Internet-Based Security Risks and Attacks - Coursework Example

Internet-Based Security Risks and Attacks Name: University: Date: Table of Contents Internet-Based Security Risks and Attacks 1 Table of Contents 2 Internet-Based Security Risks and Attacks 3 Abstract 3 1.0 Introduction 4 2.0 Definition 5 Cloud computing has been defined as the delivery of on-demand computing resources over the Internet (Chang, 2015). Therefore, Cloud computing is a broad for everything involved in hosted services delivery over the Internet. 5 2.1 Technologies That Led To the Development of Cloud Computing 5 The serious computing images during the 1950s and 1960s according to Smith (2014) are essentially the revelation of the structure of cloud computing. That is to say, companies in the 1950s were utilizing lots of machines so as to offer more power than that offered by a single unit, in so doing, enabling more users to have access to the same assets. The Source as well as CompuServe Information Services both went online in 1979, proving that internet services could be hosted by commercial service providers. But it was until 1993 when the internet was made far more graphical by the Mosaic browser, which was easier to use. Afterwards, Netscape was launched and in 1995, both eBay as well as Amazon surfaced. In 2000, the first bubble burst and companies were forced to rethink their business models. While searching for novel means of monetizing the Internet, scores of companies realised that realize that they could deliver functioning resources and solutions through the provision of a service model. This trend was initiated over a simple website by Salesforce.com, whereby the company pioneered the enterprise-class applications delivering the concept. Subsequently, Amazon joined the trend in 2002 with Amazon Web Services that offered users the capability to access computation solutions, storage, as well as other applications over the internet. This was further improved by the introduction of Elastic Compute Cloud (EC2) in 2006, and this new technology allowed developers to rent space to run and store their own applications. By 2009, other companies such as Google and Microsoft were onboard; thus, facilitating easier delivery of service and applications to consumers. 5 2.2 Advantages and Disadvantages of Cloud Computing 6 3.0 Security Risks in Cloud Computing 7 4.0 Security Attacks Related To Cloud Computing 9 5.0 Conclusion 10 6.0 References 11 Internet-Based Security Risks and Attacks Abstract Cloud Computing is a cost-effective, a flexible, as well as a recognised delivery platform that offers consumer or business IT services through the Internet. However, Cloud Computing is plagued with security issues, mainly because crucial services are regularly outsourced to a third party making it difficult to maintain data privacy and security, demonstrate compliance, as well as support service and data availability. In essence, scores of technologies are leveraged by cloud computing; it as well inherits their security problems. This report describes the possible security risks in Cloud computing as related to the CIA (Confidentiality, Integrity, and Availability) triad. Besides that, the report investigates three actual security attacks related to Cloud computing that have occurred. 1.0 Introduction Cloud Computing significance is growing and has received more attention in the industrial as well as scientific communities. Cloud Computing is considered a distribution architecture and computational paradigm in its key objective of providing quick, secure, useful net computing service and data storage, with every computing resource viewed as service and using the Internet to deliver them. Cloud Computing as observed by Hashizume et al. (2013), integrates numerous computing technologies and concepts like virtualization, Web 2.0, Service Oriented Architecture (SOA) in addition to other technologies. Importantly, Cloud Computing relies on the Internet to offer common applications of the business online by means of web browsers in order to satisfy the users’ computing needs. However, risks attributed to confidentiality, integrity, and availability as it will be evidenced in the report hinders cloud computing from achieving its full potential. 2.0 Definition Cloud computing has been defined as the delivery of on-demand computing resources over the Internet (Chang, 2015). Therefore, Cloud computing is a broad for everything involved in hosted services delivery over the Internet. 2.1 Technologies That Led To the Development of Cloud Computing The serious computing images during the 1950s and 1960s according to Smith (2014) are essentially the revelation of the structure of cloud computing. That is to say, companies in the 1950s were utilizing lots of machines so as to offer more power than that offered by a single unit, in so doing, enabling more users to have access to the same assets. The Source as well as CompuServe Information Services both went online in 1979, proving that internet services could be hosted by commercial service providers. But it was until 1993 when the internet was made far more graphical by the Mosaic browser, which was easier to use. Afterwards, Netscape was launched and in 1995, both eBay as well as Amazon surfaced. In 2000, the first bubble burst and companies were forced to rethink their business models. While searching for novel means of monetizing the Internet, scores of companies realised that realize that they could deliver functioning resources and solutions through the provision of a service model. This trend was initiated over a simple website by Salesforce.com, whereby the company pioneered the enterprise-class applications delivering the concept. Subsequently, Amazon joined the trend in 2002 with Amazon Web Services that offered users the capability to access computation solutions, storage, as well as other applications over the internet. This was further improved by the introduction of Elastic Compute Cloud (EC2) in 2006, and this new technology allowed developers to rent space to run and store their own applications. By 2009, other companies such as Google and Microsoft were onboard; thus, facilitating easier delivery of service and applications to consumers. 