Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
24 views32 pages

Module 5

The document outlines fundamental concepts of cloud security, including confidentiality, integrity, authenticity, availability, and various threats and vulnerabilities associated with cloud services. It discusses different types of threat agents, such as anonymous attackers and malicious insiders, and highlights security controls and mechanisms necessary to protect IT resources. Additionally, it addresses specific security threats like traffic eavesdropping and denial of service attacks.

Uploaded by

justforinsta60
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views32 pages

Module 5

The document outlines fundamental concepts of cloud security, including confidentiality, integrity, authenticity, availability, and various threats and vulnerabilities associated with cloud services. It discusses different types of threat agents, such as anonymous attackers and malicious insiders, and highlights security controls and mechanisms necessary to protect IT resources. Additionally, it addresses specific security threats like traffic eavesdropping and denial of service attacks.

Uploaded by

justforinsta60
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

Module-5

Threat Agents
Fundamental Cloud Security

 Basic Terms and Concepts


 Confidentiality
 Integrity
 Authenticity
 Availability
Confidentiality

Confidentiality
Integrity
Authenticity
 non-repudiation
 Prof of interactions
Availability

 Availability of cloud services


 cloud provider and the cloud carrier
Threat

 Violation to security
 Breach privacy
 modes
Vulnerability

 weakness
 Causes???
1. configuration deficiencies,
2. security policy weaknesses,
3. user errors,
4. hardware or firmware flaws,
5. software bugs, and
6. poor security architecture
Risk

 possibility of loss or harm


 Measured from level of threats and possible known vulnerabilities
 How to determine risk ?
1. the probability of a threat occurring to exploit vulnerabilities in the IT
resource
2. the expectation of loss upon the IT resource being compromised
Security Controls

 prevent or respond to security threats or to avoid risks


 Security policy contains:
1. set of rules and practices
2. service,
3. security plan for IT resources
Security Mechanisms

 framework that protects IT resources, information, and services


Security Policies

 Set of rules and regulations


Threat Agents

 Entity s capable of carrying out an attack


 internally or externally, from humans or software programs
Threat Agents
Threat Agents
Anonymous Attacker

 cloud service consumer without permissions


 bypassing user accounts
 stealing user credentials
Malicious Service Agent

 Intercept and forward the network traffic


 may also exist as an external program
Trusted Attacker

 attacker shares IT resources as the cloud consumer


 exploit legitimate credentials
 launch their attacks from within a cloud’s trust boundaries
Malicious Insider

 human threat agents relation to the cloud provider


 Who are they?
 Priveleged for access the resources
Cloud Security Threats
Traffic Eavesdropping

 intercepted by a malicious service agent


 information gathering
 compromise the confidentiality of the data
 undetected for extended periods of time
Traffic Eavesdropping
Malicious Intermediary

 messages are intercepted and altered


 compromising the message’s confidentiality and/or integrity
Denial of Service

 overload IT resources
 Degrade server –if attack is succeeded.
1. Repeated communication requests.
2. Reduced responsiveness
3. Consume excessive memory and processing resources
Denial of Service
Insufficient Authorization

 Attacker get access permission by mistake


Insufficient Authorization

 weak authentication-weak passwords,


weak authentication
Virtualization Attack
Additional Considerations

You might also like