Cloud Computing

Objectives: Understanding cloud computing concepts, understanding cloud computing threats, understanding cloud computing attacks, understanding cloud computing security, understanding cloud computing security tools, overview of cloud pen testing

Cloud Computing Concepts

  • Cloud computing is an on-demand delivery of IT capabilities where IT infrastructure applications are provided to subscribers as a metered service

  • Types of Cloud Computing Services:

  • IaaS: Provides virtual machines and other abstracted hardware and OSs which may be controlled through a service API

  • PaaS: Offers development tools, config management, and deployment platforms on-demand and can be used by subscribers to develop custom applications

  • SaaS: Offers software to subscribers on-demand over the internet

  • Cloud Deployment Models

  • Private Cloud: Cloud Infrastructure operated solely for a single organization

  • Community Cloud: Shared Infrastructure between several organizations from a specific communications with common concerns

  • Hybrid Cloud: Composition of two or more cloud (private, community or public)

  • Public Cloud: Services are rendered over a network that is open for public use

Cloud Computing Threats

  • Data Breach/Loss, Abuse of Cloud Services, Insecure Interfaces and APIs, Insufficient due diligence, shared technology issues, unknown risk profile, Inadequate infrastructure design and planning, conflicts between client hardening procedures and cloud environment, malicious insiders, illegal access to the cloud, privilege Escalation via error