2.2 Advantages and Disadvantages of Cloud Computing Cloud computing has numerous advantages: Easy Implementation; this technology enables the business to retain their business processes as well as applications devoid of experiencing the backend technicalities. Clouding Computing is easily accessible, and the user can access their data anytime, anywhere. Besides that, the infrastructure of cloud computing increases enterprise efficiency as well as productivity by making sure the user’s application are accessible at all time. With cloud computing, the costs of overhead technology are always low; thus, allowing businesses to utilize the extra resources and time to improve the infrastructure of the company. Besides that, Cloud computing provides flexibility for growth, thus enables the company to subtract or add resources according to their needs. The technology also provides efficient recovery; as mentioned by Moumtzoglou (2014) cloud computing delivers more accurate and faster retrievals of data and applications. The technology also has a number of disadvantages; for instance, when the company moves services to the cloud it is no longer in control of their information as well as data. Furthermore, Cloud Computing does not provide all the features given that a number of cloud providers provide limited versions and only the features that are most popular are enabled. For this reason, the user cannot receive all features or the customization they need. Besides that, cloud servers do not have a redundant and is not backed up; therefore, there is no redundancy forcing the user to purchase a redundancy plan at an extra cost. Another disadvantage is the bandwidth issues considering that for ideal performance the company must plan accordingly. The leading drawback of Cloud computing is security risks and are discussed in details below. 3.0 Security Risks in Cloud Computing In Cloud computing, Goel and Goel (2012) posit that confidentiality indicates that the computation tasks and data of the customers should be kept confidential from other customers as well as the service provider. Currently, confidentiality is the greatest security concern in cloud computing, and this has been attributed mainly to customer’s data outsourcing as well as cloud servers’ computation tasks, which are managed and controlled by cloud providers who are possibly untrustworthy. As observed by Sevak (2012), there are numerous threats to cloud Confidentiality such as Cross-VM attack through the Side Channels, password attacks, keylogger, Social Engineering and Malicious SysAdmin. Cross- VM attacks exist mainly on the Amazon EC2 platform. As mentioned by Sevak (2012), Cross-VM attack takes advantage of the multi-tenancy nature that allows VMs owned by other customers to co-reside in a similar physical machine. Timing side- channels as observed by Goel and Goel (2012), are an insidious threat to the security of cloud computing because of two reasons. The first reason is that the timing channels persistently subsist and cannot be controlled because of the massive parallelism nature as well as the shared infrastructure. Another reason is that the malicious customers can steal information devoid of raising alarms r leaving a trail. Malicious SysAdmin is another threat to confidentiality in cloud computing; the privileged cloud provider’s sysadmin may carry out attacks by accessing the customer’s VMs’ memory (Goel & Goel, 2012). Akin to confidentiality, the integrity notion in cloud computing security risks arises from computation integrity as well as data integrity. In this case, computation integrity indicates that programs are carried out devoid of being distorted by malicious users such as cloud providers and that all inappropriate computing are detectable. On the other hand, data integrity indicates that data must be stored honestly on cloud servers, and any form of infringement will be detected. The Cloud Integrity has a number of threats such as data loss, data alteration, and Session hijacking attacks. According to Goel and Goel (2012), storage is delivered as a service by the applications in the cloud storage. Large amounts of data are kept on the servers, and can be rarely accessed. Besides, the cloud servers cannot be trusted based on both reliability and security, and this signifies that data can be modified or lost accidentally or maliciously. Moreover, errors by the administration may result in data loss, especially during the data migration, backup and restore, and when changing P2P systems memberships. Session hijacking is another threat to cloud computing integrity, wherein the computer session is hacked to gain access to services or information illegally. Cloud Availability is very important since cloud computing core function is offering different levels’ on-demand service. So, when a particular service is no more accessible, or the service quality fails to meet the Service Level Agreement (SLA), Alani (2014) posits that customers can distrust the cloud system. Threats to the availability of cloud computing include flooding Attacks through Bandwidth Starvation resulting in the Deny of Service (DoS); thus, making the service stop working properly. Another form of cloud availability threat is the FRC (Fraudulent Resource Consumption) attack such as the Economic Denial of Sustainability (EDoS) attack that can be carried out for weeks so as to be effective. The FRC attack objective in cloud computing is to deny the victim, mainly the cloud customers from their durable economic availability of contents hosted in the web, and which can be accessed publicly. 