the needs of the consumers. The cloud infrastructure provider must comply with the requirements at the lowest level of the abstraction. For example, Airange should synchronize and ensure the different sets of security requirements that surface at the front-end level of cloud computing. Similarly, the application software must support various security needs requested for the same cloud service. Airange needs to assure MediaInc that I-Keep meets the same level of security standards as Airange. Question 3: What are the security concerns of the application developer Stratus? a. Lack of regulatory controls b. Compositional impact c. Conformity of security properties d. Specific security assurances e. Compliance requirements


© UMUC 2011 of 29

Correct Answer: Options b, c, d Feedback: The cloud application developer Stratus is more interested in the compositional impact and conformity of security properties of their application running on infrastructure managed by I-Keep. Stratus develops applications on a platform and infrastructure provided by Airange and I-Keep. It has partial or no knowledge about the underlying security properties of the platform and infrastructure. For example, Stratus‟ concerns may include whether the application software built on the Airange platform somehow leaks information to other devices. To address these concerns, Stratus should receive specific security assurances from Airange and I-Keep. Question 4: What are the security concerns of the cloud service provider? a. Ensuring data security b. Insufficient management controls c. Lack of standardization d. Protecting data confidentiality Correct Answer: Options a, d Feedback: As the cloud service provider, Airange‟s main concerns are safeguarding Medical Imaging‟s and MediaInc‟s data and images, especially while

transferring images from devices and servers within the control of Medical Imaging and MediaInc to its devices

storing the images with I-Keep Images stored in Airange‟s cloud are not located on a single machine. Rather, they are distributed across the entire virtual layer. Airange must create a remote management capability for Medical Imaging‟s images to ensure their security. The data is also hosted on devices that belong to I-Keep, the third-party ISP. Airange needs to clarify to Medical Imaging and MediaInc how the cloud partners protect the confidentiality of images. Question 5: What are the security concerns of the cloud infrastructure provider? a. The method used to physically protect data storage devices b. The management of backups c. Control of access to confidential data d. Lack of regulatory controls e. Insufficient management controls Correct Answer: Options a, b, c Feedback: The security concerns faced by I-Keep, the cloud infrastructure provider, are no less than the ones faced by the other stakeholders.


© UMUC 2011 of 29

I-Keep knows that a single failure in its infrastructure security mechanisms can allow hackers to access thousands of images owned by Medical Imaging and MediaInc and perhaps images owned by other enterprises. Its concerns would be all the following:

The method used to physically protect data storage devices

The management of backups

Control of access to confidential data Question 6: What are some technical challenges specific to security assurances? a. Regulatory requirements b. Security profiling c. Managing access control d. Security compliance e. Compliance requirements f. Security assurances Correct Answer: Options b, c, d, f Feedback: The technical issues include nondisclosure of specific security assurances of a service as opposed to claiming secure service, lack of control of data owner, and absence of security compliances between service-level functions of service consumers and cloud providers. A lack of control on data assets triggers the issue of confidence and reliability. Cloud computing can be viable to consumers if the specific technical challenges are addressed.

Profile and verify security of all services available to end-users.

Give consumers granular access control on their own data, regardless of where their data assets are located and processed.

Manage consumers‟ ability to control others‟ access to data remotely, regardless of locations and systems.

Install security compliances between consumers‟ systems and cloud providers systems.

Provide security assurances and certification of software/hardware as claimed. Question 7: What could be the nontechnical challenges? a. Overcoming uncertainty b. Lack of consumer confidence c. Overly stringent regulations d. Lack of assurances e. Lack of competition

Correct Answer: Options a, b, d Feedback: There are some nontechnical aspects of the identified security concerns, mostly perceptual in nature. The great unknowns about cloud security and its service dynamics drive uncertainty about cloud computing.


