Security Threats to Cloud–Based Systems
Threats to both cloud-based and on-site solutions should be evaluated with an additional focus directed towards security issues specific to cloud services. Cloud security threats can come from internal or external sources, and can originate as human or software based attacks. Threat agents are as follows; anonymous attackers, malicious service agents, trusted attackers, and malicious insiders. The following is a list of common security threats to cloud-based environments and methods that can be used to mitigate them.
- Traffic eavesdropping. This is a passive attack that can occur when data is being transmitted between cloud services and clients. This include actions such as packet sniffing which examines data in transmission packets, and Man-In-The-Middle (MITM) attacks where an attacker intercepts transmission packets, then can alter messages before forwarding them to their destination. A MITM attack commonly uses a technique called ARP spoofing. Example, trick user 1 computer into thinking that it is communicating with user 2 computer, and vice versa. To prevent these types of attacks communications between machines should take place over Virtual Private Networks (VPN) when possible. Another mitigation strategy is to ensure communications use Secure Socket Layer (SSL) protocols. Example, web traffic using HTTPS instead of HTTP.
- Denial of Service. Denial of Service (DoS), and Distributed Denial of Services (DDoS) occur when an attacker uses one or many different computers to send a bombardment of message traffic to a system to try and overwhelm it’s resources and take them out of use. Defending against DoS and DDoS attacks is difficult and common strategies to mitigate them usually apply only after the attack has started and caused problems. The best defense against these types of attacks are specialized network firewalls designed to track and recognize DoS attacks, and the use of a number of reverse proxy mechanisms. Reverse proxies determine if incoming traffic is legitimate and allows or drops the incoming packets accordingly.
- Insufficient Authorization. This attack occurs when access or unauthorized levels of access are granted to an attacker in error. This can occur from weak authentication vulnerabilities related to weak passwords or shared accounts. The best protection against this threat includes both logical and physical security controls. Logical controls include administrative policies such as password policies, use firewalls and keep them updated, and auditing of systems. Physical controls include keeping system equipment in locked spaces with controlled access.
- Virtualization Attacks. Since cloud service providers often grant customers administrative rights to virtualized resources, this means they might also be used to attack underlying IT resources. This attack is commonly known as hyperjacking and it is directed towards the virtualization hypervisor software layer where an attacker will try and get control over the hypervisor and gain access to the underlying hardware. Controls such as separate Virtual Local Area Network (VLAN) connections for each service, and the use of separate management networks are the most effective way to mitigate hyperjacking attacks. Example, keep web facing traffic separate from internal traffic, and keep management interfaces on networks separate from all other services.
- Overlapping Trust Boundaries. Since cloud services often share resources among many different customers great care must be taken in establishing boundaries between them. Attackers can target shared resources with the intention of compromising other customers, or the underlying infrastructure as a way to get access to other customers resources. This attack can also include guest-hopping. This is an attack where an attacker might have access to one Operating System (OS), and use that access to try and compromise a different OS within the same cloud system. Establishing secondary private VLANs for each entity provides traffic isolation and is the ideal method for mitigating this threat.
- Malicious Employees. Staff such as software developers often has extensive access to systems which can be misused by disgruntled or terminated employees. Moving services to the cloud reduces this risk with local employees, but cloud service staff still require a stringent screening. Malicious insider threats can be mitigated by using access controls, policies and enforcement, and layered security. Examples; Access controls should be put in place so employees and third-parties can only access specified information and systems. A policy that would explain that when employees and contractors fail to comply, they could face termination of their employment or contractual relationship and lawsuits depending on how the information was misused. Taken together these methods form layered security.
- SQL Injection. This type of attack is directed towards trying to compromise or gain control over database servers and databases. It commonly takes advantage of form type data being sent from a client such as a web browser to an application database server. The attacker alters “injects” their own SQL commands into the data being sent to the server in order to get control of the server, or force the server to divulge data within the database. Controls to mitigate SQL injection threats include; use parameterized queries, use stored procedures, include code that escapes all user supplied input, enforce the concept of least privilege on user access, and the use of white lists to validate user inputs.
- Compromised Interfaces and API’s. APIs and interfaces are commonly the most exposed part of a system because they’re usually accessible from the open Internet. The use of separate VLAN’s for API and management traffic is the most effective method of mitigating this threat.
- Data Loss. Cloud providers generally provide multiple layers of redundancy and extensive data replication. Although a rare occurrence, data loss due to provider error or system problems can still occur. Cloud providers recommend distributing data and applications across multiple zones as additional protection against this threat.
- Loosely defined service contracts. Sometimes organizations do not fully understanding cloud provider contracts and environments and encounter many commercial, financial, technical, legal, and compliance risks. The Cloud Security Alliance (CSA) states that organizations must perform extensive due diligence to understand the risks they assume when they subscribe to a cloud service as the primary mitigation strategy for this risk.
Conclusions
Cloud-based services are exposed to many of the same threats that on-site services are. To protect against these threats, the use of established and proven mitigation strategies should be applied. It is important to recognize though that cloud-based environments are subject to additional threats such as virtualization attacks that do require additional assessment and controls to mitigate the additional security risks. If the common and specific security risks are both properly mitigated, cloud-based services should be just as safe to use as on-site services.
References
Berry-Tayman, L. (2015, January 16). 3 Ways to Protect Your Company Against Malicious Insiders. Retrieved July 28, 2016, from http://idt911.com/education/blog/3-ways-to-protect-your-company-against-malicious-insiders.
Burns, S. (2015, August 05). Virtualization Security Tips: Preventing Hyper Jumping. Retrieved July 28, 2016, from http://www.tomsitpro.com/articles/virtual-security-tips-hyper-jumping,2-776.html.
CloudPatterns. (n.d.). Data Link and Network Layer Trust Boundary Isolation. Retrieved July 28, 2016, from http://cloudpatterns.org/candidate_patterns/data_link_and_network_layer_trust_boundary_isolation.
Hargrave, V. (2012, November 28). What Are Man-in-the-Middle Attacks and How Can I Protect Myself From Them? Retrieved July 28, 2016, from http://blog.trendmicro.com/what-are-man-in-the-middle-attacks-and-how-can-i-protect-myself-from-them/.
OWASP Prevent SQL Injection. (2016, May 25). SQL Injection Prevention Cheat Sheet. Retrieved July 28, 2016, from https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet.
Rashid, F. (2016, March 11). The dirty dozen: 12 cloud security threats. Retrieved July 27, 2016, from http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html.
Schultz, G. (2006, August 03). Top 10 ways to secure your stored data. Retrieved July 28, 2016, from http://www.computerworld.com/article/2546352/data-center/top-10-ways-to-secure-your-stored-data.html.
Weiss, A. (2012, July 02). How to Prevent DoS Attacks. Retrieved July 28, 2016, from http://www.esecurityplanet.com/network-security/how-to-prevent-dos-attacks.html.