In this tutorial you are going to learn about Threats and Vulnerability in Cloud Computing. We will explore the various risks associated with cloud environments, including data breaches and insider threats.
Introduction
Cloud computing helps the user by providing the storage of their important files and data. However, there are some security concerns, threats and our data are vulnerable to the attackers unauthorizedly.
The security concerns are:
- Third party handling data – no 100% guarantee about the data security, accessing data and managing security.
- Cyber-attacks – Challenging issues
- Insider Threats – Privacy of data
- Government intrusion – Supervision of the data
- Legal liability – Court case filed against or by you
- Lack of support – There is a lot of competition in the market and very little support.
- Lack of standardization – Different cloud suppliers may not follow some standards.
Threats of Cloud Computing
- Denial of service (DOS)- It tries to bring the server down
- Man in the middle (MIM) – It is kind of a mediator between the cloud storage and the users
- Network sniffing (NS) – It monitors all the traffic in networking client and the cloud
- Port scanning (PS)– Hackers try to steal the ports used.
- SQL Injection Attack (SIA)– It tries user credentials from the database
- Cross site scripting attack (XSS) – Embedding harmful links and scripts.
Logon Abuse
Logon Abuse is one of the threats of cloud computing. This threat refers to attackers leveraging the resources of cloud computing to target, enterprises and other cloud providers
Examples like launching DDoS attacks, email spams, getting access to the credential databases and more.
Remediation:
- Organizations must use strong IDS/IPS
- Organizations must use firewall that can inspect incoming and outgoing traffic
- The integration of cloud services must not be left up to individuals, group for implementation
- An organization must choose their storage vendor wisely: the process must be corporate IT or security learn only
Eavesdropping Attack
An eavesdropping attack which is also called a sniffing or snooping attack which is like a robbery of information as it is sent over a network by a personal computer, cell phone or other associated devices.
In this kind of attacks, a malicious attacker tries to find weak connections between the clients and servers: which are not encrypted, unpatched or the UN up-to-date or sometimes malware installed via various engineering techniques.
An eavesdropping problem is totally different to detect by the users because everything on network transmissions will be operating normally as usual. Any data transmuting devices connected with the same networks, can be affected and victims of the attack.
Denial of Services Attack
Denial of services attack is a malicious attempt to make a server or a network resource unavailable to the users. DOS attacks means that one computer and one internet connection is being used to flood a website or a server with the packets. It intends to overload the server.
Denial of services attack types:
- Bandwidth based DOS
- Max connection-based DOS
- Vulnerability based DOS
Hijacking Attack
Hijacking is a type of network security attack. The attackers take control of the communication. It is just as an airplane hijacker takes control of a plane. Hijacking attacks are also known as “Man in the middle attack”. The attacker takes the control of an established connection while it is in progress. The attackers may intercept the messages in a public-key exchange and then retransmits those messages by substituting or changing their own public-key for the requested one. So, the entire communication between the two is taken care of by the Hijackers through the public-keys.
This article on Threats and Vulnerability in Cloud Computing is contributed by Hemalatha P. If you enjoy TheCode11 and wish to contribute, we invite you to share your knowledge by writing for us. You can send your articles to us at thecode11info@gmail.com.