Cloud environments can reduce network visibility compared to on-premise networks. I have been working on an Azure networking project and its eye-opening how much collecting that information will cost the client. To that end, do you think cloud environments make network security more or less difficult?
I really think that this depends on the type of service deployed. For instance, a SaaS cloud platform might have more managed security than an IaaS would (i.e. MSFT O365, depending on the package, can include Windows Defender and other security measures that an IaaS might not). Overall, I do believe that many cloud platforms offer functional means of creating a secure environment.
A couple of mitigations organizations can put in place to prevent DDoS attacks. First and foremost, understanding what normal network traffic looks like can help network engineers filter malicious traffic. Organizations should use load balancers to help offset spikes in traffic to prevent the server from being taken offline during a DDoS attack. If the infrastructure is hosted with a cloud provider, utilize their services for DDoS protection and review any SLAs regarding DDoS protection. Lastly, if the organization has the security maturity to do so, implementing deception techniques like honeypots to direct malicious attackers to decoy resources can help defenders respond without being actively targeted.
Hi ZiJian,
I believe an organization can help avoid a distributed denial-of-service attack by doing the following: Creating a strategy for dealing with denials of service. Securing the resources of the network. Filtering firewalls and routers at the network’s edge to detect and block DDoS links
In addition to what Kelly and Kofi mentioned, there are a few additional things you can track and implement. You can track and block requests coming from a single IP or IP range. You should track your normal network traffic and respond to any abnormal traffic. You can also increase your bandwidth, as it will increase your resilience to DDoS attacks. Cloud-based networks naturally have larger bandwidth.
Hello Madalyn,
One of the pro for using a cloud based infrastructure is the availability of that system. The system on the cloud could be easily accessible from any where. One of the con would be that as it’s online it could be accessible by any one. As a result it would need to be properly secured.
I would think that using a cloud infrastructure could help prevent DDoS attacks because cloud providers are connected to so many organizations that they inherently have more responsibility than most companies to make their services as secure as possible. Using an IaaS may create more responsibility for the purchasing organization, but there could still be flaws in the CSP network that could grant access to back-end cloud storage, connected networks, and more (hopefully not).
I think using a cloud infrastructure could help mitigate attempted attacks because the network bandwidth would be larger and would require more traffic to disrupt, boosting the availability of the network, but not making it invincible.
With that being said, I would also think CSP’s receive among the highest volume of attempted attacks due to the volume of storage and interconnectivity they hold, so there is some trade off.
One question that I will be happy to discuss with my classmates is explain what is meant by a certification authority and the role of a digital certificate for as far as security is concerned.
Hey Kofi, a certification authority is “an entity entrusted to issue certificates that assert that the recipient individual, computer, or organization requesting the certificate fulfills the conditions of an established policy”. Basically, they are trusted parties that validates a host’s identity so end users don’t have to. A digital certificate is the digitally signed statement that contains the information about an entity and the entity’s public key.
As cybersecurity professionals, how do you view and do you purchase IoT / “smart” devices when these are notoriously insecure, unpatched, and are the easiest method of adding zombies into a botnet for an attacker to control with a c2 server and enact a DoS attack?
For me, it’s a tradeoff of an additional potential attack vector vs convenience When I hook up a smart light switch in my house, I make sure to change the default password to something strong and unique. Ideally, you’d also do regular firmware updates and make sure someone can’t use the light switch as a stepping stone into your network. I would be hesitant to install locks and garage openers that are connected to the internet, as a vulnerability in those could grant access to the house.
In the article we read for this week, there are any many mitigation steps an organization can take once a DDoS attack is identified. One being, to identify statistical patterns and being able to compare the same with live traffic. Another way is to set up dummy servers with maximum vulnerabilities that are exposed to the hackers as legitimate servers, known as the honeypot. Additionally, aggressive catching can be utilized. Aggressive catching are webpages stored as a separate HTML files and when users request these pages, the HTML files are presented to them instead of the time/CPU resource consuming database quires. This enables the servers to handle more requests/per second and hence the smaller DDoS attacks can be fended off.
