Post on 02-Jun-2018
transcript
8/10/2019 Ossec Project
1/30
Ossec project Cloud computing and security
Cloud computing and security................................................................................2
1. Introduction..................................................................................................2
2. What is a Cloud?...........................................................................................3
3. Examples......................................................................................................
1. !"amai.......................................................................................................
2. Cloud #oundry............................................................................................$
3. Cloud #actory............................................................................................. %
&. !'ure.......................................................................................................1(
. ICloud......................................................................................................1&
$. )*+are Cloud Computing........................................................................1
,. -eanstal".................................................................................................1$
&. Why cloud?.................................................................................................1,
. !dantages and disadantages o/ clouds...................................................10
$. Eolution to cloud.......................................................................................1%
,. ecurity.......................................................................................................21
0. Conclusion..................................................................................................2,
1
8/10/2019 Ossec Project
2/30
Ossec project Cloud computing and security
Cloud computing and security
1. Introduction
uring this project I +anted to "no+ +hat its all a4out the cloud. 5ou cannot seenext to all the ads on the internet.
Eery company almost uses a cloud. -ut I didnt al+ays understand the purpose
o/ those clouds. !t some point I thought it +as just a mar"eting stunt or hype6 li"e
there hae 4een a lot lately. I +as thin"ing a4out the security o/ all the data. Is
cloud really the ris" +orth ta"ing? Is it sa/e to put all the data o/ your company on
an external serer? 7eer the less6 it +as important /or the CIOs.
ource8 9:eimagining I;8 ;he 2(11 CIO !gendaanuary 2(11 4y artner analysts *ar" =. *conald and ae !ron
2
8/10/2019 Ossec Project
3/30
Ossec project Cloud computing and security
2. What is a Cloud?
When you thin" at a cloud6 youre supposed to thin" at a cloud in the
atmosphere.
-ut as descri4ed on Wi"ipedia6 it actually comes /rom the past +ith the telephone
net+or".
The term "cloud" is used as a metaphor for the Internet, based on the cloud
drawing used in the past to represent the telephone network, and later to depict
the Internet in computer network diagrams as an abstraction of the underlying
infrastructure it represents.
When is a cloud a real cloud? In practice +e spea" o/ a cloud +hen the program
turns on around 1(( serers and is managed 4y 1 person.
;here are a lot o/ di@erent types o/ clouds. ;here are a lot that are just asmar"eting and to join the hype. Eery so/t+are company that doesnt gie their
users the opportunity to join their cloud these days are out o/ the picture. In the
next point you can see some more examples.
In this paper Ill hae it more a4out cloud computing.
Cloud computing can 4e split into 3 leels o/ a4straction8
o/t+are as a serice AaasB
=lat/orm as a serice A=aaB ex. Cloud#oundry6 *icroso/t !'ureo )ender loc"in is a real ris"
In/rastructure as a serice AIaaB ex. )*+are
Classically the cloud stac" is represented as a pyramid +ith on top the o/t+are
as a erice6 underneath the =lat/orm as a erice and at the 4ottom theIn/rastructure as a erice. -ut as +e ta"e the num4er o/ serices in account the
3
8/10/2019 Ossec Project
4/30
Ossec project Cloud computing and security
aa has to 4e the si'e o/ the Iaa and opposite. -ecause there are lot more
aatools than there are In/rastructures.
5ou can een tell that the plat/orms are the most important parts o/ them. ;he
In/rastructure is important6 4ut the plat/orm still needs to proide the 4ac"ups6
monitoring6 upgrades...
When you loo" at the in/rastructure6 it is an eolution o/ a irtualisation process
o/ the architecture and utility computing. ;he architecture is ery a4stract so the
users no longer need to hae the expertise o/ it. 5ou need to ta"e 3 parameters in
account8
+or"ing memory
dis" space
processing memory
;hose are also the 3 parameters on +hich the proider 4ases to gie the 4ill. o
its logic that you try to minimi'e those as much as possi4le.
;he plat/orm proides the user +ith control tools. ;here arent standards so the
plat/orm can proide a loc"in. ;his means that you can al+ays enter the cloud
4ut you neer really can leae it. It depends to the plat/orm as +ell +etter or not
you can use hy4rid or priate clouds.
;here are een plat/orms that gie the user the possi4ility to create their o+n
priate plat/orms6 li"e taccato.
;he so/t+are as a serice is as the name tells so/t+are. -ut the data that it
collects is enormous so it needs to loo" at the cloud as split them oer a lot o/
serers to stay eDcient and to stay usea4le.
&
8/10/2019 Ossec Project
5/30
Ossec project Cloud computing and security
3. Examples
1. Akamai
!"amai is one o/ those o/t+are as a erice. !"amai +or"s li"e a caching serer/or companies. !ll the data o/ their serers that are mentioned in the
conguration o/ !"amai are periodically scanned 4y the !"amai serers.
;he 4enet is that !"amai can proide a 4etter connection /or the enduser. o
he or she can do+nload the page or the le much /aster.
;he companies6 +ho use !"amai6 dont need to use load 4alancers or caching
serers anymore.
!"amai guarantees a 1((F uptime and this than"s to their more than %(((
serers in more than ,1 countries.
!"amai proides also an oerie+ o/ the traDc o/ the data that are as"ed 4y the
endusers6 4ut may4e more use/ul6 it gies the statistics o/ the most common
errors.
It +or"s as a caching serer so you can let it act as a caching serer. !s you can
see in the screenshot underneath6 there/ore you hae the Content Control Gtility6
you manually add the G:H you +ant that the complete cloud reloads directly /rom
your serer and youll receie a mail +hen all the serers o/ the cloud are up to
date. Other+ise it +ill load the page only at the moment the page is expired as
congured.
8/10/2019 Ossec Project
6/30
Ossec project Cloud computing and security
2. Cloud Foundry
Cloud #oundry is a cloud computing plat/orm as a serice A=aaB. Cloud #oundry
is an open source cloud and uses 4y de/ault )*+are as In/rastructure. Its /or the
most part +ritten in :u4y en C. Its still in 4eta so it isnt yet 1((F sta4le 4ut
than"s to that 1((F /ree.It supports multiple languages and /rame+or"s6 li"e pring6 cala6 :u4y...
5ou can use it /or multiple types o/ clouds8 micro 6 pu4lic 6 hy4rid and priate
clouds.
Cloud #oundry is open source. ;his has as adantage that it adds extra support6
/or example ==. ! lot clouds dont support it. -ut +ith Cloud #oundry it too" 2
+ee"s a/ter the demand.
$
8/10/2019 Ossec Project
7/30
Ossec project Cloud computing and security
Its in/rastructure independent. o instead o/ )*+are you can use ithu4 or youro+n in/rastructure 4ehind the re+all.
;he micro cloud o/ Cloud #oundry is per/ect to use as a deelopment tool.
,
8/10/2019 Ossec Project
8/30
Ossec project Cloud computing and security
It can 4e /ree do+nloaded on the +e4site +++.cloud/oundry.com. ;he install
instructions are included.
;he micro cloud is ery popular6 pro4a4ly 4ecause its /ree. !nd than"s to this
there are some moies on 5ou;u4e and the rest o/ the Internet +hich can helpduring the installation.
Cloud #oundry pring ; etting tarted
http8JJ+++.youtu4e.comJ+atch?KLcI2)mmm+
Introduction to Cloud #oundry
0
http://www.cloudfoundry.com/http://www.youtube.com/watch?v=XcI-2V-mmmwhttp://www.cloudfoundry.com/http://www.youtube.com/watch?v=XcI-2V-mmmw8/10/2019 Ossec Project
9/30
Ossec project Cloud computing and security
http8JJ+++.youtu4e.comJ+atch?KM7I2c$y2-o
;han"s to the micro cloud6 you can do the conguration locally on it6 your local
serer6 li"e you +ould do on a real serer6 4ut +ithout the pro4lems and
responsi4ilities. Hi"e the 4ean congurations6 data4ase connection...
;here are possi4ilities to add extra tools to your cloud6 li"e pring insight /or
monitoring the transactions6 memory... -ut this +ont 4e 1((F /ree.
http8JJinsight.cloud/oundry.com
%
http://www.youtube.com/watch?v=KNI2c6yS2Bohttp://insight.cloudfoundry.com/http://www.youtube.com/watch?v=KNI2c6yS2Bohttp://insight.cloudfoundry.com/8/10/2019 Ossec Project
10/30
Ossec project Cloud computing and security
3. Cloud Factory
;his is one o/ the 4ad examples o/ companies +hich +anted to jump on the cloud
hype and dont hae anything to do +ith cloud computing. Cloud #actory proides
a cloud /or 4usinesses to 4uild scala4le apps po+ered 4y real people. !nd this in
7igeria6 )ietnam6 outh !/rica6 audi !ra4ia6 India6 Indonesia6 !lgeria6 =hilippines67epal and hana. o its more a cloud o/ people then a cloud o/ serers.
;here is a /ree trial aaila4le. 5ou generate /or example an excelsheet +ith a lot
o/ data. ;his sheet can 4e uploaded on the site6 together +ith a small explanation
+hat you expect /rom output and youll receie an email +hen the output has
4een generated 4y the cloud o/ people.
1(
8/10/2019 Ossec Project
11/30
Ossec project Cloud computing and security
4. Aure
!'ure is a =lat/orm as a serice A=aaB. ;he plat/orm consists o/ 3 components8
Windo+s !'ure6 Windo+s NH !'ure and Windo+s !'ure =lat/orm !pp#a4ric.
Windo+s !'ure is an operating system /or computing6 storage6 hosting6
management capa4ilities o/ the +indo+s !'ure plat/orm. o a 4asic O.
11
8/10/2019 Ossec Project
12/30
Ossec project Cloud computing and security
Windo+s !'ure =lat/orm !pp#a4ric proides secure connectiity and messaging
4et+een the applications running on premises and the cloud 4ased serices.
*ircoso/t NH !'ure proides a /ull data4ase solution in the cloud.
http8JJ+++.youtu4e.comJ+atch?K7l*Gcdt570
12
http://www.youtube.com/watch?v=NlMUcGdtYN8http://www.youtube.com/watch?v=NlMUcGdtYN88/10/2019 Ossec Project
13/30
Ossec project Cloud computing and security
5ou can try it. ;here is a /ree trial at https8JJ+++.+indo+sa'ure.com
5ou need to hae a hotmail or liemail address and you need to gie your
mo4ile num4er /or erication.
;here are di@erent types o/ proles /rom +hich you can choose6 +ith their o+n
pricing.
!nd you can easily s+itch /rom one to another6 as illustrated underneath.
13
https://www.windowsazure.com/https://www.windowsazure.com/8/10/2019 Ossec Project
14/30
8/10/2019 Ossec Project
15/30
Ossec project Cloud computing and security
!. ICloud
ICloud is a /ree o/t+are as a erice AaaB. It can 4e used to join all the data o/
contacts6 calendar6 documents...6 that has 4een saed on di@erent plat/orms o/
!pple6 li"e I=hone6 I=ad6 I=od...When you su4scri4e6 youll receie a /ree email account that can 4e chec"ed as
+ell 4y this tool.
Eery product needs to 4e congured to receie the automatic update.;his can
4e done in a &step conguration.
http8JJ+++.apple.comJicloudJsetupJ
1
http://www.apple.com/icloud/setup/http://www.apple.com/icloud/setup/8/10/2019 Ossec Project
16/30
Ossec project Cloud computing and security
". #$%are Cloud Computin&
)*+are is an In/rastructure as a erice AIaaB. Its one o/ the most used.
=ro4a4ly 4ecause it has a lot o/ tools to control the cloud and didnt came in the
ne+s +ith pro4lems li"e !ma'on.It has an open standard. o eery4ody can see ho+ they handle the
in/rastructure to preent loc"ins.
)phere is the irtualisation plat/orm6 the 4asis.
)hield proides the security 4ecause multiple customers can use the
same in/rastructure6 multitended enironment6 and those need to stay
separated. )Cloud irector is li"e the portal /or the enduser and proides the lin" +ith
phere. Wor"s as a management layer.
)Center Charge4ac" proides the oerie+ a4out the used in/rastructure4y the user6 /or each user.
)Cloud :euest *anager proides the +or"Po+ principles.
)Cloud !=I proides the lin" 4et+een the priate and the pu4lic cloud.
1$
8/10/2019 Ossec Project
17/30
Ossec project Cloud computing and security
'. (eanstalk
-eanstal" is a o/t+are as a erice. It proides the opportunity /or
companies and other users to share /or example their source code +ith
pass+ord protection +ith other users all oer the +orld.
1,
8/10/2019 Ossec Project
18/30
Ossec project Cloud computing and security
10
8/10/2019 Ossec Project
19/30
Ossec project Cloud computing and security
4. Why cloud?
When you +ant to use a cloud you need to thin" +hat you +ant to do +ith it.
;here are a lot o/ clouds these days. 5ou can use clouds as a cachingserer or as
a /ull datacenter.
;he most important players /or the last one are *icroso/t !'ure6 !ma'on andOracle. -ut they arent the same to use.
;he most users o/ clouds use it /or cloud 4ursting. It is a concept +here +hen you
run out o/ your computing resources in your internal datacenter6 you 94urst< the
additional +or"load to an external cloud on an ondemand 4asis.
;he internal computing resource is the 9=riate Cloud< and the external cloud is
typically a 9pu4lic cloud< /or +hich the organi'ation gets charged on a payper
use 4asis. When your deployment has the a4ility to do 9cloud 4ursting< or
spreading the load to the pu4lic cloud6 you essentially hae a y4rid Cloud.
1%
8/10/2019 Ossec Project
20/30
Ossec project Cloud computing and security
!. Ad)anta&es and disad)anta&es o* clouds
#or companies eery application has to 4e or hae8
!aila4ility :elia4ility
cala4ility Ho+ response time igh per/ormance
;hose aspects need to return in the clouds as +ell. -ut specic to clouds
companies expect less costs and more Pexi4ility. -ut there is more.
;han"s to the cloud you can increase the aaila4ility o/ your applications. ! lot o/
clouds gie you the guarantee that the application +ill 4e up /or 1((F. It is
impossi4le to guarantee this on a local serer.
;he clouds improe your relia4ility o/ your data o/ the applications.
-ecause clouds consist o/ di@erent serers all oer the +orld the response time
all oer the +orld +ill 4e /aster.
cala4ility improes as +ell. 5ou neer 4uy your cloud6 you rent it. o i/ your data
uantity or per/ormance needs increase or decrease you can s+itch to another
type o/ cloud. 5ou pay /or +hat you use. What doesnt al+ays goes +ith a local
serer.
2(
8/10/2019 Ossec Project
21/30
Ossec project Cloud computing and security
". E)olution to cloud
When your serers need to moe into a cloud it isnt /rom one day to another. Its
li"e an eolution.
=hysical serers
;his can 4e a ery 4asic situation6 a separated serer /or each application.
ometimes multiple serers are shared /or multiple applications. !t this point the
most +or" has to 4e done. ;he serers need to 4e optimi'ed to reduce the costs.
Its 4est to start +ith the noncritical applications.
)irtuali'ation
!t this point multiple serers hae multiple applications and multiple applications
stand on multiple serers. 5ou need to 4e in this situation +hen the uality o/
your applications is really important.
=riate cloud
When you start to create a priate cloud you +ant that the system 4ecomes
scala4le. -ut not pu4lic /or eeryone.
y4rid cloud
y4rid clouds arent really a type o/ cloud 4ut its a merged step 4et+een priate
and pu4lic cloud. 7either company li"es it to put all their data on one pu4licplace. 7eer the less6 they thin" o/ moing some parts o/ it to the cloud. ;hose
21
8/10/2019 Ossec Project
22/30
Ossec project Cloud computing and security
are all hy4rid clouds. y4rid clouds can delier a 4it more /unctionality than just a
9cloud 4ursting
8/10/2019 Ossec Project
23/30
Ossec project Cloud computing and security
'. +ecurity
ecurity is a di@erent aspect depending on the "ind o/ people at +ho you as" the
uestion. 7et+or" administrator
ystem administrator ac"er
7eer the less6 security and priacy are 4y /ar the points +here the most
concerns are a4out.
artner A!pril 2(1(B
;here are plenty o/ concerns surrounding cloud computing and its attendant
security ris"s. What a lot o/ companies /ail to understand6 ho+eer6 is that many
endors rely on strict priacy policies6 as +ell on sophisticated security measures6
such as proen cryptographic methods to authenticate users. Whats more6
companies can choose to encrypt data 4e/ore een storing it on a thirdparty
proiders serers. !s a result6 many cloudcomputing endors o@er greater data
security and condentiality than companies that choose to store their data in
house. !nd these than"s to certicates that cloud companies li"e to hae.https8JJcloudsecurityalliance.orgJeducationJcerticateo/cloudsecurity
"no+ledgeJ
23
https://cloudsecurityalliance.org/education/certificate-of-cloud-security-knowledge/https://cloudsecurityalliance.org/education/certificate-of-cloud-security-knowledge/https://cloudsecurityalliance.org/education/certificate-of-cloud-security-knowledge/https://cloudsecurityalliance.org/education/certificate-of-cloud-security-knowledge/8/10/2019 Ossec Project
24/30
Ossec project Cloud computing and security
! selection o/ the companies +ho are mem4er o/ C!.
https8JJcloudsecurityalliance.orgJmem4ershipJcorporatemem4ersJ
When you tal" a4out the Pexi4ility6 eDciency and per/ormance security people
are already a/raid. ecurity doesnt al+ays support those terms.-ut )*+are +or"s together +ith ;rend*icro6 ymantec... to reach those terms.
-e/ore +e could use +hat +e hae no+ +e loo" at the past6 /rom +here +e came.;here +ere irusscanners in the enironment +here they needed to detect the
irus. o the irus can shut do+n the irusscanner as +ell6 host 4ased security.
;o 4loc" those6 +e used net+or" 4ased security6 li"e a re+all. ;his is ery use/ul
+hen the net+or" is xed. ;he net+or" 4ased security needs to "no+ +here
2&
https://cloudsecurityalliance.org/membership/corporate-members/https://cloudsecurityalliance.org/membership/corporate-members/8/10/2019 Ossec Project
25/30
Ossec project Cloud computing and security
eery serer stands and +hat can enter it. ;he net+or" in a cloud is ery Pexi4le
so it +ont +or" as in the past.
!s you see in the image there is no+ a com4ination o/ those 2 used and
implemented in the )*+are phere Q hield irtualisationlayer. It has the
adantages o/ 4oth 4ut not the disadantages. We dont need to implement the
security on eery host 4ut +e can split the access to eery serer.
;hree di@erent attention points concerning security in a cloud
;he data on the serer and perimeter security
-et+een the cloud serers
;he cloud /rom the enduser
;o protect the data in the cloud 4et+een di@erent leels o/ trust6 perimeter
security6 a lot o/ the proiders6 li"e *icroso/t6 suppose that you need to isolate
those as much as possi4le.
)*+are uses /or this pro4lem )*+are hield Edge.
2
8/10/2019 Ossec Project
26/30
Ossec project Cloud computing and security
;o protect data 4et+een )*s in the cloud there are een re+alls 4et+een them.
;hose monitor the data trans/ers. ;han"s to these re+alls the )*s are more
Pexi4le and there is no ris" +hen they +ill 4e moed to another system. )*+are
uses /or this pro4lem )*+are hield !pp.
