Cloud computing's rival denial of service attack (DDOS)

DDoS full name is distributed denial of service (distributed Denial-of-service Attack), many Dos attack sources together attack a server constitutes a DDoS attack, the first date of DDoS dating back to the 1996, in China in 2002 began to appear frequently, 2003 has begun to take shape. And the current cloud-denial service attack, the old-fashioned cyber-crime, is now a new threat to the data center's managers.

As more and more companies start using virtualized data centers and cloud services, there are new weaknesses in the enterprise infrastructure. At the same time, cloud-denial service attacks have also begun to turn into a technical attack on the underlying application from a violent attack that used a large number of data streams.

In cloud computing, companies need to worry about not just attacking their resources, but also the attacks on hosting tenants. Because with the popularity of many tenants, attacks against one company may affect other services that are not linked, but are also hosted by companies.

The topic we're talking about here is how cloud computing can defeat a rival's DDoS and say what you think.

The essence of the cloud

From the application point of view, cloud computing is not the revolution of technology, but the renewal of service mode, its essence is a unified centralized service delivery way. The transformation of the service and application delivery mode is fundamentally different from the centralized computing model in the early development of computing technology, and it is based on the full development of computing, network and business applications. Although cloud computing needs some new technology to support its implementation, it is fundamentally that cloud computing is not a technology but a model of service and application, and the change will be far-reaching. Even if it does not end up being as successful as many expect, it will have a significant impact on the future development of information technology.

The security of the cloud

Cloud security has been the focus of cloud computing security, which has been analyzed by many experts, academics and industry members from various perspectives. Of course, there are also many people think that the cloud security problem is not as serious as expected. As far as I am looking, the security of the cloud includes two aspects, one is the technical level of security, the other is the security of the social level. The technical aspects of security include: system security, data security, content security and use security, while more emphasis on system reliability, availability and security. From the distribution of security problems in cloud systems, cloud Security can include many problems such as infrastructure security, virtualization technology security, cloud storage security, cloud application security, etc. Technical security should be said to be not difficult to solve, I believe that the security problems in the cloud will not be more than all of our widely used operating systems. Social Security is actually the biggest challenge and the most insurmountable obstacle to cloud computing and cloud services. This includes whether the relevant laws and regulations of the Government are perfect, the related dispute arbitration and how the evidence is implemented, etc., which is essentially a test of the deeper social trust and credibility of the mechanism is mature. Lack of trust and trust cannot be effectively monitored and monitored will seriously affect the broad application and deployment of cloud computing.

Cloud Infrastructure security vulnerabilities

The security of cloud computing depends more on the cloud infrastructure. At the beginning of cloud computing, the cloud infrastructure, which was designed and developed directly from the bottom up, is still a handful, more of an approximate cloud infrastructure, meaning that most cloud infrastructures have no deep consideration of the needs and characteristics of applications and services. In this case, it should be said that there are some problems with the reliability and availability of the entire cloud computing infrastructure, including security, of course. Such systems are more vulnerable to attacks, not just the attacks and the way they exist in all existing network applications, but also the damage and damage caused by the lack of complete infrastructure and the use of more vulnerabilities and flaws. Addressing these security risks requires a greater focus on the overall system design of the cloud infrastructure and the introduction of targeted technologies and products to the necessary infrastructure and internal networks. One additional point to note is that, in the context of national security and interests, it is important that we have infrastructure technologies and products that are proprietary intellectual property.

Addressing cloud Virtualization security issues

Cloud Virtualization is an important tool for building a cloud infrastructure platform, and it is because of the importance of virtualization that its own security issues are the key to the cloud infrastructure platform. Virtualization can, to some extent, lead to a rise in some security features, such as a degree of segregation of user behavior. On the other hand, the risks it introduces are not negligible. Many traditional security protection products in the virtual environment will be lost, and once a virtual node is compromised, it will pose a fatal threat to the entire cloud infrastructure.

Cloud virtualization security issues to solve more rely on targeted security technology and products, this aspect of the future market demand is still very large.

Understanding Cloud computing Security Risks

The security risks faced by cloud computing can be analyzed in two ways: from the user's perspective, the security risks that users face when they use the cloud, and from the perspective of cloud providers, the security risks that cloud providers face in providing services.

From the user's point of view, in the cloud environment, the user for the application of the operation and the physical environment of data storage lacks the necessary management and control authority, the so-called security is entirely based on the cloud provider's trust, and the lack of monitoring and audit trust is often the least secure. Therefore, users must be fully aware of the inherent security risks of this service model of cloud computing, especially when the relevant laws and regulations are not yet well established and the third-party supervision has not been effectively set up, it is necessary to consider reaching a detailed binding contract with the cloud service provider.

From a cloud provider's point of view, you must address the user/data isolation failure risk, cloud service reliability, and availability risk. In addition, cloud providers must also address the risk of malicious users abusing Yu Yun. In order to avoid the above risk, the cloud provider must carry on the system, the comprehensive security reinforcement to the cloud, not only must in the network level, deploys the targeted security protection product in the cloud, needs from the system level, establishes the consummation Key management, the authority management, the authentication service and so on security mechanism. $ w/j (d:q4 A

Addressing cloud storage security risks

The main security risks that users face when using cloud storage include data leaks, data loss, and so on. Similar to cloud computing, cloud storage is also built on the shared architecture, because the data isolation measures are not effective enough for data storage, access, communication, destruction and other links lack of security monitoring, there are certain security risks, resulting in the loss of data and the possibility of leakage. At the same time, in the case of data loss, it is also possible to face the risk of data failure to recover in time. These risks are mainly due to the inability of the cloud service provider to provide adequate security to the user, so that the user can also resolve this part of the risk by signing a data security-related service guarantee agreement with the cloud service provider.

