1 / 210

CLOUD 9 : UNCOVERING SECURITY & FORENSICS DISCOVERY IN CLOUD

CLOUD 9 : UNCOVERING SECURITY & FORENSICS DISCOVERY IN CLOUD. by Manu Zacharia MVP (Enterprise Security), C | EH, ISLA-2010 (ISC)², C | HFI , CCNA, MCP Certified ISO 27001:2005 Lead Auditor HackIT – Technology & Advisory Services. “ Aut viam inveniam aut faciam ” Hannibal Barca.

anatola
Download Presentation

CLOUD 9 : UNCOVERING SECURITY & FORENSICS DISCOVERY IN CLOUD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CLOUD 9: • UNCOVERING SECURITY & FORENSICS DISCOVERY IN CLOUD byManu Zacharia • MVP (Enterprise Security), C|EH, • ISLA-2010 (ISC)², C|HFI, CCNA, MCP Certified ISO 27001:2005 Lead Auditor HackIT – Technology & Advisory Services “Aut viam inveniam aut faciam ” Hannibal Barca

  2. # whoami • I am an Information Security Evangelist • For paying my bills – I do consulting - HackIT – Technology & Advisory Services – A startup. • Awards • Information Security Leadership Achievement Award from (ISC)² - 2010 • Microsoft Most Valuable Professional (Enterprise Security) – 2009 and 2010 • Co-Author of a Book • President – Information Security Research Association - NPO

  3. # whoami • Chief Architect - Matriux – (www.matriux.com) - OS for Hacking, Forensics and Security testing – Open Source & Free  • Founder c0c0n – International Security & Hacking Conference • Extend service to various state and central investigations agencies as Cyber Forensics Consultant

  4. # whoami • Speaker at various national and international security, technology and hacking conferences: • Microsoft Tech-Ed 2010 (& 2011 upcoming) • IQPC - Enterprise Security 2010 - Singapore • Information Security Conference - Bangalore • ClubHack, etc • DevCon

  5. # whoami • Training associations: • Indian Navy - Signal School , Centre for Defense Communication and Electronic and Information / Cyber Warfare and INS Valsura. • Centre for Police Research, Pune and Kerala Police • SCIT - Symbiosis Centre for Information Technology,Pune • Institute of Management Technology (IMT) – Ghaziabad • IGNOU M-Tech (Information Systems Security) – Expert Member – Curriculum Review Committee • C-DAC, ACTS (DISCS & DSSD)

  6. DISCLAIMER(S) • The opinion here represented are my personal ones and do not necessary reflect my employers views. • Registered brands belong to their legitimate owners. • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with any laws (hopefully...) :)

  7. REFERENCES • Information and resources from Internet (including publications from Cloud Security Alliance) were extensively used for the creation of this presentation.

  8. AGENDA INTRO & CLOUD ARCHITECTURE CLOUD SECURITY & RISK ASSESSMENT FRAMEWORK EXPLOITING CLOUD & FORENSICS CONCLUSION

  9. INTRODUCTION

  10. QUESTION • So what is Cloud Computing? • Do you know what is EC2 and S3? • What is SPI Model?

  11. WHY THIS TALK? • cloud is loud • Headline stealer • Everybody is concerned about Cloud Security

  12. WHY CLOUD IS DIFFERENT? • Why handle cloud differently? • Simple – power of cloud

  13. TIGR - ?????? • Barack Obama's Technology Innovation and Government Reform Team (TIGR) describe the use of cloud computing as "one of the most important transformations the federal government will go through in the next decade."

  14. CLOUD POWER • A 64 node Linux cluster can be online in just five minutes • Forget about those sleepless nights in your data centers

  15. EC2 • Amazon Elastic Compute Cloud (Amazon EC2) • A web service that provides resizable compute capacity in the cloud

  16. EC2 - WIKIPEDIA • Allows users to rent computers on which to run their own computer applications. • A user can boot an Amazon Machine Image (AMI) to create a virtual machine, which Amazon calls an "instance", containing any software desired.

  17. EC2 - WIKIPEDIA • A user can create, launch, and terminate server instances as needed, paying by the hour for active servers, hence the term "elastic".

  18. S3 • Amazon S3 (Simple Storage Service) is an online storage web service offered by Amazon Web Services. • Provides unlimited storage through a simple web services interface

  19. S3 • $0.15 per gigabyte-month • 102 billion objects as of March 2010

  20. POWER OF CLOUD • The New York Times - Amazon EC2 and S3 - PDF's of 15M scanned news articles. • NASDAQ uses Amazon S3 to deliver historical stock information.

