1. Security issues of Network: Privacy problems arise during network
communications. Arrangements of protocols which is to be set accordingly to have
well-maintained security services. When the cloud services are used as an extension
of people’s present internal networks, then best solutions to network security can
be developed. Along with this, precautions and measures for protection are also
applied so that remote processes or resources may also extend to local strategies.
Firewalls are an important part of cloud security which doesn't allow anybody outside
to come and access the cloud private data. Firewalls allow filtering as any outsider
10
which is not allowed can’t penetrate, so it helps in prevention of many attacks.
As lots of efforts are arising for the new development in the areas of firewall and
other measures of security, it pinpoints the need for the solutions for the issues.
In order to achieve the necessary level of security, there can be configuration
management of systems and protocols along with technologies in such a manner that
working efficiency is not compromised.
2. Security issues related to Interface: For focusing on problems related to clouds, several measures have to be taken. For providing customers, required resources, applications and tools there is need to keep privacy. As there is a requirement of preventing virtualized systems and resources from unwanted access, many programming interfaces need to be protected. User interfaces which are provided services of cloud computing, that is resources and techniques, also points the requirement for security purposes. In order to provide access to cloud services, there can be many mechanisms. Numerous services working with techniques as resource sharing and multi-tenancy, depend on regular accounts, which face attacks as a result.
3. Data Security: Data which is most important belongings of any company or organisation because this is the main basis upon which the whole organisation carries out day to day activities. Data needs to be in safe hands otherwise, the loss can be unpredictable. It should be available, provide integrity and also private data be kept 11 confidential. These factors are useful not only for cloud services but many other services. Most commonly used measures by industries to protect information are cryptography. Cryptography is a factor which is necessary to organisations, regulations of states etc. It is much important to protect data loss. As information technology is trusted by business models for many processes and redundancy needs to be kept in check. Deletion is a term associated with the techniques of data disposal but these are not enough. The important need here is to delete hidden backup registries and many log references, in short, there must be a complete destruction of data.
4. Virtualization: Virtualization generally allows many virtual machines to run on a single machine. There are many problems related to the virtualization technologies.Because of sharing of same hardware and resources generally explore the information loss, although the virtual machines are isolated logically[43][44]. In virtualization, the main software component is hyper-visor and there are many loopholes in security but the solutions are still hard to find.
5. Governance: There are many problems which arise due to safety measures in relation to the administration and also due to security checks. Chances arise of losing the power over important files, their location and repetition of data at various locations as data are given to third party cloud server.
6. Compliance: Various requirements related to the availability of service and audit capabilities. The procedure required for the availability of service along with mechanisms for security need to be implemented. These are known as Service level 12 Agreements (SLA). Need arises for powerful recovery schemes as services have interconnections (e.g., IaaS provided a virtualized infrastructure using SaaS).
1.4.1 THREATS- [52, 53] 1. Data Control Clouds have control of data which is limited. Data is locked in and among different data servers data is spread to many servers. 2. Data Loss With the help of the internet, the data transaction is done and this increases chances of data loss. There is need to have strong encryption. 3. Data Exposure As data is exposed so who can access the data, there is no direct control. Between clients and provider, there should be legal agreements and provider need to be trusted. Attacks on data could be SQL injection, databases not patched, encryption losses. Recommendations could be efficient schemes for encryption, backup methods, Control who is managing which data and only authorised users to gain access, patchwork wherever required of data, key controlling. 4. Network The severe impact can be there. New infrastructure needs to be focused. 13
5. Physical Regular backups are required. To make storage and server rooms, physical organisation or structures are required. Attacks could be because of malware and some naturally occurring issues. Measures include regular backups and planning for recovery.
6. Interface Application Because of shared platform, there can be the loss. To have a control is difficult because of multi-tenancy. It possesses a problem for both client and cloud providers as there is also no certainty regarding authentication protocols. Attacks include efficient authentication and encryption schemes. Also, monitor access methods.
7. Authentication There must be a provision for strong authentication and access controls and several clients have to deal up with shared services. Attacks include phishing, humans attacks, virus code etc. Measures include have a control, encryption schemes, set up firewalls, well regulated authentication, checking up on logging details, setting up proper antivirus and scanning it.
8. Virtualization 14 Several clients of shared platform can get affected with it. Impacts can be on confidentiality, integrity and availability. Recommendations are to monitor and have the firewall.
1.4.2 STRIDE MODEL
STRIDE classifies threats into following types:
(a) Spoofing - “Spoof" is the term which means deceive. When computer users are being deceived it is known as spoofing. It is done by a person or program by hiding one’s identity or taking others identity of another user and having illegal benefit. Authentication steps are required to prevent it.
(b) Tampering – Tampering means illegal modification of data to harm the cloud customers. Measures taken are digital signatures
(c) Repudiation – A situation where a person is not able to challenge the authenticity in legal matters, maximum times where a challenge is made on signature done on legal statements. The suggestion is auditing.
(d) Information Disclosure- In order to maintain data privacy extra check must be regulated as when information is to be disclosed and to whom. Maximum times information is being disclosed in financial statements when required. In this encryption is required.
