Shulou(Shulou.com)05/31 Report--

What are the five loopholes in cloud computing? I believe many inexperienced people don't know what to do about it. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Cloud computing service is a "leased" IT service delivery model, which allows IT services to be paid for like "tap water" or "electricity". It is not only suitable for the elastic change of business flow, but also saves the cost of building and maintaining infrastructure such as computer rooms. it is an ideal choice for government public services, business management of small and medium-sized enterprises, or outsourcing business of large enterprises.

According to the definition of NIST (American Institute of Information Technology), cloud computing services are divided into three delivery models:

Angular SaaS: provide consumers with the ability to use carrier applications

·PaaS: provide consumers with the ability to deploy applications on cloud computing infrastructure

·IaaS: provides consumers with the ability to process, store, network, and other basic computing resources.

No matter what kind of service model, whether it is public cloud or private cloud, the background resources are virtualized, and the unified access mode for users from the foreground is the same.

The structure of cloud computing is as follows: users access the access portal of cloud computing through intelligent terminals, and enter the "cloud" system through the guidance of user traffic; SaaS services use application software provided by service providers (such as Google search, Facebook social networks, etc.), PaaS services use users' own business processing software, and IaaS services provide "naked" virtual machines (such as IDC leasing business, etc.) The supporting platform of the service is the cloud computing service management platform of the service provider, which mainly includes user identity management, business configuration, billing management, etc., the core of the business support is the resource virtualization management platform, which is responsible for the specific processing and implementation of user business; the bottom layer is the "realistic" data center, which actually manages "physical" devices.

Cloud computing provides services for multiple users, involving user privacy data, as well as sensitive data within the business, so it is very likely to be concerned by commercial hackers. Whether cloud computing can resist round after round of attacks from all over the world is an arduous task for cloud computing service providers. The core of cloud computing is centralized management, which saves costs, but also results in the concentration of value; if it is valuable, it will naturally attract more "followers".

Cloud computing is different from the traditional network structure, where hackers attack, where service providers defend, and where is the security battlefield of cloud computing services? From the model analysis of cloud computing, it is not difficult to see the "five battlefields" of security in the future:

1. User access Portal: cloud computing services are provided through the network. Users log in to cloud services using fixed or mobile intelligent terminals. Access portal is the web address of cloud computing services, which is the only way for external visitors. This is the "gate" of cloud computing, where users come in and attackers come in. The most vulnerable attacks here are as follows:

Password attack: guessing a user's password, impersonating a user to log in, and obtaining user resources. Cloud computing generally does not activate remote platform management functions, but for PaaS/IaaS, it is common for users to remotely manage their own platforms, and it is more tempting to attack managers' passwords.

Forged "documents": multi-factor authentication, in addition to passwords, there are also digital certificates or fingerprints, iris, etc., to impersonate users, you must "copy" these "documents". After collecting the relevant information of the user on the terminal, it is relatively easy to copy, such as bank card, ID card, etc.

Photophishing website: this is a traditional attack method, the target is the user's private information, the login interface of cloud computing is very similar to the website, it is easy to be attacked by "phishing"

Information eavesdropping: eavesdropping on users' communications, such as deciphering users' mailboxes, you can copy users' incoming and outgoing messages and monitor users' business transactions

Angular DDOS attack: this is aimed at cloud service providers and can be divided into portal bandwidth attacks and service capability attacks. The purpose is to cause interruption of cloud computing services and to blackmail service providers into compromising and paying protection fees.

2. Business application software (SaaS, PaaS service): the business software provided by both service providers and users contains a large number of loopholes, and it is difficult to exploit. Attackers can not only attack the application software to obtain user information, but also serve as a springboard to occupy the "host" in the next step. There are many ways to attack, mainly as follows:

Viruses and worms: using loopholes in application software to spread more and more viruses and worms, carrying Trojans is even more abominable, because Trojans can go home and aimlessly infiltrate into purposeful destruction of the organization.

Hanging horses: most cloud computing services are based on BS architecture. Hanging horses through Web is the main way to spread Trojans. Prominent are social services, shared storage services, users upload a lot of information and complex, easy to carry malicious code. Hanging a horse on the website has no impact on the service provider's own service, it's just a matter of face, and it's the users who are hurt.

Software attacks: attacks against Web applications, such as SQL injection, XSS, etc., to obtain user database permissions and steal user data. This is currently the most widely used attack method on the Internet.

Host attack: the next step is to obtain the host, which can be attacked directly through the loopholes of the operating system, which is more difficult (most servers have security reinforcement). It is relatively easy to use application software as a springboard. First obtain the permissions of the application, and then "lift the rights" through buffer overflows, occupy the service host or virtual machine, and install backdoors or control programs. Turn the host into a "broiler" controlled by the attacker.

