A Short Guide to Written Exam Page11 Cloud Computing

Cloud Computing

Define cloud computing? What is the benefit of cloud computing?

[Bangladesh Land Port Authority -2018]

What is cloud computing? How does it work?

[Engineering College Lecturer -2017]

What is Cloud Computing?

Cloud Computing can be defined as delivering computing power ( CPU, RAM, Network Speeds,
Storage OS software) a service over a network (usually on the internet) rather than physically
having the computing resources at the customer location.

Example: AWS, Azure, Google Cloud etc

Let’s learn Cloud computing with an example

Whenever you travel through a bus or train, you take a ticket for your destination and hold back
to your seat till you reach your destination. Likewise other passengers also takes ticket and travel
in the same bus with you and it hardly bothers you where they go. When your stop comes you get
off the bus thanking the driver. Cloud computing is just like that bus, carrying data and
information for different users and allows to use its service with minimal cost.
Benefits of Cloud Computing
The potential for cost saving is the major reason of cloud services adoption by many
organizations. Cloud computing gives the freedom to use services as per the requirement and pay
only for what you use. Due to cloud computing it has become possible to run IT operations as an
outsourced unit without much in-house resources.

What are the benefits of cloud computing?

 Lower IT infrastructure and computer costs for users

 Improved performance
 Fewer Maintenance issues
 Instant software updates
 Improved compatibility between Operating systems
 Backup and recovery
 Performance and Scalability
 Increased storage capacity
A Short Guide to Written Exam Page22 Cloud Computing
 Increase data safety

What are the Types of Cloud Computing?

There are four different cloud models that you can subscribe according to business needs:

 Private Cloud: Here, computing resources are deployed for one particular
organization. This method is more used for intra-business interactions. Where the
computing resources can be governed, owned and operated by the same organization.
 Community Cloud: Here, computing resources are provided for a community and
organizations.
 Public Cloud: This type of cloud is used usually for B2C (Business to Consumer) type
interactions. Here the computing resource is owned, governed and operated by
government, an academic or business organization.
 Hybrid Cloud: This type of cloud can be used for both type of interactions - B2B
(Business to Business) and B2C (Business to Consumer). This deployment method is
called hybrid cloud as the computing resources are bound together by different clouds.

What are the Cloud Computing Services? [important]

The three major Cloud Computing Offerings are

 Software as a Service (SaaS)

 Platform as a Service (PaaS)
 Infrastructure as a Service (IaaS)

Different business use some or all of these components according to their requirement.

INFRASTRUCTURE-AS-A-SERVICE (IaaS)
IaaS provides access to fundamental resources such as physical machines, virtual machines,
virtual storage, etc.
PLATFORM-AS-A-SERVICE (PaaS)
PaaS provides the runtime environment for applications, development and deployment tools, etc.

SOFTWARE-AS-A-SERVICE (SaaS)
SaaS model allows using software applications as a service to end-users.
Details about SaaS, PaaS,IaaS

SaaS (Software as a Service)

SaaS or software as a service is a software distribution model in which applications are hosted by
a vendor or service provider and made available to customers over a network (internet). SaaS is
A Short Guide to Written Exam Page33 Cloud Computing
becoming an increasingly prevalent delivery model as underlying technologies that
supports Service Oriented Architecture (SOA) or Web Services. Through internet this service is
available to users anywhere in the world.

Traditionaly, software application needed to be purchased upfront &then installed it onto your
computer. SaaS users on the other hand, instead of purchasing the software subscribes to it,
usually on monthly basisvia internet.

Anyone who needs an access to a particular piece of software can be subscribe as a user, whether
it is one or two people or every thousands of employees in a corporation. SaaS is compatible with
all internet enabled devices.

Many important tasks like accounting, sales, invoicing and planning all can be performed using
SaaS.

PaaS (Platform as a Service)

Platform as a service, is referred as PaaS, it provides a platform and environment to allow

developers to build applications and services. This service is hosted in the cloud and accessed by
the users via internet.

To understand in a simple terms, let compare this with painting a picture, where you are provided
with paint colors, different paint brushes and paper by your school teacher and you just have to
draw a beautiful picture using those tools.

