Securing Cloud Databases using Bastion Host and SSH Agent Forwarding

Verified

Added on 2023/04/22

AI Summary

This report discusses different security concepts and strategies for securing cloud databases. It provides solutions for preventing SQL injection attacks using AWS WAF and discusses the use of bastion host and SSH agent forwarding for securing cloud databases. The report also compares security in cloud computing providers such as Microsoft Azure, Amazon Web Services, and Google AppEngine.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: Database Security 0
Cloud Databases Security
Database Security
Report
Student name

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Database Security 1
Securing cloud databases using bastion host and SSH agent forwarding
Asanga, . G. D. D., 2017. Public Key and Multi Factor Based Centralized SSH Authentication System for a
Cloud Based Environment Using LDAP. [Online] Available at:
documents.ucsc.lk/jspui/bitstream/123456789/4033/1/2014MIS004.pdf[Accessed 21 February 2019].
Asanga is providing a concept for securing cloud databases from different attack, which
are possible through SQL injection and capabilities of application for data access from
cloud databases. It provides SSH Authentication concept for a system through LDAP
server for securing their cloud based environment as well as database.
Bird, D. A., 2018. Information Security risk considerations for the processing of IoT sourced
data in the Public Cloud.
According to Bird, Public clouds are providing different accesses of cloud databases
though different application. Therefore, it is a risk for whole system. There should a
secure zone for authentication of the applications as well as users to access databases.
Databases are collecting data through IoT sources, such as sensors, electronic, devices,
GPS and RFID.
Blakstad, K. . M. & Andreassen, M., 2016. Security in Cloud Computing: A Security Assessment
of Cloud Computing Providers for an Online Receipt Storage. [Online]
Available at: https://brage.bibsys.no/xmlui/handle/11250/253189
[Accessed 21 February 2019].
Blasted and Andreassen are providing security concepts for cloud computing. Amazon
Web Services are providing many facilities to their vendors. In that report, three vendors
of cloud computing Microsoft Azure, Amazon Web Services and Google AppEngine is
provide security in cloud computing. It also compare virtual machine environment of
Amazon EC2 and Windows Azure.
Gapiński, A., 2014. Strategies for Computer Networks Security. Kwartalnik Nauk o
Przedsiębiorstwie, Volume 3, pp. 59-65.
Gapiński provides strategies for computer network security through creating safe zone.
Firewalls are responsible for securing the network. For approaching cloud databases
network is primary thing. Therefore, securue network from unathenticated users through
creating trusted network for securing the cloud databases.
Kareem, M., 2018. Prevention of SQL Injection Attacks using AWS WAF. [Online]
Available at: https://repository.stcloudstate.edu/msia_etds/47/
[Accessed 21 February 2019].
Kareem reports on prevention of cloud databases from SQL Injection attacks using AWS
WAF concept. AWS WAF is a Web Application Firewall that provides security to the

Database Security 2
cloud system from different types of attacks from hackers on the cloud databases, such as
SQL Injection.
According to (Gapiński, 2014), cloud database can be secured through firewall and different
authentication methods. There are many ways to secure a trusted network or infrastructure. The
Public Cloud has different capabilities for data access from cloud database. It is a problem where
rethink about the security of cloud databases. Cloud database can be utilized attack tree analysis,
red teaming research and soft system thinking for security (Bird, 2018). SQL injection is a
technique, which is having several types of code injection techniques for attack on different
applications of data driven. Attackers are using SQL injection for gaining access on the database.
It is provide them potential reading, updating or deletion of user’s data from the cloud storage.
The vulnerabilities are because of the lack of input validation. It is not fully covered in the
software development cycle. There should be a safe zone between the clients side and database
server. It can be implemented through AWS to avoid the malicious codes, which are injected
through SQL injection by the attackers (Kareem, 2018). According to (Blakstad & Andreassen,
2016), security issues are arising because of lots of capabilities to access the database on cloud
from different applications. Authentications with LDAP stored public key can be provide a
proper solution for securing a cloud databases. It is a best example of bastion concept. Therefore,
the complete system is safe even. The firewalls performed packet filtering and could provide
additional performance enhancing functionalities besides perimeter security (Asanga, 2017).
Different vendors are providing different capabilities to access data, such as Microsoft Azure,
Google AppEngine, and Amazon Web Services. There is an international standard for cyber
security that is ISO 27001 certification of organizations. Cloud computing services can be more
better using reduces capabilities of access the system. Applications are having different
capabilities for accessing cloud databases. There is a solution for accessing of data from cloud
database that is LDAP server and SSH clients architecture. It may be reduce loss of data from
cloud databases. One on the best way is securing network through firewalls and authentication,
LDAP server and bastion host and server. These methods can provide more security to the cloud
database.
Bastion server can also use for increasing security of cloud database. Corporate network can
manage corporate LDAP server for securing connection. Therefore, attackers cannot access
corporate network. Bastion server in implemented in the VPC with the high security through
private subnet, database subnet and public subnet. Cloud applications can access the DB servers
with high security. Virtual private networks can provide more security for users and applications
that are linked with the cloud services.
Below diagram is shows an architecture of security of cloud databases through bastion server.
Bastion host can access the data from the cloud databases with the authentication of cloud
databases.
AWS is used for multiple layers of security and access. It provides security to a private VPN
with the help of gateway authority though multiple subnets and it is providing access to pots for
the cloud database.

Database Security 3
References
Asanga, . G. D. D., 2017. Public Key and Multi Factor Based Centralized SSH Authentication
System for a Cloud Based Environment Using LDAP. [Online]
Available at: documents.ucsc.lk/jspui/bitstream/123456789/4033/1/2014MIS004.pdf
[Accessed 21 February 2019].
Bird, D. A., 2018. Information Security risk considerations for the processing of IoT sourced
data in the Public Cloud.
Blakstad, K. . M. & Andreassen, M., 2016. Security in Cloud Computing: A Security Assessment
of Cloud Computing Providers for an Online Receipt Storage. [Online]
Available at: https://brage.bibsys.no/xmlui/handle/11250/253189
[Accessed 21 February 2019].
Gapiński, A., 2014. Strategies for Computer Networks Security. Kwartalnik Nauk o
Przedsiębiorstwie, Volume 3, pp. 59-65.
Kareem, M., 2018. Prevention of SQL Injection Attacks using AWS WAF. [Online]
Available at: https://repository.stcloudstate.edu/msia_etds/47/
[Accessed 21 February 2019].

1 out of 4

+13062052269

info@desklib.com

Securing Cloud Databases using Bastion Host and SSH Agent Forwarding

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

SIT113 – Cloud Computing and Virtualisation (2020).

Desklib: Study Material Library with Solved Assignments & Essays

Cloud Computing Practical Assignment

Cloud Service Comparison: AWS, Azure, GCP

Mobile Cloud Computing: A Survey

QAC020N254: Cloud Computing | Task Report