© UMUC 2011 of 29

When cloud computing consumers do not have a clear idea of where their enterprise‟s data is processed or how persistent as well as transient data is protected while being processed, transmitted, and stored by machines controlled by others not closely related to the enterprise, they have valid reason to be concerned. To make a data asset secure, one must separate the asset from the threat. However, data assets are closer to their threats in cloud computing because the assets are transmitted, stored, and manipulated in remote devices by a third-party, not by the owner of the data asset. A remote location not controlled by the asset owner may be associated with multiple threat scenarios. This is one of the reasons that cloud consumers may perceive cloud computing as not sufficiently secure. The security requirements of different stakeholders of cloud computing are interdependent and need to be integrated in a business model. A cloud provider‟s security assurances must meet the requirements of cloud consumers. Similarly, the cloud providers‟ security promises to consumers must be guaranteed by the infrastructure providers. Reflect To constantly improve cloud computing, consumers and service providers must continue to answer critical questions, such as: 1. How will Medical Imaging (MI) keep other cloud subscribers from accessing MI‟s

data? 2. How will Medical Imaging manage the images split across multiple third-party ISPs? 3. How is the security policy defined by Airange and I-Keep preserved and honored at

the application level? 4. How does I-Keep ensure a similar level of security to Airange? 5. How do I-Keep and Airange clean up outdated images in their archive and storage

centers?


© UMUC 2011 of 29

Topic 5: Cloud Computing Solutions: Present and Future

NIST Guidelines

NIST recommendations According to the U.S. National Institute of Standards and Technology (NIST) “cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." NIST recommends ways that government departments, private-sector organizations, and individuals can improve the security of data located on public clouds. Special Publication 800-144, “Security and Privacy in Public Cloud Computing” lists issues and recommendations regarding data security across nine criteria.

Governance Map organizational practices to their related policies, procedures, and standards used for application development and service provisioning in the cloud is essential. The design, implementation, testing, and monitoring of deployed or engaged services is equally important.

Governance is carried out through audit mechanisms and tools to ensure that organizational practices are followed throughout the system lifecycle.

Compliance Research all laws and regulations mandatory for the organization to maintain security and privacy. Also study how those laws affect cloud computing initiatives, especially those that involve data location, privacy, security controls, and electronic discovery requirements.

The service level agreement (SLA) should map the cloud provider‟s offerings to the organizational requirements.

Trust Creating and sharing an SLA in which the cloud service provider transparently discusses all the security and privacy controls and processes they will be using over time provides trust and credibility.

Risk-management plans should be adopted by the organization with input from the cloud provider, to counter new, emerging risks.

Architecture It is critical to understand the underlying technologies the cloud provider uses to provision services, including the implications of the technical controls involved on the security and privacy of the system with respect to the full lifecycle of the system and for all system components.


© UMUC 2011 of 29

Identity & Access Management Make sure that all identity and access management functions, such as authentication and authorization, are adequately safeguarded on the cloud.

Software Isolation Understand virtualization and other software isolation techniques that the cloud provider employs and their associated risks.

Data Protection Verify that the cloud provider‟s data management solutions are suitable for the organizational data needs.

Availability Ensure that all critical applications and system operations are immediately resumed after a system disruption. All other operations should be restarted within a timely, organized manner that is agreed upon in the SLA.

Incident Response List in the SLA all the provisions and procedures the cloud provider must carry out to respond to expected and unexpected incidents.

Reference:

Hinton & Williams LLP. (2011, February 7). NIST Issues Guidelines on Security and Privacy in Public Cloud Computing. Retrieved from http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf

Activity

Each NIST recommendation addresses specific issues that cloud computing providers and consumers face. Here is a list of issues and related NIST recommendations. Match each issue with the appropriate NIST recommendation.

Issue

NIST Recommendation

1. Incident Response

A. The organization should verify that the vendor‟s solutions are suitable for the organization.

2. Data Protection

B. The organization should know the laws required for data location, privacy, and security.

3. Identity & Access Management

C. The SLA should list all the security and privacy controls and processes the vendor will use.

4. Compliance

D. The SLA should list all procedures the vendor will carry out to respond to incidents.

5. Trust

E. The vendor should safeguard all authentication and authorization software on the cloud.

Correct Answers: 1-D, 2-A, 3-E, 4-B and 5-C.


© UMUC 2011 of 29

Feedback: A clearly defined SLA helps build trust between the vendor and client and also explains how the vendor will respond to incidents. It is the client‟s duty to know the data privacy laws and the systems the vendor uses to protect data. It is the vendor‟s duty to provide adequately firewalled authentication and access mechanisms.


