Essay: Public cloud services

‘ A public cloud provided ‘as a service’ to store the data of the applications data in cloud servers
‘ The client doesn’t have any control over the services which are hosted in the cloud
‘ The main infrastructure is shared with many organizations , but each organizations data has been separated technically so that only authorized users can only access.
‘ Public cloud services reduces the complexity and long lead times in testing the projects and deploying the new applications .
‘ Where as it is very cheaper and very cost effective for the organizations .
‘ Private cloud services is also called as internal cloud or enterprise cloud
‘ It is called as enterprise cloud because the cloud computing infrastructure would be hosted in the private network or in the customer data center.
‘ Private cloud services are dedicated completely for only one organization and is not shared with other organizations.
‘ Virtualization had become a very good best technology for the organizations to open their own private cloud.
‘ This technology helps business by saving lot of expenses by leveraging their own existing hardware infrastructure and there is no need to purchase the new equipment same as the public cloud
‘ The main difference in public private is , private cloud resides at the client locations and it give more control for client on the infrastructure.
‘ It is also known that private cloud offers on demand capability where as any other services cannot be added as quickly.
‘ Public cloud mainly works on Pay-as-you-go model , where it would be a economical way for the small startups .
‘ Public cloud doesn’t have any contract to use the server
‘ The hardware would be shared by multiple users .
‘ With a high data and can be run over with out any traffic issues at any event .
‘ Private cloud servers are manly in own organization there wont be any security issues of accessing by other clients .
‘ When it compares with public cloud HIPAA compliance can be achieved by the private cloud , because the hardware and configuration would be dedicated .
‘ As we are in private cloud the hardware , network and storage capacity would be customized .
‘ But private cloud computing is not as pay as you go they had to paid in advance .
While we consider about the network level security issues it is very important to distinguish between Public and Private clouds . When it compares with public cloud there is very less vulnerability in private cloud .
‘ while adopting the public cloud services , integrity of data and confidentiality has to be ensured.
‘ Changing to cloud can increases of the exposing exposing the data to the internet which is hosted In the private network this may increases the chances of leaking the data which has to be taken care .
‘ It could also be happen that security policies implemented in the cloud infrastructure would be outdated and that would result to accessing their personal data by other parties.
These networks are classified into many types which are like public networks or private networks , shared and unshared networks and each of the network would deals with many security issues ..
These are the reasons behind the organizations moving their secured cloud data and simply believing the private cloud .
‘ Domain Name Servers ( DNS ) attacks
‘ Sniffer attacks
‘ Issue of the IP Addresses in DNS
‘ Hijacking the prefix of the BGP
DNS Attack : DNS had performing the changing the domain name to make it easier to remind, there are many cases that server has been called by the name and the user would get routed to the malicious services, therefore DNSSEC had reduced and being reducing many cases but still there are many threats .
Sniffer Attacks : Sniffer tools are some kind of applications which can capture the packets while it is flowing in to networks , while in some cases the data doesn’t get transferred by this packets its doesn’t get encrypted , so the data can be read , there are some chances the information can get traced and recorded .
Issue of the IP Addresses in DNS: Every node of an IP address had has to be assigned is been limited , so large number of IP address has been reused by many other users , when one user move out of the network , his IP address has been associated to new user , these cases risk the security of new user and there many be a too much time lagging in changing the IP address in DNS .
Hijacking the prefix of the BGP : Prefix hijacking is verity type network attack which is done by the wrong notification of IP address (AS) automatic System , Whereas the malware network get accessed with the untraceable IP address . The autonomous system can broadcast everything to its neighbors .
‘ An organization which to the usages and resources which are provided by the software and hardware applications , so that hackers cannot get control over the applications and doesn’t make any changes in the content .
‘ With he development in the technology the system security would be breached and have been accessed by the trusted user.
In the older methods to deal with the security level of issues , there was developed and device ASIC .it was seen that more the website is secured at network level than the application level because it might have some loopholes and can access the information to unknown users .
‘ There quite many threats which were referred by the application level
‘ Too many security concerns by the hypervisor
‘ XSS attacks
‘ Poisoning of the cookies
‘ Manipulation of the hidden field
‘ Backdoor options and Debug options
‘ DOS Attacks
‘ CAPTCHA Modifying
‘ Google Hacking
Too many security concerns by the hypervisor : Hypervisor is nothing but virtual machine controlling , While running too many systems on single hardware chances of getting the attacks would be in high and it would be difficult to secure all the operating systems .
XSS Attacks : XSS services are also called denial of services (DOS ) this could happen when too many requests are made to one service it would show unavailable to authorized users .
Poisoning of the cookies :This type of threat is nothing but our browsing cookies could be accessible by changing the content in cookies to have an unauthorized access to website , this could be done by regular cleaning of cookies
Manipulation of the hidden field : While accessing the website there are many fields which are hidden page related information which are used by the developers , but hackers attack them and change the content .
‘ These type of issues which involve with system and network applications and attacks which are easier to move to cloud . Many cloud providers react with these type of issues and these type of security measure have to measure and to be tested in the average company . Where as the technology which has to enabling the service use if (SAAS) which would relives the user from support and maintains of the software as the user will be using the web 2.0 which has been increasing the leaps where the security had become lot of concern..
‘ SQL attacks : in this a malware code which is entered in to the SQL code , and been hacked where the unauthorized access would be happen and enter in to the data base , where the sensitive information would be accessed .
‘ Attacks by the XSS scripting : In this the same malware code is injected in the web scripts ..
‘ Man in middle : These type of attacks are made between the client and sender , they interfere in conversation to know the important data transferred .
SQL attacks : avoiding the usage of the generating the SQL codes dynamically could be the reason of SQL attacks
Attacks by XSS scripting : in this attack basically static websites do not affect by the attack but in case of dynamic websites , it get attacks because of the dynamically generating the content it get victimized by the XSS attacks .