Cloud
Cloud
Cloud
By
Aditya Chatterjee(A2305316011)
Abhishek Kapila(A2305316027)
MODULE 3
1. GUEST HOPPING.
2. VM MITIGATION ATTACK.
3. DATA LOSS PREVENTION.
VIRTUALIZATION
• Virtualization is the ability to run multiple operating systems on a single
physical system and share the underlying hardware resources*
• It is the process by which one computer hosts the appearance of many
computers.
• Virtualization is used to improve IT throughput and costs by using physical
resources as a pool from which virtual resources can be allocated.
• A Virtual machine (VM) is an isolated runtime environment (guest OS and
applications)
• Multiple virtual systems (VMs) can run on a single physical system
GUEST HOPPING
• Exploits vulnerabilities in hypervisors that attacks to
allows malware or remote attacks to compromise VM
separation protections and gain access t other VMs,
host or even the hypervisor itself.
• These attacks are often accomplished once attacker
has gained access to a low-value, thus secure, VM on
the host, which is then used as a launch point for
further attacks on the system.
• Some examples have or more compromised VMs in
collusion to enable a successful attack against
• Secured VMs or the hypervisor itself.
VM Migration Attack
• A challenge for any cloud installation is the
constant tradeoff of availability versus security.
In general, the more fluid your cloud system
(i.e., making virtualized resources available on
demand more quickly and easily), the more
your system becomes open to certain
cyberattacks.
• Spoofing: Man-in-the-middle attacks are well studied, and modern hypervisors should already utilize the proper
authentication protocols integrated within its migration process to prevent this class of attack. The most common variations
of Xen, for example, include public key infrastructure support for mutual authentication via certificate authorities or shared
keys to guard against MITM attacks.
• Thrashing: External DOS attacks are usually best addressed outside of the hypervisor, within the network infrastructure.
Systems that use orchestration software to automate VM migration for load balancing, or even defensive purposes, should
be configured to guard against DOS attacks as well.
• Smash and Grab: This attack attempts to disrupt the migration process at an opportune moment so that the VM state data
is corrupted or forced out of sync with the VM image at the source or destination server, rendering the VM either
temporarily or permanently disabled. A smash-and-grab attack could behave like DOS attack over the network, or could be
enacted by malware in the hypervisor.
• Bait and Switch: We can approach the bait-and-switch attack as a variation of the smash-and-grab attack, and the
mitigation of this threat is the same. For the bait-and-switch attack to succeed, a residual copy of the aborted VM
migration attempt must remain on the destination server.
DATA LOSS PREVENTION
Definition of Data Loss Prevention
Products that, based on central policies, identify, monitor, and protect data at
rest, in motion, and in use, through deep content analysis.
Data Loss Protection
Data Leak Prevention/Protection
Information Loss Prevention/Protection
Information Leak Prevention/Protection
Extrusion Prevention System
Content Monitoring and Filtering
Content Monitoring and Protection
DLP Background
• Three different levels
of DLP solution
Data in Motion
Data which uses
HTTP, FTP, IM, P2P
and SMTP
protocols are
mirrored in the
DLP server for
inspection where
visibility is
enhanced
Data at Rest
Data in file
servers,
databases, hosts
computers set for
file sharing, etc.
Data at End Points
Data which sits on
end user hosts
(workstations and
notebooks)
DLP SOLUTION
The Selection
Given that the business problem of to be able to exchange confidential information
securely and easily,
We believe that a DLP solution have the ability to address such need by identifying and
securing confidential data in a comprehensive and efficient manner as described in the
guidelines above,
We select Websense as a representative of such DLP solution which has met all criteria
mentioned above.
Websense
Global leader in integrated Web security, data security, and email security solutions.
Protects approximately 40 million employees at more than 40,000 organizations
worldwide
Core strength in Web filtering, discovery and classification of content
• Data Monitor
Monitors and
identifies what
customer data is at
risk; who is using
the data in real
time; and where
this data is going
Precise ID
technology
Module 5
1. Explore manufacturing processes in the cloud
2. AWS for manufacturing benefits
3. The Kellogg Company case study
1. Manufacturing processes in the AWS Cloud
• For more than 25 years, Amazon has designed and manufactured smart
products and distributed billions of products through its globally connected
distribution network using cutting edge automation, machine learning and
AI, and robotics, with AWS at its core.
• From product design to smart factory and smart products, AWS helps
leading manufacturers transform their manufacturing operations with the
most comprehensive and advanced set of cloud solutions available today,
while taking advantage of the highest level of security.
• AWS allows you to focus your resources on optimizing production, creating
new smart-product business opportunities, and improving operational
efficiencies across the value chain, not on the infrastructure to make it
happen.
Exploring the manufacturing processes