Five loopholes in cloud computing in the eyes of hackers

Cloud computing Services is a "leasing" mode of IT service delivery, let IT services like "tap water" or "electricity", pay-for-use, not only for the flexibility of business flow changes, but also to save their own construction, maintenance and other infrastructure costs, is the government public service, small and medium-sized business management, or the outsourcing business of large enterprises and other ideal choice.

According to NIST (American Institute of Information Technology), cloud computing services are divided into three delivery modes:

SaaS: Providing consumers with the ability to use carrier applications;

PaaS: Provides consumers with the ability to deploy applications on the cloud infrastructure;

IaaS: The ability to provide consumers with processing, storage, networking, and other basic computing resources.

Regardless of the service pattern, whether it is a public cloud or a private cloud, background resource virtualization, the user unified from the front access mode is the same.

The structure of cloud computing is modeled as follows: Users access to cloud computing via intelligent terminals, through the user traffic guide into the back of the "cloud" system, SaaS service using the services provided by the application software (such as Google search, Facebook social network, etc.), The PAAs service uses the user's own business processing software, IaaS service provides "bare" virtual machines (such as IDC leasing business, etc.); The support platform of service provider is the cloud computing service management platform, mainly the user identity management, business configuration, billing management, the core of business support is resource virtualization management platform, Responsible for the user's business specific processing, implementation, the bottom is the "real" data center, the actual management of "physical" equipment.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/

Cloud computing services to multiple users, involving user privacy data, as well as sensitive data within the business, are highly likely to be the focus of commercial hackers, and the ability to resist attacks around the world and round and round is a daunting task for cloud computing providers. The core of cloud computing is centralized management, which saves costs but also creates a concentration of value, which is valuable and naturally attracts more "followers".

Cloud computing is different from the traditional network structure, where hackers attack, where the service providers are defending, where is the security battlefield of cloud computing services? From the cloud model analysis, it is not difficult to see the future security of the "Five Battlefield":

1, user access to the Portal: Cloud computing services are provided through the network, users use fixed or mobile smart terminals to log on to the cloud services, access to the portal is the cloud computing Services Web site, is the only way for external visitors. This is the "gateway" to cloud computing, where users come in and attackers come in. The most vulnerable attacks here are as follows:

Password attack: Guess user password, impersonate user login, get user resources. Cloud computing generally does not open remote platform management functions, but for Paas/iaas, users remote management of their own platform is common, attack the manager password more attractive;

Forged "certificate": Multi-factor authentication, in addition to the password, there are digital certificates or fingerprints, iris, etc., to impersonate a user, you must "copy" these "documents". At the end of the collection of user-related information, imitation is relatively easy, such as bank cards, identity cards, etc.;

Phishing Website: This is the traditional way of attack, the target is the user's private information, cloud computing login interface and the site is very similar, be "fishing" attack is easy;

Information eavesdropping: Eavesdropping on the user's communications, such as deciphering the user's mailbox, you can copy the user's mail, monitor the user's business dealings;

DDoS attacks: This is for cloud service providers, can be divided into portal bandwidth attack and service capability attacks, the purpose is to cause the disruption of cloud computing services, and to coerce service providers compromise, pay protection fees.