Abuse of Cloud Computing:
IaaS providers offer their customers the illusion of unlimited compute, network, and storage capacity — often coupled with a ‘frictionless’ registration process where anyone with a valid credit card can register and immediately begin using cloud services. Some providers even offer free limited trial periods. By abusing the relative anonymity behind these registration and usage models, spammers, malicious code authors, and other criminals have been able to conduct their activities with relative impunity. PaaS providers have traditionally suffered most from this kind of attacks; however, recent evidence shows that hackers have begun to target IaaS vendors as well. Future areas of concern include password and key cracking, DDOS, launching dynamic attack points, hosting malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving farms.
IaaS offerings have hosted the Zeus botnet, InfoStealer trojan horses, and downloads for Microsoft Office and Adobe PDF exploits.
Additionally, botnets have used IaaS servers for command and control functions. Spam continues to be a problem — as a defensive measure, entire blocks of IaaS network addresses have been publicly blacklist.
- Stricter initial registration and validation processes.
- Enhanced credit card fraud monitoring and coordination.
- Comprehensive introspection of customer network traffic.
- Monitoring public blacklists for one’s own network blocks.
Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider (e.g., DDoS attacks). They need this in order to make sound business decisions and to maintain or obtain security certifications.
Our Cloud Security Assessments provide means for customers to:
1. assess the risk of adopting cloud services;
2. compare different cloud provider offerings;
3. obtain assurance from selected cloud providers;
4. reduce the assurance burden on cloud providers.
5. select and deploy the security monitoring tools needed and customizing the flow analysis features available on routers.
Our Cloud Security Assessment evaluation will cover all aspects of security requirements.
For a complete Cloud Security Assessment and Penetration Testing for an existing configuration please select: