logo

Security Threats in cloud Computing PDF

   

Added on  2021-06-17

5 Pages3296 Words46 Views
SECURITY THREATS IN CLOUD COMPUTINGAND PREVENTIVE METHODS.ABSTRACT - Cloud computing is a technology that isused to provide products and services whose foundation is theextensive study carried out on distributed computing,virtualization, utility computing, networking and finallysoftware and web services. It allows for the sharing andaccess of resources of computer applications over the internetunlike the traditional architecture of applications whereaccess is through client and the applications are located in aserver or machines belonging to the client. Due to this aspectof sharing resources that are distributed over the internet andover an open environment, there has been an increased levelof insecurity since important resources are channeled to athird party. This poses a challenge in maintaining privacyand the security of the data, data support and the availabilityof service. This is where the security threats come in. [1]Theyare caused by the above vulnerabilities and they include:denial of service attack, intrusion on the network,authentication among others. In this research paper, anoverview of security threats in the cloud is illustrated togetherwith the solutions that are being used currently to counter thethreats and also proposes the future work of research on thesame. Keywords-Cloud computing, Security Threats, Privacy.1.INTRODUCTIONCloud computing provides numerous favorable aspects, forexample, an increase in hardware resources utilization,reduction in costs, scalability and deployment that is easy. Dueto this, majority of the well-known companies such as Amazonhave already implemented cloud computing. Additionally, thenumber of clients such as Google Drive, LinkedIn amongothers, shifting their information to cloud has greatly increased. Numerous security policies of business level, practices, andstandards are not executable in cloud since distinctiveprotection dangers come up[8]. Challenges are still present inregard to the security of the cloud despite of the large numberof studies carried out by the researchers over the past ten years.In order to come up with effective preventive measures, use theexisting or new mechanisms on the risks of security in cloud,its essential that clients, providers of service, innovators andscholars to first critically analyze and study the risks involved. Hence, research on the dangers of security in the cloud needsto carried out so as to acquire the results from the point of viewof exploration. 2.SECURITY THREATS IN CLOUD COMPUTINGBeing an upcoming technology, cloud computing enablessharing of resources as well as reduction of the costs involved.The costing procedure applied in cloud computing depends onhow the client uses the resource as the clients pay according theusage[12]. Based on the fact that the resources in the cloud areshared over the internet, the problem with the security comes inas threats are posed to the data stored in the cloud. Thefollowing segment contains the threats posed to the data in thecloud:Abusive Usage of Cloud Computing. This is a major threat discovered by Cloud SecurityAlliance[3]. A good example is the usage of botnets inspreading malware and spam. Invaders may inject malwareover a large number of computers and exploit the abilities ofinfrastructure of the cloud to harm various computers throughintrusion. Insecurity in Interfaces of the programmingApplication. Clients mainly use APIs and interfaces of software toconnect with the services offered by the cloud. Due to this fact,the APIs, and the interfaces of the software require to bestrongly protected in that, the process of authentication shouldbe strictly secure as well as control of access, encryption,mechanisms of monitoring activities. This should be strictlyadhered to in the case where third parties engage themselves inthe service of cloud.Spite from the Insiders Based on the fact that majority of the providers of servicemaintain the secrecy as to who they employ, the manner inwhich they delegate to them the access rights or the way theyobserve them, spite from the insiders becomes trickier and acrucial threat. In order to achieve a cloud that is free fromthreats from the insiders, it’s crucial that transparency become

the center of concentration in regard to this threat together withreporting of compliance and notification of any kind of breach.Vulnerabilities from sharing TechnologySharing of infrastructure is majorly used by the suppliers ofIaaS. Unfortunately, the initial intention of these segments usedon to base that was totally different. In order to ensure thatclients do not over crowd on each other’s domain, monitoringand centralization of management needs to be achieved.Loss of Data.The possibility of the loss of Data and theft is always presentwhether it’s by erasing with no prepared backup or by losingthe key of encoding or by illegal access. This can adverselyaffect businesses as besides destroying their regard, the lawobliges them to protect it against destruction and theft as wellas privacy.Attacks of injections in SQL.An attacker injects a harmful code inside a code of SQL that isstandard. In this way, the attackers are able to illegally reach todatabase and view confidential data.Attacks of Cross Site Scripting (XSS). This is where harmful scripts are forced into the web. Thereare two ways of executing the attack: through XSS which arestored whereby the script is maintained eternally inside the webapplication managed resource. On the other hand, XSS that isreflected is where the invader only stores the script temporarily.[4].Man in the Middle attacks. This occurs when an attacker invades a conversation that isbeing held between a client and a sender and sends incorrectdata and acquires the right and essential data being conveyed. Attacks by SniffersSome applications can seize packets moving within a networkin case the kind of data that is being moved has not beenencrypted and is readable. These attacks are triggered by theapplications explained above. When a program used in sniffingis introduced in the network using the Network Interface Card,data connected to various systems is recorded. Attacks of Denial of Service.This is a digital assault whereby the culprit looks to cause anetwork or machine assets inaccessible for its proposed clientsby incidentally or inconclusively upsetting administrations ofthe host associated with the Internet. At times an error is seen and one is unable to get to a sitewhen browsing. This is due to a challenge of the very largenumber of requests made in order to get to the site. Poisoning of Cookie This is the change of a cookie (individual data in a Webclient's PC) by an aggressor to increase unapproved data aboutthe client for uses, for example, theft of the identity. Theassailant may utilize the data to create new records or to accessthe client's current records.Due Diligence that is Inadequate.At the point when officials make business systems, cloudadvancements and specialist organizations must be viewed.Building up a decent guide and agenda for due perseverancewhile assessing advancements and suppliers is fundamental forthe best shot of progress. Associations that hurry to embracecloud innovations and pick suppliers without performing duetirelessness open themselves to various dangers.3.COUNTERMEASURESThe following strategies can be used to counter thesecurity threats facing cloud computing:Enhancement of the Policy of Security.Services offered by the cloud providers can be used after aclient registers by the use of a credit card which is valid.This offers an advantage to hackers whereby they exploit thepowerful nature of the clouds to execute illegal actions whichinclude attacking and spamming other systems of computing. Conduct of such behavior of abuse created by the frail natureof the systems of registration, monitoring of credit cards toevaluate fraud and blocking black lists that are public may beexecuted. To reduce the abusive use of the power of the cloud,policies of security can be implemented. To effectively manageclouds, regulations and rules that are well structured andstipulated may offer great assistance to the administrators ofthe network.Management of Access.The client’s information contained in cloud is secretive anddelicate. [6]Therefore, the mechanisms of control of accessmay be used to make sure that just the clients who areauthorized can gain access to the information provided. Besidesconstantly monitoring the systems of computers that arephysical, restrictions on the access traffic of data needs to beobserved by the use of the techniques of security. Some varioustools such as systems of detection of intrusion and firewallshave been used to limit intrusion from resources that are nottrustworthy and to observe activities that are malicious.

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Security Threats in Cloud Computing and Preventive Methods
|13
|3873
|83

Security threats in cloud computing and preventive methods
|3
|514
|438

Assignment on Information Security Cloud Computing
|8
|2070
|158

ITC595 Information Security : Doc
|5
|3376
|100

Security and Privacy Issues in Cloud and Fog Domain
|5
|823
|66

Integrated Professional Skills in the Digital Sample Age Assignment
|7
|2023
|60