© UMUC 2011 of 29


Risks and Mitigations

While cloud computing offers many benefits, its use presents certain risks. However, there are certain measures that might mitigate the risks. Risks

Here are some risks identified by professionals who used cloud computing. Sydney Taites, VP Technology Machine Access We switched to cloud computing because our LAN allowed only administrative access through direct or on-premise connections. With cloud computing we can now access our servers and applications on remote data centers via the Internet. While this “self-service” access to our networks is one of the best features of cloud computing, we do worry that the Internet access also raises the risk of our data centers being hacked. We obviously need to find a way to restrict administrative access and monitor this access so we know if system control falls into the wrong hands. Rufus Bourret, General Manager Machine Dynamics We are so pleased that we haven‟t had to upgrade our hard drives for an entire year because of cloud storage. We easily shift our data around between the various data centers. However, our IT manager brought it to our notice that virtual machines change “state” very quickly, often reverting to previous instances, pausing, restarting, cloning themselves, or seamlessly moving between physical servers. As a result, he‟s having a tough time maintaining an auditable record of the security state of our virtual server at any given point in time. Additionally, this dynamic state-shifting of the virtual infrastructure means that vulnerabilities or configuration errors may be unknowingly propagated. Our auditors expect to see proof of the system‟s secure state regardless of its location or proximity to other, potentially insecure virtual machines. Aaliyah Dalvi, Network Analyst Machine Vulnerability Adopting cloud computing has been an easy transition for us, and we‟ve been able to use our operating systems as well as enterprise and Web applications on the cloud servers. Unfortunately, hackers can easily use malicious codes to threaten our virtual environment, causing malware and infections to spread rapidly between VMs, unless intrusion-detection and prevention systems detect malicious activity at the virtual-machine level. Adding to that, the co-location of multiple virtual machines increases the attack surface for malware. Therefore, our entire team is now focused on how to detect malware at the earliest, regardless of the location of the VM within the virtualized cloud environment.


© UMUC 2011 of 29

Venora Villato, General Manager Machine Security A year ago, we faced a terrible shock when all our confidential data stored on a cloud server was mistakenly deleted when the cloud service provider was removing a worm from its system. We took the cloud service provider to task and insisted that security technologies be applied in a consistent manner across all virtual and physical environments to make our virtual machines integrate efficiently into clouds. We decided to use multiple vendors and insisted that the security technologies be applied across multiple cloud providers. Last, we required that the cloud servers be integrated with existing security infrastructure investments such as virtual integration tools, security information and event management solutions, enterprise directories, and automated software distribution mechanisms. Mitigations Security risks associated with cloud infrastructure and services can be mitigated by employing five kinds of security software: antimalware, firewalls, intrusion detection and prevention, log inspection, and integrity monitoring. Security software must be deployed at the virtual machine layer to secure the integrity of servers and applications at both ends, as data travels from physical locations to clouds. Visit this site for more information on cloud computing http://www.securecloud.com/imperia/md/content/us/pdf/solutions/enterprisebusiness/serversecuritysolutions/deepsecurity/wp04_vm_cloudsecurity100528us.pdf.


© UMUC 2011 of 29


Service Level Agreements

Cloud computing will continue to grow as long as service providers continue to build the required trust with their customers. Working with clouds might be an easier alternative for many companies and enhance business operations. However, to remedy problems that may arise regarding the dependability and reliability of resources, clients should take certain precautions by having providers give certain performance measure assurances. The first step is negotiating a comprehensive service level agreement (SLA) that both parties agree upon. A service level agreement

demonstrates the commitment a vendor is willing to make to assure their client of the highest level of security.

details the service items to be provided: the guarantees, warranties and expected output.

specifies the downtime and recovery time lags, for instance, mean time between failures (MTBF), mean time to repair (also known as the mean time to recovery, or MTTR).