PaaS services are constantly updated & new features added. Software developers, web developers
and business can benefit from PaaS. It provides platform to support application development. It
includes software support and management services, storage, networking, deploying, testing,
collaborating, hosting and maintaining applications.

IaaS (Infrastructure as a Service)

IaaS (Infrastructure As A Service) is one of the fundamental service model of cloud computing
alongside PaaS( Platform as a Service). It provides access to computing resources in a virtualized
environment “the cloud” on internet. It provides computing infrastructure like virtual server
space, network connections, bandwidth, load balancers and IP addresses. The pool of hardware
resource is extracted from multiple servers and networks usually distributed across numerous data
centers. This provides redundancy and reliability to IaaS.

IaaS(Infrastructure as a service) is a complete package for computing. For small scale businesses
who are looking for cutting cost on IT infrastructure, IaaS is one of the solutions. Annually a lot
of money is spent in maintenance and buying new components like hard-drives, network
A Short Guide to Written Exam Page44 Cloud Computing
connections, and external storage device etc. which a business owner could have saved for other
expenses by using IaaS.

Advantages of Cloud Computing

Here, are important benefits for using Cloud computing in your

Cost Savings

Cost saving is the biggest benefit of cloud computing. It helps you to save substantial capital cost
as it does not need any physical hardware investments. Also, you do not need trained personnel to
maintain the hardware. The buying and managing of equipment is done by the cloud service
provider.

Strategic edge

Cloud computing offers a competitive edge over your competitors. It helps you to access the
latest and applications any time without spending your time and money on installations.

High Speed

Cloud computing allows you to deploy your service quickly in fewer clicks. This faster
deployment allows you to get the resources required for your system within fewer minutes.

Back-up and restore data

Once the data is stored in a Cloud, it is easier to get the back-up and recovery of that, which is
otherwise very time taking process on-premise.

Automatic Software Integration

In the cloud, software integration is something that occurs automatically. Therefore, you don't
need to take additional efforts to customize and integrate your applications as per your
preferences.

Reliability

Reliability is one of the biggest pluses of cloud computing. You can always get instantly updated
about the changes.

Mobility
A Short Guide to Written Exam Page55 Cloud Computing
Employees who are working on the premises or at the remote locations can easily access all the
could services. All they need is Internet connectivity.

Unlimited storage capacity

The cloud offers almost limitless storage capacity. At any time you can quickly expand your
storage capacity with very nominal monthly fees.

Collaboration
The cloud computing platform helps employees who are located in different geographies to
collaborate in a highly convenient and secure manner.
Quick Deployment
Last but not least, cloud computing gives you the advantage of rapid deployment. So, when you
decide to use the cloud, your entire system can be fully functional in very few minutes. Although,
the amount of time taken depends on what kind of technologies are used in your business.
What are the Disadvantages of Cloud Computing?
Performance Can Vary
When you are working in a cloud environment, your application is running on the server which
simultaneously provides resources to other businesses. Any greedy behavior or DDOS attack on
your tenant could affect the performance of your shared resource.
Technical Issues
Cloud technology is always prone to an outage and other technical issues. Even, the best cloud
service provider companies may face this type of trouble despite maintaining high standards of
maintenance.
Security Threat in the Cloud
Another drawback while working with cloud computing services is security risk. Before adopting
cloud technology, you should be well aware of the fact that you will be sharing all your
company's sensitive information to a third-party cloud computing service provider. Hackers
might access this information.
Downtime
Downtime should also be considered while working with cloud computing. That's because your
cloud provider may face power loss, low internet connectivity, service maintenance, etc.
Internet Connectivity
Good Internet connectivity is a must in cloud computing. You can't access cloud without an
internet connection. Moreover, you don't have any other way to gather data from the cloud.
Lower Bandwidth
Many cloud storage service providers limit bandwidth usage of their users. So, in case if your
organization surpasses the given allowance, the additional charges could be significantly costly
Lacks of Support
A Short Guide to Written Exam Page66 Cloud Computing
Cloud Computing companies fail to provide proper support to the customers. Moreover, they
want their user to depend on FAQs or online help, which can be a tedious job for non-technical
persons.
Conclusion:
Despite all the pro and cons, we can't deny the fact that Cloud Computing is the fastest growing
part of network-based computing. It offers a great advantage to customers of all sizes: simple
users, developers, enterprises and all types of organizations. So, this technology here to stay for a
long time.

NETWORK SECURITY BASICS

It is necessary to define some fundamental terms relating to network security and are the elements
used to measure the security of a network. These terms are used to measure the security of a
network. To be considered sufficiently advanced along the spectrum of security, a system must
adequately address identification, integrity, accountability, non-repudiation, authentication,
availability, confidentiality, each of which is defined in the following sections:
What are the Principal of Security
 Identification
 Confidentiality
 Authentication
 Integrity
 Non-repudiation
 Availability
 Reliability
 Accountability
 Access Control (Authorization)

Identification
Identification is simply the process of identifying one's self to another entity or determining the
identity of the individual or entity, with whom you are communicating.
Authentication
Authentication serves as proof that you are who you say you are or what you claim to be.
Authentication is critical if there is to be any trust between parties. Authentication is required
when communicating over a network or logging into a network. When communicating over a
network you should ask yourself two questions.
 With whom am I communicating?
 Why do I believe this person or entity is who he claims to be?

Access Control (Authorization)

A Short Guide to Written Exam Page77 Cloud Computing
This refers to the ability to control the level of access that individuals or entities have to a
network or system and how much information they can receive. Level of authorization basically
determines what you're allowed to do once you are authenticated and allowed access to a
network, system or some other resources such as data or information. Access control is the
determination of the level of authorization to a system, a network of information.
Availability
This refers to whether the network, system, hardware and software are reliable and can recover
quickly and completely in the event of an interruption in service. Ideally, these elements should
not be susceptible to denial of service attacks.
Confidentiality
This is also called privacy or secrecy to the protection of information from unauthorized
disclosure. Usually achieved either by restricting access to the information or by encrypting the
information so that it is not meaningful to unauthorized individuals or entities.
Integrity
This can be thought of as accuracy, this refers to the ability to protect information, data, or
transmissions from unauthorized, uncontrolled or accidental alterations.
Accountability
This refers to the ability to track or audit what an individual or entity is doing on a network or
system.
Non-repudiation
The ability to prevent individuals or entities from denying (repudiation) that information, data or
files were sent or received or that information or files were accessed or altered, when in fact they
were.This capability is crucial in e-commerce, without if an individual or entity can deny that he,
she or it is responsible for a transection and that he, she or it is, therefore, not financially liable.

I’m Alice. See, here’s my certificate

Alice Bob
Threats
A threat is anything that can disrupt the operation, functioning, integrity, or availability of a
network or system. This can take any form and can be malevolent, accidental, or simply an act of
nature.
Vulnerabilities
Vulnerability is an inherent weakness in the design, configuration, implementation, or
management of a network or system that renders it susceptible to a threat. Vulnerabilities
are what make networks susceptible to information loss and downtime. Every network and
system has some kind of vulnerability.
A Short Guide to Written Exam Page88 Cloud Computing
Attacks: The X.800 Threat Model

Item Figure
Destruction (an attack on availability):
 Destruction of information and/or
network resources
Corruption (an attack on integrity) :
 Unauthorized tampering with an asset

Removal (an attack on availability) :

 Theft, removal or loss of information
and/or other resources

Disclosure (an attack on confidentiality) :

 Unauthorized access to an asset.

Interruption (an attack on confidentiality) :

 Network becomes unavailable or
unusable.

Security Attacks (Stallings)

A Short Guide to Written Exam Page99 Cloud Computing

Source Destination

Normal flow

Destination
Source
Destination
Source

Interruption Third-party

Interception

Source Destination Destination

Source

Third-party
Third-party

Modification
Fabrication

Write down the some Threats (or Perils)?