3. Virtual machine (IaaS service): virtual machine is not only the basic "container" of cloud computing service, but also the rental unit of IaaS service. It can be used through simple business contact because of its flexible service capacity and low cost. For hackers, this in itself is a big "resource". In addition to making use of it, we can also break through it and attack the background management of service providers:

Virtual machine "overflow": cloud computing service providers provide secure services for multiple users because they can isolate users and avoid information sharing and access between users. Just as different customers in the hotel are arranged in different rooms, key cards and monitoring are used to prevent customers from "going to the wrong room". Attackers hope to break through this limit, that is, "overflow", after the overflow, they can not only access the "neighbor" data and systems, but also access the background management system to control the accounts of the entire "hotel".

This breakthrough technology depends on the security of the cloud computing service platform used by service providers. At present, there are not many commercial platforms, and some hackers have announced that they can achieve "overflow".

Resource abuse: for attackers, mastering the number of "broilers" is like the number of troops under their control, and cloud computing services can provide such cheap and legitimate "soldiers". There is no need to make great efforts to attack and hunt one by one; the main ways to be "exploited" are as follows:

N deciphering passwords: in the process of intrusion, password cracking is the most expensive computing power, except for national attacks, computing power is a valuable asset for attackers, renting cheap cloud computing, directly used to crack passwords is a good idea. For cloud computing service providers, it is difficult to distinguish whether users are "scientific computing" or decrypting the Ministry of Defense's high-precision passwords. Moreover, for the sake of the privacy of users'"business", it also prevents service providers from carrying out in-depth monitoring.

Just as banks never provide the same "quality" financial services, regardless of whether the user's transaction is rice or "white powder".

N "broiler": a virtual machine is a "broiler", which can be rented directly. During DDOS attacks, a large number of "broilers" are concentrated. The traffic and status of each "broiler" are not as abnormal as we thought. Cloud computing service providers are difficult to judge (if they cannot be judged, they cannot be stopped). And cloud computing services are cross-border, attackers can develop their own "broiler" management software to make "broiler" decentralized and uniform.

N "springboard": the reason why "botnet" is difficult to crack is that controllers often launch attacks through multi-layer "springboards" and remotely control the "broiler" of the foreground, and defenders block a large number of broiler chickens. nor can it stop the attacker from organizing the next "charge". Most of the cloud computing services are authenticated through the network, and many cross-regional and cross-border. The virtual machine is directly used as the "springboard", and the link between the attacker and the virtual machine is privately encrypted. Even if the service provider finds that the attacker's command is issued by his own virtual machine, it is difficult to locate the controller in the background. If you jump around through several virtual machines between cloud computing service providers, it will be more difficult to find the real attack controller.

4. Cloud computing management platform: cloud computing management platform is the core of cloud computing services (including business operation management and resource virtualization management). There are "failures" here, which are often fatal to services. What is protected here is not only from external attackers, but also from the "misoperation" of insiders:

Hacker intrusion: when you invade here, you will become the "master" of the entire cloud computing service. You can not only master all the user information and billing information of the service provider, but also freely monitor the business dynamics of any user. Of course, it is a piece of cake to set up a dedicated virtual machine for yourself at will.

Because cloud computing security is very important, professional company management is generally selected, remote management channels are closed, and multi-dimensional security is fortified. at present, most hackers choose to "overflow" through virtual machines or loopholes in the platform itself.

Insiders: tight protection will inevitably lead to attacks turning to "internal implementation". Therefore, what security managers should be wary of is the "mistakes" that occur, which are indeed the operational errors of the staff; quite a few of them may be "intentional", perhaps the attacker pretends to be an insider, or the insider is bribed by the attacker. In short, most of the cases of leakage of sensitive information of users show that the probability of "burglary" of insiders is very high. Of course, there are many cases of business interruption caused by internal management problems, such as the interruption of Amazon Web service in April 2011 due to system upgrade.

5. Data center: cloud computing services are virtual to users, but the final "work" has to be implemented on physical machines and devices. The data centers that support cloud computing services are real and clear. Therefore, for cloud computing service providers, physical security is equally important:

Equipment failures: equipment failures and natural disasters in the computer room have a great impact on user services. Even if user data are disaster-tolerant in different places, services with strong real-time requirements, such as video conferencing, telemedicine, etc., the sharp decline in processing capacity will inevitably affect the quality of these services.

Data disclosure: stealing physical media, or copying it artificially, seems primitive and simple, but it is a very practical method to obtain it.

This is the "five battlefields" of cloud computing service providers, and it is inevitable to compete. In terms of user terminals, it is also a safe and frequent place, where security is the weakest and the situation is the most complex. The spread of viruses, Trojans and worms flows directly into cloud computing servers with the "user business". The terminal that cannot be "purified" is also a major reason why it is difficult to guarantee the service to the service provider.

After reading the above, have you mastered what are the five loopholes in cloud computing? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.