www.Cloud-Security.us

Address: P.O.Box 291, Purchase, NY 10577
Telephone: 732-763-2814
Email: service@infosecpro.com
Cloud-Security.us

T O P   T H R E A T S :

Abuse of Cloud Computing

Insecure Interfaces and APIs
Malicious Insiders
Shared Technology Issues
Data Loss or Leakage
Account or Service Hijacking
Unknown Risk Profile

VULNERABILITIES:

Common Exploits

Server Specific
Network Specific
CISCO Specific

CITRIX Specific

T E S T I N G   S T E P S

Footprinting
Discovery
Enumeration
Password Craking

Account or Service Hijacking:

Account or service hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused, which amplifies the impact of such attacks.

Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks.

Examples

No public examples are available at this time.

Remediation

  • Prohibit the sharing of account credentials between users and services.
  • Leverage strong two-factor authentication techniques where possible.
  • Employ proactive monitoring to detect unauthorized activity.
  • Understand cloud provider security policies and SLAs.

References:

http://www.infoworld.com/d/cloud-computing/

http://vmetc.com/2009/03/12/

Cloud Computing Security

Book Cover


book with ISBN: 1461194067, is now available.
Please click here to order.


Our Services:

Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider (e.g., DDoS attacks). They need this in order to make sound business decisions and to maintain or obtain security certifications.

Our Cloud Security Assessments provide means for customers to:

1. assess the risk of adopting cloud services;
2. compare different cloud provider offerings;
3. obtain assurance from selected cloud providers;
4. reduce the assurance burden on cloud providers.
5. select and deploy the security monitoring tools needed and customizing the flow analysis features available on routers.

Our Cloud Security Assessment evaluation will cover all aspects of security requirements.

For a complete Cloud Security Assessment and Penetration Testing for an existing configuration please select:

Other members of our business group:
InfoSecPro.com | US-scada.com

COPYRIGHT (C) 2000 - 2011 InfoSecPro.com ALL RIGHTS RESERVED