Threats (or perils) are things which may cause loss to information assets. Examples of threats that
pertain to the Internet and other networks include the following.
 Tapping
 The interception of data by a third party with malicious intent.
 Falsification
 The fraudulent rewriting of information in e-mail or web pages.
 Spoofing
 The performance of fraudulent actions by impersonating another person (e.g.,
authorized user)
 Theft
 The theft of files or data by a third party with malicious intent
 Destruction
 The fraudulent destruction or erasure of files or data
 Threats are classified into three types as follows:
 Personal threat
 This is the type of threat that is caused by human behavior (with or
without malicious intent).
 Technological threat
 This is the type of threat in which a third party with malicious intent uses
computer technology to make attacks.
 Physical threat
A Short Guide to Written Exam Page10 10 Cloud Computing
 This is the type of threat against equipment itself or against the buildings
in which equipment is located.
Personal threats
 Information leakage

 This is the leakage of information to a third party. It includes intentional leakage

with the aim of receiving payment for information provision, and unintentional
leakage of important information accidentally overheard by a third party. In
addition, information in discarded equipment may be restored and leaked if not
physically deleted (i.e., destroyed).
 Loss / Theft / Damage
 This means that IT devices, such as PCs and USB memory, where information is
stored are left behind, stolen, or destroyed during use.

 Error / Incorrect operation

 This is data erasure or such other error that is caused by wrong operation. It
includes the leakage of important information through mistaken entry of recipient
e-mail addresses.
 Social engineering
 This is the act of stealing information through every day and common means.

 Trashing (scavenging, dumpster diving)

 This is the act of stealing important information from memos thrown away in the
garbage bin, data left in memory or cache, etc. It is also used as a method of foot
printing for prior collection of information about the target of attacks.
 Spoofing
 This is the impersonation of a person by a third party. The spoofed may pretend
to be a customer or a supervisor in order to ask for PINs (PIN Numbers) or
passwords.
 Peeping
 This is the act of sneaking a peek at keyboard operation of a person who is
entering a password, or classified information displayed on another person’s
screen. In particular, the act of sneaking a peek at information over a person’s
shoulder is called shoulder hacking.
 Cracking
 This is the act of intruding into another person’s PC with malicious intent, to
steal or destroy data. A person who engages in cracking is called a cracker. Note
that the software package used by a cracker after unauthorized intrusion is called
a rootkit,and the path installed to facilitate later intrusion is called a back door.
 Targeted attack
A Short Guide to Written Exam Page1111 Cloud Computing
 This is the act of attacking a specific organization or person as a target. Since
humans select the target of the attack, this is classified as a personal threat.
However, the attack method itself is primarily classified as a technological threat.

Technological threats

 DoS attack (Denial of Service)

 This is an attack that sends a large amount of data continually to the target server
to place an excessive load on the server’s CPU and memory, and thereby
obstructs service. In addition, there is also a DDoS (Distributed DoS) attack in
which malicious programs used for targeted attacks are used to attack the single
target all at once from multiple PCs.
 Key logger

 This is an attack that uses the mechanism (e.g., software) that records keyboard
input,and fraudulently acquires information (e.g., password) entered by another
person.
 Click jacking
 This is an attack that sets up a web page with some sort of function that causes a
user’s click to execute operations not intended by the user.
 Phishing
 This is an attack that leads a user to a fake website through means such as e-mail
pretending to be sent from a real company (e.g., financial institution), and
defrauds the user of the credit card number, a bank account number, a PIN, and
other personal information.
 Cache poisoning
 This is an attack that fraudulently overwrites cache information. In particular,
DNS cache poisoning, which overwrites DNS cache, is used to lead users to fake
websites for phishing.
 IP spoofing
 This is an attack that sends packets to another party with the source IP address
disguised. This is used in actions including leading users to fake websites for
phishing.
 XSS (Cross Site Scripting)
 This is an attack where a vulnerable target website is used as a stepping stone; a
malicious script is sent to a user who is accessing the target website, and then
executed on the user’s browser to enable the theft of information.
 CSRF (Cross Site Request Forgery)
 This is an attack which, when a user is logged in to a website and then accesses
another website that has a trap installed, causes a malicious request to be sent to
and executed by the logged-in website in the guise of a request from the user
(i.e., as a forgery).

