In this tutorial you are going to learn about Cloud Services Provider Risks in Cloud Computing.
Risks in cloud computing include data loss, security, incompatibility, added latency and incompatibility of the existing architecture. There are different types of risks while using cloud service.
Backdoor
A backdoor means for an attacker to easily get into a Windows workstation. Often, the initial attack on a workstation is difficult and potentially detected by a firewall or IDS devices. These are often stealthy and difficult to detect.
Backdoor is a type of malware. It is used for advanced and targeted attacks. It allows an attacker to access the victim machine remotely. Backdoor can also be used to get unauthorized access to web applications.
Attacking the target with a backdoor
- Same as Trojan
- Less likely to trigger alarms
Spoofing Attack
Spoofing is the act of disguising a communication from an unknown person. Spoofing can apply to emails, phone calls, websites etc.
- It acts like some other person that you are not. Like fake web servers, fake DNS servers, etc.
- Email address spoofing.
- Caller ID spoofing - The incoming call information is completely fake.
- All Ethernet devices have a MAC address which is a unique burned-in address. Most drives allow you to change this address.
- Change the MAC address can be legitimate
- The Internet provider expects a certain MAC address.
- Certain applications require a particular MAC address.
- It might not be legitimate
- Circumvent MAC-based ACL’s.
- Fake-out a wireless address filter.
IP Address Spoofing
- Take someone else’s IP address.
- Can be legitimate
- Load balancing
- Load testing
- May not be legitimate
- ARP (Address resolution protocol) poisoning.
- DNS (Domain name specific) amplification.
Replay Attack
A replay attack occurs when an unauthorized user captures network traffic and then sends the communication to its original destination, acting as the original sender.
To prevent replay attacks from succeeding, you can implement timestamps and sequence numbers. If the timestamps are beyond a certain time then the packet is discarded.
- Useful information is transmitted over the network - A crafty hacker will take advantage of this information.
- Need access to the raw network data.
Social Engineering Attack
A social engineering attack is when an attacker uses his social skills human interaction (social skills) to obtain the information about the company, institution, organisation or its computer systems.
An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or a researcher and even offering credentials to support that identity.
However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization network. An attacker may contact another source within the organization, if he is not able to obtain the information and depends on the information from the initial/first source to add to its credibility.
Trojan Horse
Trojan Horse is the malware that hides itself within another program like games or documents and harms the system. It needs a host program to attack itself and spreads through emails and exchange of data through hard drives or pen drives.
In computing, Trojan Horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious changes to computer settings and unusual activity, even when the computer should be idle.
This article on Cloud Services Provider Risks in Cloud Computing is contributed by Hemalatha P. If you like TheCode11 and would like to contribute, you can also write your article to us. Here is our mail id - thecode11info@gmail.com