Hey Dhaval, I believe one of the best ways to mitigate DDoS attacks is to enable auto-scaling within the server and to load-balance and direct traffic as needed as new instances come online to deal with the incoming traffic. I believe this can be best done on cloud environments as typically additional scaling can be provided as needed, then the company can pay later.
I would think that auditing a CSP is one of the hardest and most thorough audits that an IT auditor would have to conduct. Cloud service providers even service some government agencies, which would be (in my opinion) some of the most nerve racking systems to audit, so CSP’s are just as critical.
I think that the largest critical risks to identify would be within the Saas and PaaS services, because the IaaS service leaves more responsibility for the purchaser of the service in regards to security (but could still could have critical flaws). The most critical risks to identify for mitigation would be within the most widespread services – for example, O365 (there was a huge Outlook breach in which over 20,000 organizations were affected (https://venturebeat.com/2021/03/08/white-house-warns-of-active-threat-following-microsoft-outlook-breach/)), Salesforce, and many more.
TLDR: The most critical risks to identify would be the ones that could grant access to the most systems with the highest security categorizations.
The Titan cluster was accessible via internet after submitting your login information. It included both databases to store your information and additional computational power for the scientists to use in their experiments. I would consider this a community cloud, as defined in the NIST 800 145 reading for this week.
I would consider it a cloud too. I think that in some cases, the word “cloud” is synonymous with the word “cluster”, but I did not want to overstep my knowledge and say that they are always synonyms. I am glad that you agree that the Titan cluster was a cloud. Thanks for your response!
Cloud environments can reduce network visibility compared to on-premise networks. I have been working on an Azure networking project and its eye-opening how much collecting that information will cost the client. To that end, do you think cloud environments make network security more or less difficult?
I really think that this depends on the type of service deployed. For instance, a SaaS cloud platform might have more managed security than an IaaS would (i.e. MSFT O365, depending on the package, can include Windows Defender and other security measures that an IaaS might not). Overall, I do believe that many cloud platforms offer functional means of creating a secure environment.
What steps can be taken to prevent distributed denial of service attacks (DDoS)?
Hi Zijian,
A couple of mitigations organizations can put in place to prevent DDoS attacks. First and foremost, understanding what normal network traffic looks like can help network engineers filter malicious traffic. Organizations should use load balancers to help offset spikes in traffic to prevent the server from being taken offline during a DDoS attack. If the infrastructure is hosted with a cloud provider, utilize their services for DDoS protection and review any SLAs regarding DDoS protection. Lastly, if the organization has the security maturity to do so, implementing deception techniques like honeypots to direct malicious attackers to decoy resources can help defenders respond without being actively targeted.
Kelly
Hi ZiJian,
I believe an organization can help avoid a distributed denial-of-service attack by doing the following: Creating a strategy for dealing with denials of service. Securing the resources of the network. Filtering firewalls and routers at the network’s edge to detect and block DDoS links
Hi Zijian,
In addition to what Kelly and Kofi mentioned, there are a few additional things you can track and implement. You can track and block requests coming from a single IP or IP range. You should track your normal network traffic and respond to any abnormal traffic. You can also increase your bandwidth, as it will increase your resilience to DDoS attacks. Cloud-based networks naturally have larger bandwidth.
What are the pros and cons to a wholly cloud based infrastructure? Is this feasible for small businesses to implement?
Hello Madalyn,
One of the pro for using a cloud based infrastructure is the availability of that system. The system on the cloud could be easily accessible from any where. One of the con would be that as it’s online it could be accessible by any one. As a result it would need to be properly secured.
One question that i would like to ask my classmates based off this weeks readings would be :
How does using a cloud infrastructure help prevent/mitigate DDoS attacks?
Hi Andrew,
I would think that using a cloud infrastructure could help prevent DDoS attacks because cloud providers are connected to so many organizations that they inherently have more responsibility than most companies to make their services as secure as possible. Using an IaaS may create more responsibility for the purchasing organization, but there could still be flaws in the CSP network that could grant access to back-end cloud storage, connected networks, and more (hopefully not).
I think using a cloud infrastructure could help mitigate attempted attacks because the network bandwidth would be larger and would require more traffic to disrupt, boosting the availability of the network, but not making it invincible.