 Session hijacking
A Short Guide to Written Exam Page1212 Cloud Computing
 This is an attack that takes over a session (i.e., a series of communications
between specified parties) during communication between correctly authorized
users.
 Directory traversal
 This is an attack that accesses normally undisclosed directories (or files) by
appending “../ ” to file names, to traverse upward through directories.
 Drive-by download
 This is an attack that causes a user to download a malicious program, without
permission during website browsing.
 SQL injection
 This is an attack that falsely modifies a database or fraudulently obtains
information by providing part of an SQL statement as a parameter to a program
(CGI program) in the website that is linked to the database.
 Side channel attack
 This is an attack that obtains confidential information by measuring and
analyzing some additional information (i.e., side channel information), such as
the electric power consumption or radiated electromagnetic waves of active IC
chips.
 Zero-day attack
 This is an attack that takes advantage of vulnerability in software before fix for
the vulnerability can be released by the software vendor.
 Password cracking
 This is an attack that fraudulently decodes or otherwise obtains the password of a
true user.
 Dictionary attack
 This is a method that uses a file (i.e., a dictionary file) that contains character
strings likely to be used as passwords, to try such words in sequence.
 Brute force attack
 This is a brute-force method that attempts every combination of characters. It is
used as an attack method of performing the exhaustive search for a decryption
key.
 Third-party relay
 This is an attack that abuses a freely usable server (e.g., mail server) as a
“steppingstone” to transmit e-mail and other data.
 Gumblar
 This is an attack that falsifies the website of a famous company or public
institution, and infects the computer of a user who is browsing the falsified
website with a computer virus.
 Buffer overflow

 This is an attack that continually sends long character strings or such other data
to flood the memory area (i.e., buffer) secured by a program, for the purpose of
seizing access privileges to the program and creating malfunctions.
A Short Guide to Written Exam Page13 13 Cloud Computing
 The following computer crimes are also said to be types of technological threats.

 Salami technique (Salami slicing)

 This is a method of repeatedly stealing assets little by little so that they are negligibly
small when taken as a whole. An example is a technique that collects money from a
bank account into another account, in fractions of less than one yen.
 One-click fraud
 This is a type of fraudulent act; for example, clicking an image or link on
matchmaking or adult websites causes an unfair fee to be charged.
 Phishing fraud
 This is a general name for the act of phishing, or for fraudulent acts committed using
information obtained illicitly through phishing.
Physical threats
 Disaster
 This means that equipment or buildings are made unusable, or equipment itself is
lost, due to a natural disaster (e.g., earthquake, flood) or a human disaster (e.g., fire).
 Destruction
 This means that equipment or buildings are made unusable, due to sabotage or
destructive acts by a third party with malicious intent.
 Accident / failure
 This means that equipment or buildings are made unusable, due to unforeseen
accidents or failures.
 Unauthorized intrusion
 This means that unauthorized persons intrude into buildings or rooms in which
equipment is located.
 Vulnerabilities (or Hazards)
 Vulnerabilities (or hazards) are weaknesses or flaws that are exploited by threats,
becoming the cause of even greater threats. A variety of vulnerabilities in equipment,
technologies, management, and many other areas cause problems.
 Security hole
 This is a vulnerability of software or systems that is caused software design flaws,
bugs, etc.
 Man-made vulnerability
 This is a vulnerability that is caused by human behavior, due to lack of enforcement
or preparation of a code of conduct for companies, organizations, and people.

Malicious software

Malicious software, commonly known as malware, is any software that brings harm to a
computer system. Malware can be in the form of worms, viruses, trojans, spyware, adware and
root kits etc, which steal protected data, delete documents or add software not approved by a user.
A Short Guide to Written Exam Page14
14 Cloud Computing
Malicious Program

Need host Program Independent

Worm Zombie
Trapdoor Logic Bombs Trojan horse Virus

Fraudulent programs (i.e., malware) created with malicious intent are also classified as
Replicate
technological threats. The following are typical examples of malware.