In view of the data leakage risk and data loss risk, the cloud service provider should take the necessary data isolation, encryption, backup, decentralized management and other measures to ensure the security of cloud storage services.

Security Risks in cloud applications

It is inevitable that there are security risks in cloud applications. Any application is the embodiment of process and logic, and most applications can not accurately reproduce the process and logic, so there must be defects and vulnerabilities, these defects and vulnerabilities become the biggest security risks. Perhaps even more worrying is that the potential for this application is superimposed on the security problems of the cloud infrastructure itself, bringing more complex problems. The ability to implement secure logical segmentation of cloud applications and cloud infrastructures may be one of the future directions, simplifying the solution to cloud computing security issues.

Access to secure cloud services

As mentioned earlier, cloud services face two security challenges, both technical and social. There are two ways to get a secure cloud service. At the social level, the relevant laws and regulations should be established as soon as possible. Of course, the establishment of laws and regulations can not solve the problem of the establishment of social trust and credit mechanism, but promote the maturity of trust and credit mechanism. Without the protection of laws and regulations, I personally think that the security of cloud services can only be a good wish. And from a technical perspective, to address the characteristics of cloud services, the study of specialized security protection technology, the development of targeted cloud services and cloud applications of security products, but also in accordance with the relevant provisions of laws and regulations, for the implementation of laws and regulations to provide appropriate technical support, for example, when the dispute arises, Forensic technology and products required by the arbitration.

Cloud ensures user data and privacy security

User data and privacy security are the first and most controversial security issues in the cloud computing field. This concern is in fact easily understood. It is very similar to the deposit problem we are often exposed to. How do we save money to a bank and make sure that our money is not stolen or lost because of a bank failure or some criminal act? How to ensure that my property information is not leaked? If we look at the existing banking system, we will provide a lot of inspiration. First of all, to have laws and regulations to deal with, with laws and regulations can provide users with a strong means of data and privacy, and secondly, the supervision and audit mechanism to prevent. User data and privacy to a cloud service provider do not imply oversight. Countless experiences have shown that security based solely on trust and credibility is the least secure. As a result, cloud service providers and cloud infrastructure providers need to provide reliable and effective oversight and audit channels and technical tools for third parties, and finally, a query and validation mechanism. This query and validation mechanism allows data and information owners to understand the security status of their data in a timely manner. These aspects, in fact, the technical needs of some new methods and means to support. Including data encryption, authorization authority, data processing process monitoring and forensics technology support and so on.

Security differences of private cloud, public cloud, mixed cloud

These three kinds of clouds have different security issues. The security of private cloud has little difference with the security of information assets in traditional enterprises or organizations. Previous security threats are also a security threat to private clouds. and the establishment of private cloud will improve the security of information assets within the enterprise or organization to some extent. Because the private cloud largely solves the risk that data fragmentation often exists within an enterprise or organization that does not effectively centralize management.

The security of the public cloud is more pronounced relative to the private cloud. Not only face the security threats and risks that private cloud faces, but also the problem of logical security partition and protection between multiple cloud users. Mixed cloud security issues are similar to common cloud security issues.

Security focus for private cloud, public cloud, mixed cloud

The security focus of the private cloud is to prevent intrusion and external attacks on cloud infrastructure and systems. The security of the public cloud is focused on the logical security segmentation of internal services and the leakage of information such as data and privacy. The security protection of hybrid cloud needs to consider both private and public scenarios.

Network and server, CPU forensics in cloud computing environment

The network of cloud computing environment and the technique of computer forensic technology are different from the evidence technology in traditional environment. At present, the evidence of computer crime is comparatively concentrated, which is convenient for collecting and obtaining evidences. We are exposed to the computer forensics technology and products are more oriented to a single device.

In the cloud computing environment, the behavior of computer crime including cybercrime will be more dispersed and the evidence is difficult to collect. It is hard to imagine the complexity of collecting traces and evidence of illegal behaviour on a massive cloud-computing infrastructure platform. This kind of forensics is a necessary means to ensure cloud security. Therefore, I personally think that with the introduction of relevant national laws and regulations, the relevant forensic technology and products still have a large market demand.

Cloud computing and cloud security standards.

There is still a large lag in the standardization of cloud computing. There are many reasons, mainly in cloud computing technology, services and applications there are a variety of different views and views. This situation also reflects the real maturity of cloud computing and business has a long way to go. The standardization of cloud security concerns is even less optimistic. The development of security technology is always lag behind the application development from the time axis, this is also an objective reality.

The difference between cloud security products and non-cloud security products

In view of the current market situation, I personally think that the so-called cloud security products and non-cloud security products in nature can not see too many differences, including features, performance and architecture. A lot of technology and products still stay in the phase of concept verification, do not rule out some of the ingredients in the hype. Technically speaking, the future of cloud security products and non-cloud security products in the function, performance and architecture should be said to be very different, need to seriously from the cloud services and cloud applications in the practice of mining security features and requirements, and propose a system solution, and should not be on the existing security products for simple upgrades and transformation.

Deployment of cloud security products

The cloud infrastructure and upper-tier application systems are locations where security products need to be focused. Cloud infrastructure, deploy a firewall with virtualization recognition at the gateway, reduce attacks on virtual servers in the gateways, and deploy a dedicated intrusion detection system to detect illegal intrusion of virtual servers. In the upper-level application system, the deployment of the system vulnerabilities, viruses, trojans and malicious software to detect products, to avoid the application of services to the security risks; The data stored in the application system encryption and decryption operations, using different encryption and decryption algorithm to prevent data tampering.

(Responsible editor: Liu Fen)