With that being said, I would also think CSP’s receive among the highest volume of attempted attacks due to the volume of storage and interconnectivity they hold, so there is some trade off.
-Mike
One question that I will be happy to discuss with my classmates is explain what is meant by a certification authority and the role of a digital certificate for as far as security is concerned.
Hey Kofi, a certification authority is “an entity entrusted to issue certificates that assert that the recipient individual, computer, or organization requesting the certificate fulfills the conditions of an established policy”. Basically, they are trusted parties that validates a host’s identity so end users don’t have to. A digital certificate is the digitally signed statement that contains the information about an entity and the entity’s public key.
As cybersecurity professionals, how do you view and do you purchase IoT / “smart” devices when these are notoriously insecure, unpatched, and are the easiest method of adding zombies into a botnet for an attacker to control with a c2 server and enact a DoS attack?
Hi Antonio,
For me, it’s a tradeoff of an additional potential attack vector vs convenience When I hook up a smart light switch in my house, I make sure to change the default password to something strong and unique. Ideally, you’d also do regular firmware updates and make sure someone can’t use the light switch as a stepping stone into your network. I would be hesitant to install locks and garage openers that are connected to the internet, as a vulnerability in those could grant access to the house.
What mitigation steps can be taken once identified the DDoS attack?
Hi Vraj,
In the article we read for this week, there are any many mitigation steps an organization can take once a DDoS attack is identified. One being, to identify statistical patterns and being able to compare the same with live traffic. Another way is to set up dummy servers with maximum vulnerabilities that are exposed to the hackers as legitimate servers, known as the honeypot. Additionally, aggressive catching can be utilized. Aggressive catching are webpages stored as a separate HTML files and when users request these pages, the HTML files are presented to them instead of the time/CPU resource consuming database quires. This enables the servers to handle more requests/per second and hence the smaller DDoS attacks can be fended off.
How long do DDoS attacks last and what are the different types?
Do you think it is easier to stop/prevent DDoS attacks that occur on cloud environments or an on-prem environment/hybrid model?
Hey Dhaval, I believe one of the best ways to mitigate DDoS attacks is to enable auto-scaling within the server and to load-balance and direct traffic as needed as new instances come online to deal with the incoming traffic. I believe this can be best done on cloud environments as typically additional scaling can be provided as needed, then the company can pay later.
How do the security goals of a network differ from the typical CIA triad used for most information types?
What are the 5 essential characteristics of a cloud computing environment?
What are the disadvantages of cloud computing and how can they be prevented?
As an Information Technology Auditor, what would be the most critical risks to identify for mitigation when auditing a Cloud Service Provider (CSP).
Hi Olayinka,
I would think that auditing a CSP is one of the hardest and most thorough audits that an IT auditor would have to conduct. Cloud service providers even service some government agencies, which would be (in my opinion) some of the most nerve racking systems to audit, so CSP’s are just as critical.
I think that the largest critical risks to identify would be within the Saas and PaaS services, because the IaaS service leaves more responsibility for the purchaser of the service in regards to security (but could still could have critical flaws). The most critical risks to identify for mitigation would be within the most widespread services – for example, O365 (there was a huge Outlook breach in which over 20,000 organizations were affected (https://venturebeat.com/2021/03/08/white-house-warns-of-active-threat-following-microsoft-outlook-breach/)), Salesforce, and many more.
TLDR: The most critical risks to identify would be the ones that could grant access to the most systems with the highest security categorizations.
-Mike
Would you guys also consider the Titan computing cluster from the case study to be a cloud? Is the phrase “computing cluster” a synonym for a cloud?
Hi Michael,
The Titan cluster was accessible via internet after submitting your login information. It included both databases to store your information and additional computational power for the scientists to use in their experiments. I would consider this a community cloud, as defined in the NIST 800 145 reading for this week.
Hi Madalyn,
I would consider it a cloud too. I think that in some cases, the word “cloud” is synonymous with the word “cluster”, but I did not want to overstep my knowledge and say that they are always synonyms. I am glad that you agree that the Titan cluster was a cloud. Thanks for your response!
-Mike