Trapdoor
 Trap Door is a type of security breach where the designer of a program or a system leaves
a hole in the software that only he is capable of using.
 A Trap Door is a secret entry point into a program that allows someone to gain access
without normal methods of access authentication.
Trojan horse
 A Trojan horse is a program that appears harmless, but is, in fact, malicious. The term
comes from Greek mythology about the Trojan War. Trojans may allow an attacker to
access users' personal information such as banking information, passwords, or personal
identity (IP address). It can infect other devices connected to the network. Ransom ware
attacks are often carried out using a Trojan.
 A Trojan horse is a code segment that misuses its environment.
A Trojan may give a hacker remote access to a targeted computer system. Operations that could
be performed by a hacker on a targeted computer system may include-
 Use of the machine as part of a botnet (e.g. to perform automated spamming or to
distribute Denial-of-Service attacks)
 Electronic Money theft
 Data Theft(e.g. retrieving passwords or credit card information)
 Installation of software, including third-party malware
 Downloading or uploading of files on the user's computer
 Modification deletion of files
 Crashing the Computer
 Anonym zing Internet Viewing

Logic bomb
A Short Guide to Written Exam Page1515 Cloud Computing
A logic bomb is a piece of code intentionally inserted into a software system that will set off a
malicious function when specified conditions are met. For example, a programmer may hide a
piece of code that starts deleting files (such as a salary database trigger), should they ever be
terminated from the company.

Computer virus
Computer Viruses a computer virus is defined as “a program that is created to intentionally cause
some form of damage to third parties’ programs or databases, and that has one or more of the
following functions.
 Self-infecting function: Viruses make copies of themselves to infect other systems.
 Concealment function: Viruses do not reveal symptoms until the onset of their
action.
 Onset function: Viruses perform actions not intended by designers, such as
destruction of data.

Virus Phases
1. Dormant phase: The virus is idle.
2. Propagation Phase: The virus places an identical copy of itself into other programs.
3. Triggering Phase: The virus is activated to perform the function for which it was
intended.
4. Execution Phase: The function is performed.
However, in general at present, file-infecting viruses that infect specific files are called computer
viruses (in a narrow sense).

 Boot sector virus: This virus infects the boot sector (i.e., the system area that contains
the boot program) that is read before an OS starts up.
 Program file virus: This virus infects the executable program files such as applications.
 Interpreter virus: This virus infects non-executable files, such as data files, other than
program files. It includes two types of viruses: a macro virus that infects through the
macro functions of application software, and a script virus that infects through a scripting
language like JavaScript or VB Script.

Worm
A worm proliferates by duplicating itself on other computers through networks, without the need
for a program to be infected. It often spreads a copy of itself automatically as an e-mail
attachment file, or uses networks to continue spreading infection.

Bot
This is a program that is created for the purpose of controlling infected computers from outside
via networks (e.g., the Internet).

Spyware
A Short Guide to Written
ten Ex
Exam Page16
16 Cloud
loud Computing
C
This is a program that illicitly
icitly oobtains a user’s information, such as personal
al information
info and
access histories, and automaticall
atically sends such information to another party other
er than the user.
Zombie
A zombie is a computer conne
connected to the Internet that has been compromisedised by a hacker,
computer virus or Trojan horse program and can be used to perform malicious tasks
ks of
o one sort or
another under remote direction.
ction. Botnets of zombie computers are often used d to spread
s e-mail
spam and launch denial-of-servic
service attacks (DOS attacks).

DoS vs DDos attack

 Denial of service (DOS (DOS): when a single host attacks. Denial of service attacks are
designed to shut down
own oor render inoperable a system or network. The goal of o the denial-
of-service attack iss not tto gain access or information but to make a network
netwo or system
unavailable for usee by oother users. It is called denial-of-service attack,
k, because
bec the end
result is to deny legitimat
gitimate users access to network services.
 DDoS: when multiple iple ho
hosts attacks simultaneously

Differenc between Dos and

d Ddo
Ddos attack
No Dos DDos
1. Attack launched by a singl
single machine. Attack launched by many machine
achines, also
called a botnet
2. Can be stopped relatively
tively eeasily with the Can be a real headache to prevent
revent.
right security.
3. Low threat level, as these wwill rarely be Medium to high threat level,
l, as these
th can be
used to cover a breach
ch atte
attempt. used to do some serious damage
age to networks
and even systems.
4. No malware involved. A botnet is usually made up oof thousands
th
of infected pc’s.
A Short Guide to Written Exam Page17
17 Cloud Computing

