cloud computing and virtualisation
DESCRIPTION
The presentation starts with a blank slate for those who have no idea of what cloud and virtualization world is to gradually building up till handling security issues.If any one wants the soft copy,please ask for it at [email protected]TRANSCRIPT
Security in Cloud Computing & Virtualization
LRP BASED ON
Speeches & Workshops attended
Computer Society of India
Institution of Engineers
White Papers & Friends
Institute of Electronics &
Telecommunications
Engineers
If you can't explain it simply……
….you have not UNDERSTOOD it well enough
Basic Introduction
Types & Applications
SECURITY
Conclude
20 – 25 Min drive
CLOUD COMPUTING
• Offers Computing as a Service
• Provisions service in a timely on demand manner
VIRTUALISATION
• Provisions running multiple OS on a single Physical System and share underlying hardware resources
Traditional Server
speed
performa
nce
Security in Virtualisation & Cloud Computing
slow
efficiency
Purana
zamana?
APPLN
OS STORAGE
HW PLATFORM
APPLN
OS STORAGE
HW PLATFORM
APPLN
OS STORAGE
HW PLATFORM
APPLN
OS STORAGE
HW PLATFORM
EMAIL WINDOWSEXCHANGE
WEB SERVERWINDOWS IIS
APP SERVERLINUX
GLASSFISH
DB SERVERLINUXMYSQL
APPLN
OS STORAGE
HW PLATFORM
APPLN
OS STORAGE
HW PLATFORM
APPLN
OS STORAGE
HW PLATFORM
APPLN
OS STORAGE
HW PLATFORM
EMAIL WINDOWSEXCHANGE
WEB SERVERWINDOWS IIS
APP SERVERLINUX
GLASSFISH
DB SERVERLINUXMYSQL
SYSTEM ADMINISTRATORS
• Servers taken as a whole unit that incl Hardware, the OS,the Storage and the Applications
SERVERS
• Often referred to by their functions ie the Exchange server, the SQL Server or the File Server etc.
OVERTAXED?
• If any of the servers is overtaxed,then the System Administrator must add in a new server.
MULTIPLE SERVERS
• Unless there are multiple servers,if a service experiences a HW failure, then the service is down.
CLUSTERING ?
• Clustering can be implemented to make them more fault tolerant. However, even clusters have limits on their scalability and not all applications work in a clustered environment.
-Easy to Conceptualize
- Fairly easy to deploy
-Easy to backup
-Virtually any appln /
service can be run from
this type of setup
-Under utilized HW
-Vulnerable to HW
outrages
-Not Very scalable
-Difficult to replicate
-Redundancy issues
-Expensive
Virtual servers seek to encapsulate theserver software away from hardware
Servers end up as mere files stored on aphysical box
Can be serviced by one/more hosts & onehost may house one/more virtual servers
If built correctly,not affected by the loss ofhost
Host may be removed and introduced atwill to accommodate maint
-Resource Pooling
- Highly reduntant
-High Avail
-Rapid and easy dply
-Reconfigurable
-Optimisation
-Harder to conceptualise
-Slightly costly
Offerings from many companies
Hardware Support
Fits well with the move to 64 bit
Virtualization is now a well establishedtechnology
Platform Virtualization
Desktop Virtualization
Network Virtualization
Storage Virtualization
Resource Virtualization
No need to own the Hardware
Rent as needed
Option of Public Cloud
Can go for a Private Cloud
Types of Cloud Models
Private
Public
Security in Virtualisation & Cloud Computing
Hybrid
Based on the standard cloud computing model
Service provider makes resources, such as applications andstorage, available over the Internet
Services may be free or offered on a pay-per-usage model
Limited service providers like Microsoft, Google etc own allInfrastructure at their Data Center and the access allowedthrough Internet mode only
Cloud infrastructure operated solely for a single organization
Users "still have to buy, build, and manage them"
Designed to offer the same features and benefits of cloudsystems
Removes a number of objections to the cloud computingmodel including control over enterprise and customer data,worries about security
• Setup with a Credit Card
Various Providers let u create VirtualServers
• Choose the OS
• Choose the Software
• Instant start/Instant Close
U can create a Virtual Server
U Get the Bill
• Many systems have variabledemands
• Web sites at peak Hours
Cost Control
• No need to buy HW
Reduce Risk
• Business Expansion
• Business change
Scalability@Business Agility
• Scaling Back =Scaling Up
Elasticity
Stick to Business
Y should TOI worry about IT
Avoid getting into NW Problems &issues
Deployment Models
IaaS
SaaS
Security in Virtualisation & Cloud Computing
PaaS
CaaS
MaaS
Communication as a Service
Infrastructure as a Service
Monitoring as a Service
Platform as a Service
Software as a Service
Crime Ware as a Service
IT as a Service
Many cloud deployments are build onvirtualised platforms
However it is not a requirement
Some SaaS dply are not virtualised
Virtualization is not a requirement of cloud computing, its ability toefficiently share resources makes it an excellent foundation.
