Cloud Security, Security in Cloud Computing, Kubernetes Security,. Docker Security, Cloud Penetration Testing, Zero Trust Security, Container Security, Application Security
Why businesses are failing to protect Cloud and PII data?
- Increasing cloud adoption is also leading to increased cloud security risks due to moving to the cloud without a security architecture design.
- Some of the top cloud risks include Misconfiguration, Insecure Interfaces and API Risks, Weak Control Planes, Access and Key Management, Account Hijacking, etc.resulting in increased data breaches.
- IaaS Providers state that the data security lies with the PaaS, SaaS providers or the organizations that store data on the cloud platforms.
- Organizations are failing to protect sensitive data in the cloud. Businesses are taking advantage of the cloud, but not applying adequate cloud security.
- The challenge in addressing the threat of data loss and data leakage is that the organizations opt to keep offline backups of data to reduce data loss, which eventually increases the exposure to data security breaches.
- Increasing use of Container and Microservices needs security at the Docker Security and Kubernetes Security layers.
We provide short and long term contract staff for Cybersecurity, remote working only.
Understanding Attack Scenario:
During an attack, an outside party attempts to flood an organization’s systems using a numerous amount of connections to overwhelm the system. Since the hackers can use programs or bots to generate numerous attacks, organizations cannot block just one IP address from shutting down a specific process.
There are three basic categories of attack:
- Volume-based attacks: which use high traffic to inundate the network bandwidth
- Protocol attacks: which focus on exploiting server resources
- Application attacks: which focus on web applications and Containers covering Dockers, Kubernetes are considered the most sophisticated and serious type of attacks
Studies agree that providers need more comprehensive cloud security measures to mitigate an attack. Be aware that the main purpose of an attack is to not just disrupt a system but to steal data as well.
Attacks on OSI Layers:
|
OSI Layer |
Protocol Data Unit (PDU) |
Protocols |
Examples of at each Level considering OWASP Risks |
Potential Impact of an Attack |
|
Application Layer |
Data |
Uses the protocols FTP, HTTP, POP3, & SMTP and uses Gateway as its device. |
PDF GET Requests, HTTP GET, HTTP POST, website forms(login, uploading photo/video, submitting feedback) |
Reach resource limits of services; Resource starvation |
|
Presentation Layer |
Data |
Uses the protocols Compression & Encryption. |
Malformed SSL Requests -- Inspecting SSL encryption packets is resource-intensive. Attackers use SSL to tunnel HTTP attacks to target the server. |
The affected systems could stop accepting SSL connections or automatically restart. |
|
Session Layer |
Data |
Uses the protocols Logon/Logoff. |
Telnet DDoS-attacker exploits a flaw in a Telnet server software running on the switch, rendering Telnet services unavailable. |
Prevents administrators from performing switch management functions. |
|
Transport Layer |
Segment |
Uses the protocols TCP & UDP. |
SYN Flood, Smurf attack |
Reach bandwidth or connection limits of hosts or networking equipment. |
|
Network Layer |
Packet |
Uses the protocols IP, ICMP, ARP, RARP, & RIP and uses Routers as its device. |
ICMP Flooding - A Layer 3 infrastructure DDoS Attack method that uses ICMP messages to overload the targeted network's bandwidth. |
It can affect available network bandwidth and impose extra load on the firewall. |
|
Datalink Layer |
Frame |
Uses the Protocols 802.3 & 802.5 and its devices are NICs, switches bridges & WAPs. |
MAC flooding - inundates the network switch with data packets. |
Disrupts the usual sender to recipient flow of data - blasting across all ports. |
|
Physical Layer |
Bits |
Uses the Protocols 100Base-T & 1000 Base-X and uses Hubs, patch panels, & RJ45 Jacks as devices. |
Physical destruction, obstruction, manipulation, or malfunction of physical assets. |
Physical assets will become unresponsive and may need to be repaired to increase availability. |
Areas covered by our Comprehensive Assessment or Cloud Security Audit:
The following are some of the security concerns addressed during our Cloud Security Audit:
- Cloud Vulnerability Assessment and Cloud Penetration Testing (Cloud VAPT)
- Authentication, authorization, and identity management
- Cloud network architecture review
- Cloud compute architecture review
- Cloud storage architecture review
- Configurations architecture review
- IaaS, PaaS, SaaS audit including Cloud VAPT
- Data Backup and encryption configuration
- Contianer security covering Dockers Security, Kubernetes Security
- More on SOC Reporting Services
- More on SOC 2 vs ISO/IEC 27001, 27017 for Cloud Security.
Our methodology used to develop and execute these reviews is an amalgam of techniques that features in best practices from cloud service providers and security standards from reputable sources (including hardening guides such as the NIST Benchmarks). We periodically align our methodology to the compliance and regulatory standards that many organizations have to adhere to when implementing cloud security computing services.