SLAs should be client-specific. Clients should make sure that they explicitly agree upon acceptable security practices with the cloud provider, as well as who is liable in the event of a data breach. To learn more about cloud computing SLAs, visit: http://www.mitre.org/sites/default/files/pdf/cloud_federal_environments.pdf

http://www.mitre.org/sites/default/files/pdf/cloud_federal_environments.pdf


© UMUC 2011 of 29

Topic 6: Virtualization Case Study

OrgOne’s Virtual Library

Introduction When organizations build their virtual networks, they need to be careful about the networks‟ platforms. That is what one organization, OrgOne, realized despite their conviction that virtual environments are isolated and therefore safer from virus attacks. Let us look at OrgOne‟s motivations behind building this virtual mobile network, their safety concerns while running it, and their ability to fight a virus attack. Proof Required Paulina is the CTO of OrgOne. She is keen on going virtual across all departments as a cost-cutting measure. However, her CFO pointed out that a better way to save costs would be to create and test-use a small sample of the network we have in mind. A small control experiment would cost a few thousand dollars, whereas a full-blown virtualization would cost hundreds of thousands dollars. Their first project focused on creating a virtual customer relationship management (CRM) system. It would include multiple database platforms, web application front-ends to allow access to the data, and client systems that will be deployed in kiosks around the world. Toward that end, we have decided to start with a proof-of-concept (PoC) database environment. Steps to Take OrgOne has decided to take five broad steps toward building their sample virtual network. 1. Hire consultants to build a virtualized database proof of concept (PoC) lab on-site. 2. Build a sample network where 10 virtual systems are developed in an RM PoC

environment. 3. Quarantine the network on which the virtual library PoC environment is built. 4. Restrict the consultants‟ access to the corporate network. 5. Let them connect their laptops to an independent guest server/ VLAN on which they

can upload/download mobile images. Do you think it is fair that OrgOne‟s IT department does not trust the consultant‟s laptops and does not grant them access to any part of the private corporate network? Check In and Out The virtual library serves as a central repository where the consultants can “check out” the images they are working on. Often they work on these images off-site for extended periods of time. When they return to the corporate office, the contractors check the updated virtual image back into the OrgOne virtual library. When the virtualized PoC database lab is complete, the IT group takes it over to begin testing. Everything works really well; bugs and logistical issues are quickly fixed. The PoC library has allowed OrgOne to test drive a CRM system at a fraction of the cost, but unfortunately, this honeymoon lasts only for a month.


© UMUC 2011 of 29

Sudden Crash Paulina returns after Labor Day to news that the virtualized lab has unexpectedly crashed; their virtual drive files have been corrupted, destroying all virtual images stored on it. The IT staff tries debugging the system but fails to recover the images, except for one. While the rest of the images are completely dead and will not boot, the surviving image will boot enough to recognize a boot loader. OrgOne‟s resident virtual machine expert successfully mounts the corrupt file system into a new image and repairs it enough for some basic investigation. It turns out that this image was the last image to be checked in by the consultants before they finished their assignment. What they did not realize was that this image is corrupted, carrying within it a logic bomb transported through an elf worm. Result: the operating system will not boot, applications will not open, and all OrgOne‟s hard drives are now just large corrupt binary files. Malware Attack Logic bomb is malware installed and programmed to “go off” at a later date. It auto-detonates at the specified date/time and spreads from machine to machine, using a self-replicating worm. The worm‟s payload consisted of tools specifically looking for virtual environments and exploits against a well-known virtual management machine. This particular exploit targeted the host hypervisor via an infected guest image, allowing the worm to locate and corrupt the hypervisor via the guest and take down the entire virtual library in one fell swoop. Destroy the hypervisor, destroy the virtual infrastructure. The only flaw in this particular worm was its inability to remove itself and the image it was carried in on; it was unable to remove its carrier image because the binary had to remain resident to execute the attack. Misconceptions and Learning

Misconceptions Learning

The lab was on a segmented VLAN and isolated from the corporate network.

Virtual operating systems may be rendered more vulnerable when transient “guests” such as laptops are physically removed and brought back online without any type of screening process. That is why IT departments routinely ban employees from bringing personal machines (laptops) into the corporate network and from taking corporate machines home.

Virtualization brings instant savings.

The virtual infrastructure had been a success for building a quick, isolated test environment. Ultimately, both the host and the entire guest network had to be rebuilt from scratch, forcing the project to start over and doubling the budget.