Root kit
 A root kit is a collection of computer software, typically malicious, designed to enable
access to a computer or areas of its software that is not otherwise allowed (for example, to
an unauthorized user) and often masks its existence or the existence of other software. The
term rootkit is a concatenation of root (the traditional name of the privileged account on
Unix-like operating systems) and the word kit (which refers to the software components
that implement the tool). The term rootkit has negative connotations through its
association with malware.
 Rootkit installation can be automated, or an attacker can install it after having obtained
root or Administrator access. Obtaining this access is a result of direct attack on a system,
i.e. exploiting a known vulnerability (such as privilege escalation) or a password (obtained
by cracking or social engineering tactics like phishing). Once installed, it becomes
possible to hide the intrusion as well as to maintain privileged access. The key is the root
or administrator access. Full control over a system means that existing software can be
modified, including software that might otherwise be used to detect or circumvent it.
 Rootkit detection is difficult because a rootkit may be able to subvert the software that is
intended to find it. Detection methods include using an alternative and trusted operating
system, behavioral-based methods, signature scanning, difference scanning, and memory
dump analysis. Removal can be complicated or practically impossible, especially in cases
where the rootkit resides in the kernel; reinstallation of the operating system may be the
only available solution to the problem. When dealing with firmware rootkits, removal may
require hardware replacement, or specialized equipment.

Ransomware
 Ransomware is a form of malicious software (or malware) that, once it's taken over your
computer, threatens you with harm, usually by denying you access to your data. The
attacker demands a ransom from the victim, promising not always truthfully to restore
access to the data upon payment.
 Users are shown instructions for how to pay a fee to get the decryption key. The costs can
range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
How Ransom ware works.

There are a number of vectors ransom ware can take to access a computer. One of the most
common delivery systems is phishing spam — attachments that come to the victim in an email,
masquerading as a file they should trust. Once they're downloaded and opened, they can take over
the victim's computer, especially if they have built-in social engineering tools that trick users into
allowing administrative access. Some other, more aggressive forms of ransom ware, like Not
Petya, exploit security holes to infect computers without needing to trick users.
Session Hijacking
A Short Guide to Written Exam Page1818 Cloud Computing
 Whenever a new session is created a cookie is generated for that user , this cookie
becomes the session ID , so all the request can serve using that session ID.

 If somehow a hacker can sniff or steal the session id he can forge the request as a valid
user (i.e impersonate as you).

Authentic Request
Server
Hijacking session ID

Innocent User
Impersonate Request

Black hat Hacker

Phishing.

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit
card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy
entity in an electronic communication.
Phishing types
1. Spear phishing
2. Clone phishing
3. Whaling
Others Security Category
 Related security categories
 Cyber warfare
 Computer security
 Mobile security
 Network security
 Internet security
 Threats
 Computer crime
 Vulnerability
 Eavesdropping
 Exploits
 Trojans
 Viruses and worms
 Denial of service
 Malware
 Payloads
 Rootkits
 Key loggers
A Short Guide to Written Exam Page19
19 Cloud Computing
 Defenses
 Computer access control
 Application security
 Antivirus software
 Secure coding
 Security by design
 Secure operating systems
 Authentication
 Multi-factor authentication
 Authorization
 Data-centric security
 Firewall (computing)
 Intrusion detection system
 Intrusion prevention system
 Mobile secure gateway
Types of Attacks
Networks are subject to attacks from malicious sources.
1. Attacks
2. Passive
An active attack is an attempt to change data or alter the functioning of a system.
A passive attack is an attempt to obtain or make use of information.
Active Attack Passive Attack
Access and modify information Access information
System is harmed No harm to system
Easy to detect than prevent Difficult to detect than prevent
Threat to integrity and availability Threat to confidentiality
Masquerading ,Repudiation and DOS Snooping and Traffic analysis.