4.0 Security Attacks Related To Cloud Computing In terms of confidentiality attacks, UGNazi, a hacker group in July 2012, took advantage of a major error in the password recovery process of Google’s Gmail as well as the voicemail system of AT&T that enable the group to access the personal Gmail account of the CloudFare CEO. Moreover, the AT&T’S system was deceived by the hackers into redirecting the cell phone of the victim to a fake voicemail box. Afterwards, an account recovery feature was initiated by the hackers for the personal Gmail address of the victim and then recorded a voicemail message on the voicemail box that was compromised to imitate someone receiving a call. In the process, through the fraudulent voicemail, the hackers tricked the Google’s system so as to be able to reset the victim’s password. Dropbox admitted that the attacker utilized stolen passwords and usernames from third-party sites to gain access to the users’ Dropbox accounts (Barron, Yu, & Zhan, 2013). This form of attack can be stopped through the implementation of two-factor authentication in the security controls of the company. In this case, the users should enter three properties so as to prove their identity: PIN or password; ATM card; and biometric characteristic like a fingerprint. In terms of integrity, Brazilian cybercriminals in June 2011 launched attacks as phishing/spam campaigns, whereby spoofed emails attached with links were sent to users resulting in major challenges in the Amazon Web Services. Numerous malicious files were installed by the attackers on the victims’ computer systems, whereby one component doubled up as a rootkit (a form of malicious software which is activated every time the system is switched on) with the intention of disabling anti-malware applications that have been installed in the machine (Barron, Yu, & Zhan, 2013). Other components used in the attack were for retrieving the login information from two international banks, nine Brazilian banks as well as steal eTokens’ digital certificates as well as gather unique data concerning the computer itself, which is utilized by a number of banks for authentication purposes. This form of attack can be solved by using FAT (File Allocation Table) system architecture that identifies the application or code to be run by the customer. On the other hand, the service provider would need an unbreakable and secure hypervisor for scheduling every instance. Attack associated with cloud computing availability is the most recent, in F DDoS attack on CloudFlare in February 2014, which is arguably the largest DDoS attack having a rate of 400 GBps. The attack mainly targeted CloudFlare, which is a public cloud service provider; in consequence, negatively impacting the overall Internet in the affected areas. Slowness was experienced by most Internet users in affected areas such as the U.S. and Europe. According to Gallagher (2014), the DDoS attack utilised the reflection of Network Time Protocol (NTP), which is a similar technique utilised recently by DERP Trolling hacker group on the gaming sites (Gallagher, 2014). There are numerous popular responses to DDoS attacks like such as router filtering as well as blackholing, but these techniques are not optimized to manage the progressively complicated DDoS attacks experienced these days. IDSs provide a number of excellent attack-detection abilities while Firewalls provide a rudimentary protection level. 5.0 Conclusion In conclusion, it has been argued that cloud computing improves agility, collaboration, availability, scalability, fast-track development work, and offers cost reduction potential by means of efficient and optimized computing. Even though cloud computing offers an easy data access and storage, there are numerous issues associated with managing and storing data, which is not managed by the owner of the data. This report has discussed various security risks and attacks on cloud computing, which include confidentiality, integrity, and availability. 6.0 References Alani, M. M. (2014). Securing the Cloud: Threats, Attacks and Mitigation Techniques. Journal of Advanced Computer Science and Technology,, 3(2), 202-213. Barron, C., Yu, H., & Zhan, J. (2013). Cloud Computing Security Case Studies and Research. Proceedings of the World Congress on Engineering, II, pp. 1-5. London. Chang, V. (2015). Delivery and Adoption of Cloud Computing Services in Contemporary Organizations. Hershey, PA: IGI Global. Gallagher, S. (2014, February 11). Biggest DDoS ever aimed at Cloudflare’s content delivery network. Retrieved from Ars Technica: http://arstechnica.com/security/2014/02/biggest-ddos-ever-aimed-at-cloudflares-content-delivery-network/ Goel, A., & Goel, S. (2012). Security Issues in Cloud Computing. International Journal of Application or Innovation in Engineering & Management (IJAIEM), 1(4), 121-124. Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Ferna, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(5), 1-13. Moumtzoglou, A. (2014). Cloud Computing Applications for Quality Health Care Delivery. Delhi: IGI Global. Sevak, B. (2012). Security against Side Channel Attack in Cloud Computing. International Journal of Engineering and Advanced Technology (IJEAT), 2(2), 183-186. Smith, M. (2014, June 4). The History and Development of Cloud Computing. Retrieved from AeroFS: https://www.aerofs.com/blog/the-history-and-development-of-cloud-computing/ Read More