© UMUC 2011 of 29

Topic 7: Summary

With that, we come to the end of Web Course Module 9. The key concepts covered in this module are listed below.

Virtualization involves the creation of nonphysical infrastructure. Multiple virtual servers can be created on one physical machine. Cloud computing is one type of virtualization and can vary extensively in terms of scale and accessibility.

Cloud computing and storage systems have three main stakeholders: consumers, service providers, and infrastructure providers. They deploy cloud infrastructure through three models: private, public and hybrid. They provide three types of services to consumers: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).

The advantages and disadvantages of working in a virtual environment such as cloud computing include cost efficiency on one hand and security breaches on the other.

Security concerns regarding cloud computing and cloud storage largely concern security for the data stored and security for the channels to transmit and access that data. Security is the responsibility of each stakeholder involved in cloud community.

The different mechanisms that can protect data in cloud storage facilities include encryption, authentication, and discreet devices.

The different security technologies that can protect data in cloud storage facilities include Firewalls, IDS/IPS, integrity monitoring, log inspection, and malware protection.


© UMUC 2011 of 29

Glossary

Term Definition

Cloud Computing

Cloud computing is a relatively new computing paradigm involving data and computation outsourcing that provides resource scalability and just-in-time provisioning at little or no upfront cost.

Cloud to Device Messaging (C2DM)

C2DM is a feature on Android mobile 2.2 in which applications and data on the mobile is actually stored on clouds, keeping the mobile phone‟s memory free. C2DM represents the latest in mobile cloud computing.

Hypervisor

A hypervisor is an application that functions as a host of all virtual consoles. Through the hypervisor, each guest server communicates with the CPU in the host server to access computing resources. The hypervisor is also called a virtual machine monitor (VMM).

Hybrid Cloud

A hybrid cloud is a cloud computing environment in which an organization provides and manages some resources in house and has others provided by a third-party vendor.

Infrastructure as a Service (IaaS)

Infrastructure as a service (IaaS) provides a service in which the processing, storage, networking, and other fundamental computing resources are able to deploy and run arbitrary software, including operating systems and applications.

National Institute of Technology Standards

NIST exists within the Department of Commerce and works to promote innovation and competitiveness by developing standards and technology.

Partition

Partitioning a hard drive means dividing the hard drive into multiple sections. Virtual drives are created when a host or physical server is partitioned.

Platform as a Service (PaaS)

Platform as a service facilitates the deployment of applications without the cost and complexity of buying and managing the underlying hardware, software, and hosting capabilities, providing the complete lifecycle of building and delivering Web applications and services.

Private Cloud

A private cloud is contained within a customer‟s firewalled IT environment. With a private cloud, the customer has all the capabilities that cloud computing offers, such as rapid service provisioning, elasticity of resources, unsurpassed network latency, and higher asset utilization. Consequently, this option does not provide the massive scalability of a public cloud.

Public Cloud

A public cloud describes the mainstream definition of cloud computing, in which resources are dynamically provisioned, self-service is available over the Internet via Web applications and Web services by a third-party provider.

Service Level Agreement (SLA)

A service level agreement is a contract between a customer and an IT service provider; it lists all the work tasks outsourced to the provider and the output the provider is expected to deliver.


© UMUC 2011 of 29

Term Definition

Software as a Service (SaaS)

Software as a service allows users to access software applications in the cloud through a Web browser, where the cloud vendor manages, owns, changes, and controls the physical hardware.

SVN SVN is a networked, real-time control system for application development.

Virtual Machine A virtual machine is a program that uses a software tool to run many operating systems and applications in an independent virtual environment while sitting on the host computer.

Virtual Machine Monitor (VMM)

A virtual machine monitor (VMM) is software that acts like an operating system, managing multiple, identical, but isolated computer environments from a single computer.

Virtualization Virtualization is the process of creating a nonphysical, digital infrastructure that is managed by a virtual machine. A virtualized environment can be thought of as a separate partition residing on a hard drive; the partition is centrally managed by the virtual machine.

contents...umuc preventive and protective strategies in cybersecurity csec-630 © umuc 2011 page 1...

Documents