;o secure eery serer on its o+n there is a need to add an antiirus on ery
serer. -ut this +ill lead to a temporally oerload and none o/ the serers +ill 4e
aaila4le or there is an a+areness that is diDcult to monitor.
2$
8/10/2019 Ossec Project
27/30
Ossec project Cloud computing and security
;o sole this pro4lem )*+are uses an extra serer +ho does all the scanning.
;his is called 4y )*+are as End=oint sae.
)* isnt deeloped 4y )*+are at home 4ut 4y ;rend*icro. In the /uture othercompanies +ill join.
2,
8/10/2019 Ossec Project
28/30
Ossec project Cloud computing and security
ummary8
20
8/10/2019 Ossec Project
29/30
Ossec project Cloud computing and security
,. Conclusion
;he cloud isnt as 4ad as it loo"s. ;here are already measures ta"en. -ut you
need to 4e care/ully +hen you chose your cloud. ont /orget that you pay /or
+hat you use. 5ou rent so/t+are and youll neer 4e the o+ner. -ut youll neer
4e /ully responsi4le.
In the /uture more companies +ill inest to improe their datacenters6 /or
example in atane+s o/ 13J(1J2(12. *ore than (F o/ the as"ed companies +ill
inest more.
2%
8/10/2019 Ossec Project
30/30
Ossec project Cloud computing and security
:e/erences
http8JJen.+i"ipedia.orgJ+i"iJCloud
http8JJen.+i"ipedia.orgJ+i"iJ!"amaiR;echnologieshttp8JJen.+i"ipedia.orgJ+i"iJCloudRcomputing
http8JJen.+i"ipedia.orgJ+i"iJCloudR#oundry
http8JJen.+i"ipedia.orgJ+i"iJCloudR#actory
http8JJcloudsecurity.trendmicro.comJ+hatiscloud4urstingJ
http8JJ+++.m+are.comJ
http8JJus.trendmicro.comJusJhomeJindex.html
http8JJ+++.+e4hostingunleashed.comJ/eaturesJcloudcomputing4enetsJ
http8JJ4eanstal"app.com
http8JJma"r.roularta.4eJ=#=age?
pageK2$SarchieCodeK!:CIE#SyearK2(12S+ee"K2SeditionCodeK!Sgroep
CodeK!
http8JJma"r.roularta.4eJ=#=age?
pageK2,SarchieCodeK!:CIE#SyearK2(12S+ee"K2SeditionCodeK!Sgroep
CodeK!
http://en.wikipedia.org/wiki/Cloudhttp://en.wikipedia.org/wiki/Akamai_Technologieshttp://en.wikipedia.org/wiki/Cloud_computinghttp://en.wikipedia.org/wiki/Cloud_Foundryhttp://en.wikipedia.org/wiki/Cloud_Factoryhttp://cloudsecurity.trendmicro.com/what-is-cloudbursting/http://www.vmware.com/http://us.trendmicro.com/us/home/index.htmlhttp://www.webhostingunleashed.com/features/cloud-computing-benefits/http://beanstalkapp.com/http://makr.roularta.be/PDFPage?page=26&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=26&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=26&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=27&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=27&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=27&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://en.wikipedia.org/wiki/Cloudhttp://en.wikipedia.org/wiki/Akamai_Technologieshttp://en.wikipedia.org/wiki/Cloud_computinghttp://en.wikipedia.org/wiki/Cloud_Foundryhttp://en.wikipedia.org/wiki/Cloud_Factoryhttp://cloudsecurity.trendmicro.com/what-is-cloudbursting/http://www.vmware.com/http://us.trendmicro.com/us/home/index.htmlhttp://www.webhostingunleashed.com/features/cloud-computing-benefits/http://beanstalkapp.com/http://makr.roularta.be/PDFPage?page=26&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=26&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=26&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=27&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=27&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DAhttp://makr.roularta.be/PDFPage?page=27&archiveCode=ARCHIEF&year=2012&week=2&editionCode=DA&groepCode=DA