Hypervisor, also called Virtual MachineManager (VMM)
One of many hardwarevirtualization techniques allowingMultiple Operating Systems
Conceptually one level higher than aSupervisory program
Manages the execution of the guestoperating systems
Used to describe the interface provided bythe specific cloud computing functionalityinfrastructure as a service (IaaS)
100% SECURITY IS A MYTH COL S K KAPOOR
…..Off course our answer sheets also came out to be myth
Crime as a Service (CaaS) is just like Software as a Service (SaaS)
……………but instead of offering legal and helpful services though the Internet,criminal syndicates are offering illegal and detrimental services
…such as infecting large quantities of computers, sending spam and even launching
direct denial of service (DDoS) attacks
Infrastructure As (Crime) Service or Iaa(C)S, in which the criminals offer malicious services (or infrastructures) to attack specified targets, services may include complex “traditional”
infrastructures such as botnets
….but also “innovative” large scale fashioned services such as DDoS or also sharper services such as password cracking. Try to surf the web and you will discover how easy it is to purchase such a criminal kind of services.
Security in the Cloud – Dealing with AAS HOLES
Software As a (Crime) Service or Saa(C)S, in which the criminals offer malicious software (and the needed support) as a service.
An example? The latest Zeus Variant dubbed Citadel provides the purchaser with help desk and even a dedicated Social Network
Loose Control Over Assets
Trust ur data to Cloud Service Provider?
Loose control over Physical Security
In a Public Cloud u share with others!!!!
No knowledge of what runs where?
Sticky Services!!!!@incompatibility
Control over Encryption/Decryption Keys
No Stds yet!!!@OCC is there working
Internally developed Code in cloud?
Loose control over Physical Security
Msn critical applications in public cloud?
Audit Logs accessible to service provider
PCI DSS
Constant up gradation!!!
Payment Card Industry Data Security Standard
Data Residency in SaaS
Banking data to reside within country!!
Citizen data not on shared servers
Easier for attackers!!!
Double edged- Cloud & Virtualization
Patch Maintenance
Bharosa & Trust
Privileged User Access
• Inquire about who has spl access to data
• Who are the administrators and how r they hired?
Regulatory Compliance
• Is vendor willing to undergo external audits
• Security classification?
Data Location
• Does the provider allow any control over loc of data
Data Segregation
• Encryption policy, schemes and design
Recovery
• What happens in case of disaster
• Restoration Policies and Business Continuity Plans
Investigative Support
• Vendor’s ability to investigate any inappropriate or illegal activity ?
Long term Viability
• What happens if company goes out of Business?
• Risk Management
Security Monitoring and IR
• Notification of Sec Vulnerabilities
• IR Teams?
Data in Transit
Data at Rest
Data in Processing
Data Lineage@mapping
Data Remanence
Few Cases.....u should know
AWS
Docs
Security in Virtualisation & Cloud Computing
Cevin
Internet Assigned Numbers Authority & RIR
Stealing keys to access and manage hosts
Attacking unpatched,vulnerable services
Hijacking accounts with weak pwds
Weak Firewalls
Deploying Trojans
Langot’s@Microsoft, Windriver
CSI
IETE
Institution of Engineers,Kolkatta