Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Cloud Computing v.s. Cyber Security

5.129 Aufrufe

Veröffentlicht am

This presentation surveys relation between cloud computing and cyber security. Cloud computing is one of trends enabling technology in all areas of life. This includes cyber security. Presentation review relationship of cyber security and cloud in context of cyber defense and cyber offense. Last section is dedicated to experiment how easy it is to conduct cyber attack using cloud, completely anonymously.
Presentation was first given at NATO IST-125 Panel meeting, METU,Ankara TURKIYE 2015.06.11

Veröffentlicht in: Technologie
  • Have u ever tried external professional writing services like ⇒ www.WritePaper.info ⇐ ? I did and I am more than satisfied.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Hello! I have searched hard to find a reliable and best research paper writing service and finally i got a good option for my needs as ⇒ www.HelpWriting.net ⇐
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Follow the link, new dating source: ❤❤❤ http://bit.ly/2F7hN3u ❤❤❤
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Dating direct: ♥♥♥ http://bit.ly/2F7hN3u ♥♥♥
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • how can we reduce the cost and increase the use of cloud computing in other field too.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Cloud Computing v.s. Cyber Security

  1. 1. 11 Haziran 2015 Cloud Computing v.s. Cyber Security Bahtiyar BİRCAN TOBB-ETU bahtiyarb@gmail.com
  2. 2. Agenda Cloud Computing Definition Cloud Properties and Benefits Cloud Computing fo Cyber Defense Cloud Computing for Cyber Offense Case Study: Cloud Based Cyber Attack 2
  3. 3. Cloud Computing
  4. 4. Cloud Computing Definiton “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. ,networks, servers, storage,applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST Cloud computing refers to the on-demand provision of computational resources (data, software) via a computer network, rather than from a local computer. Wikipedia 4
  5. 5. • On-demand self-service • Dynamic Resource Allocation • Device / Location Independence • Distributed architecture • Scalable and Elastic • High Computing Power • High Bandwith • High Storage Capacity Cloud Characteristics 5
  6. 6. Cloud Computing Benefits 6
  7. 7. Cloud Models 7
  8. 8. Cloud for Cyber Defense
  9. 9. • DDoS Protection • Web Application Attack Prevention • Backup and Disaster Recovery • Vulnerability Scan • Penetration Testing & Security Audit • Log Managamenet / SIEM • Forensics as a Service Cloud Usage for Cyber Defense 9
  10. 10. DDoS Protection Cloud Based DDoS Protection Services • CloudFlare, Incapsula 10
  11. 11. Web Application Attack Prevention 11
  12. 12. Vulnerability Scanning 12
  13. 13. Vulnerability Scanning 13
  14. 14. Penetration Testing & Security Audit 14
  15. 15. Forensics as a Service 15
  16. 16. Cloud for Cyber Offense
  17. 17. Cloud for Cyber Offense Hacking as a Service • Cloud properties for criminals – Scalability, – Quick Deployment – Dynamic resource usage – High computing power – High bandwith • Cyber criminals adapted their tools and techniques for cloud computing • Unfortunately they are better at using cloud platforms 17
  18. 18. Cloud for Cyber Offense Cloud Usage in Cyber Offense • DDoS as a Service • Botnet as a Service • Malware as a Service • Password Cracking • BotClouds • C&C Servers • Warez as a Service 18
  19. 19. DDoS as a Service 19 Source: McAfee
  20. 20. Botnet as a Service 20Source: McAfee
  21. 21. Malware as a Service 21 Source: Solutionary
  22. 22. Password Cracking as a Service Password Cracking Experiment • Lentgth: 1-6 character • Algorithm: SHA1 • Method: Brute Force • Hardware: – Amazon cg1.4xlarge – 22 GB memory – 2 x Intel Xeon X5570, quad-core – 2 x NVIDIA Tesla M2050 GPUs – 1690 GB of instance storage • Crack time: 49 min • Price: 2100 $ 22
  23. 23. Password Cracking as a Service 23
  24. 24. Command & Control Servers 24
  25. 25. Case Study: Cloud Based Cyber Attack
  26. 26. • How easy it is to build cyber attack infrastructure at cloud? • Can we build it at no cost ? • Can we build it anonymously? Case Study: Cloud Based Cyber Attack 26
  27. 27. Get anonymous e-mail account Register to cloud provider Get free trial of cloud Linux image Install attack software on VM Register free DNS domain Start attack Large scale attack Attack Scenario 27
  28. 28. • Known e-mail providers: – Gmail, – Yahoo, – Yandex, – Mail.ru • One-time mail providers – Mailinator Attack Step 1: Get Anonymous E-mail 28
  29. 29. • Lots of cloud providers give free trial accounts – 1 week – 1 year trial – Amazon – Rackspace – Siemens Cloud Services – … Attack Step 2: Register to Cloud Provider 29
  30. 30. Attack Step 3: Get a Trial of Linux VM Image 30
  31. 31. Attack Step 4: Install Attack Software on VM 31
  32. 32. Attack Step 5: Register Free DNS Domain 32
  33. 33. Attack Step 6: Launch an Attack Possible Attacks • Denial of Service • Port Scanning • Vulnerability Scan • Exploitation • Pshishing Site • Malware Server • Password Cracking 33
  34. 34. Attack Step 7: Large Scale Attacks Creating 20 Cloud Bots • Script for creating 20 cloud bot servers 34
  35. 35. Attack Step 7: Large Scale Attacks Creating 1000 Cloud Bots • Script for creating 1000 cloud bot servers 35
  36. 36. Thanks Bahtiyar BİRCAN TOBB-ETU bahtiyarb@gmail.com

×