  21. CLOUD • Cloud separates: • application and information resources from the underlying infrastructure, and • the mechanisms used to deliver them.

  22. CLOUD • Use of a collection of • services, • applications, • information, and • infrastructure • comprised of pools of compute, network, information, and storage resources.

  23. CLOUD • Components can be • rapidly orchestrated, • provisioned, • implemented & decommissioned, and • scaled up or down • Provide an on-demand utility-like model.

  24. CLOUD CONFUSION • From an architectural perspective; there is much confusion • How cloud is both similar to and different from existing models of computing?

  25. CLOUD CONFUSION • How these similarities and differences impact the • organizational, • operational, and • technological approaches • to network and information security practices.

  26. CLOUD SECURITY – DIFFERENT? • Marcus Ranum - Same old, • Same old

  27. CLOUD SECURITY – DIFFERENT? • Same Client / Server paradigm from Mainframe days – Bruce Schneier

  28. So what is this cloud?

  29. CLOUD ARCHITECTURE

  30. CLOUD • NIST (U.S. National Institute of Standards and Technology) defines cloud computing by describing: • five essential characteristics, • three cloud service models, and • four cloud deployment models.

  31. CLOUD CHARACTERISTICS • Five essential characteristics • On-demand self-service • Broad network access • Resource pooling • Rapid elasticity • Measured service

  32. CLOUD CHARACTERISTICS • On-demand self-service • Unilaterally provision computing capabilities as needed automatically, without requiring human interaction with a service provider. • Computing capabilities include server time and network storage

  33. CLOUD CHARACTERISTICS • Broad network access • Available over the network and accessed through standard mechanisms

  34. CLOUD CHARACTERISTICS • Can be accessed through heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) as well as other traditional or cloud based software services.

  35. CLOUD CHARACTERISTICS • Resource pooling • The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, • Different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

  36. CLOUD CHARACTERISTICS • Degree of location independence - customer has no control or knowledge over the exact location of the provided resources • Customer may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter).

  37. CLOUD CHARACTERISTICS • Examples of resources include: • storage, • processing, • memory, • network bandwidth, and • virtual machines.

  38. CLOUD CHARACTERISTICS • Rapid elasticity • Capabilities can be • rapidly and elastically provisioned to quickly scale out ; and • rapidly released to quickly scale in. • In some cases this is done automatically.

  39. CLOUD CHARACTERISTICS • Measured service. • Metering capability at some level of abstraction appropriate to the type of service • Resource usage can be monitored, controlled, and reported — providing transparency for both the provider and consumer of the service.

  40. CLOUD CHARACTERISTICS • Example: • storage, • processing, • bandwidth, • active user accounts

  41. MYTHS - CLOUD CHARACTERISTICS • Myths about Cloud Computing Essential Characteristics • Virtualization is mandatory • Answer is No • Cloud services are often but not always utilized in conjunction with, and enabled by, virtualization technologies

  42. MYTHS - CLOUD CHARACTERISTICS • There is no requirement that ties the abstraction of resources to virtualization technologies • In many offerings virtualization by hypervisor or operating system container is not utilized.

  43. MYTHS - CLOUD CHARACTERISTICS • Multi-tenancy as an essential cloud characteristic • Multi-tenancy is not called out as an essential cloud characteristic by NIST but is often discussed as such.

  44. CLOUD SERVICE MODELS • Divided into three archetypal models. • The three fundamental classifications are known as the SPI Model. • Various other derivative combinations are also available.

  45. CLOUD SERVICE MODELS • Cloud Service Models • Cloud Software as a Service (SaaS). • Cloud Platform as a Service (PaaS). • Cloud Infrastructure as a Service (IaaS).

  46. CLOUD SERVICE MODELS - SaaS • The client use the software / applications running on a cloud infrastructure. • Accessed through thin client interface such as a browser.

  47. CLOUD SERVICE MODELS - SaaS • User does not manage or control the underlying cloud infrastructure including: • network, • servers, • operating systems, • storage, or • even individual application capabilities

  48. CLOUD SERVICE MODELS - SaaS • Possible exception - limited user specific application configuration settings.

  49. CLOUD SERVICE MODELS - PaaS • User can deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider.

  50. CLOUD SERVICE MODELS - PaaS • The consumer does not manage or control the underlying cloud infrastructure including • network, • servers, • operating systems, or • storage,

More Related