(e) Denial of Service (DoS)- Denial of Service is an attack whereby an attacker makes customer unavailable the required resources. Temporarily or for indefinitely the services are out of reach for people. It is a cyber-attack whereby 15 target system is overloaded previously with unnecessary requests and actual users requests remain unfulfilled. Provision is regularly monitoring.
(f) Elevation of privilege- Privilege means a permission given by law or authority. For the attacks which are related to privilege, authorisation is required.
2. Security issues related to Interface: For focusing on problems related to clouds, several measures have to be taken. For providing customers, required resources, applications and tools there is need to keep privacy. As there is a requirement of preventing virtualized systems and resources from unwanted access, many programming interfaces need to be protected. User interfaces which are provided services of cloud computing, that is resources and techniques, also points the requirement for security purposes. In order to provide access to cloud services, there can be many mechanisms. Numerous services working with techniques as resource sharing and multi-tenancy, depend on regular accounts, which face attacks as a result.
3. Data Security: Data which is most important belongings of any company or organisation because this is the main basis upon which the whole organisation carries out day to day activities. Data needs to be in safe hands otherwise, the loss can be unpredictable. It should be available, provide integrity and also private data be kept 11 confidential. These factors are useful not only for cloud services but many other services. Most commonly used measures by industries to protect information are cryptography. Cryptography is a factor which is necessary to organisations, regulations of states etc. It is much important to protect data loss. As information technology is trusted by business models for many processes and redundancy needs to be kept in check. Deletion is a term associated with the techniques of data disposal but these are not enough. The important need here is to delete hidden backup registries and many log references, in short, there must be a complete destruction of data.
4. Virtualization: Virtualization generally allows many virtual machines to run on a single machine. There are many problems related to the virtualization technologies.Because of sharing of same hardware and resources generally explore the information loss, although the virtual machines are isolated logically[43][44]. In virtualization, the main software component is hyper-visor and there are many loopholes in security but the solutions are still hard to find.
5. Governance: There are many problems which arise due to safety measures in relation to the administration and also due to security checks. Chances arise of losing the power over important files, their location and repetition of data at various locations as data are given to third party cloud server.
6. Compliance: Various requirements related to the availability of service and audit capabilities. The procedure required for the availability of service along with mechanisms for security need to be implemented. These are known as Service level 12 Agreements (SLA). Need arises for powerful recovery schemes as services have interconnections (e.g., IaaS provided a virtualized infrastructure using SaaS).
1.4.1 THREATS- [52, 53] 1. Data Control Clouds have control of data which is limited. Data is locked in and among different data servers data is spread to many servers. 2. Data Loss With the help of the internet, the data transaction is done and this increases chances of data loss. There is need to have strong encryption. 3. Data Exposure As data is exposed so who can access the data, there is no direct control. Between clients and provider, there should be legal agreements and provider need to be trusted. Attacks on data could be SQL injection, databases not patched, encryption losses. Recommendations could be efficient schemes for encryption, backup methods, Control who is managing which data and only authorised users to gain access, patchwork wherever required of data, key controlling. 4. Network The severe impact can be there. New infrastructure needs to be focused. 13
5. Physical Regular backups are required. To make storage and server rooms, physical organisation or structures are required. Attacks could be because of malware and some naturally occurring issues. Measures include regular backups and planning for recovery.
6. Interface Application Because of shared platform, there can be the loss. To have a control is difficult because of multi-tenancy. It possesses a problem for both client and cloud providers as there is also no certainty regarding authentication protocols. Attacks include efficient authentication and encryption schemes. Also, monitor access methods.
7. Authentication There must be a provision for strong authentication and access controls and several clients have to deal up with shared services. Attacks include phishing, humans attacks, virus code etc. Measures include have a control, encryption schemes, set up firewalls, well regulated authentication, checking up on logging details, setting up proper antivirus and scanning it.
8. Virtualization 14 Several clients of shared platform can get affected with it. Impacts can be on confidentiality, integrity and availability. Recommendations are to monitor and have the firewall.
1.4.2 STRIDE MODEL
STRIDE classifies threats into following types:
(a) Spoofing - “Spoof" is the term which means deceive. When computer users are being deceived it is known as spoofing. It is done by a person or program by hiding one’s identity or taking others identity of another user and having illegal benefit. Authentication steps are required to prevent it.
(b) Tampering – Tampering means illegal modification of data to harm the cloud customers. Measures taken are digital signatures
(c) Repudiation – A situation where a person is not able to challenge the authenticity in legal matters, maximum times where a challenge is made on signature done on legal statements. The suggestion is auditing.
(d) Information Disclosure- In order to maintain data privacy extra check must be regulated as when information is to be disclosed and to whom. Maximum times information is being disclosed in financial statements when required. In this encryption is required.
(e) Denial of Service (DoS)- Denial of Service is an attack whereby an attacker makes customer unavailable the required resources. Temporarily or for indefinitely the services are out of reach for people. It is a cyber-attack whereby 15 target system is overloaded previously with unnecessary requests and actual users requests remain unfulfilled. Provision is regularly monitoring.
(f) Elevation of privilege- Privilege means a permission given by law or authority. For the attacks which are related to privilege, authorisation is required.
No comments:
Post a Comment