Classifying malware attacks in IaaS cloud environments

For the management of companies, the first barrier to cloud deployment is maintaining an adequate level of security. But many security technologies in the cloud infrastructure become a hindrance and do not allow realizing the necessary business functionality. This is a great concern for all IT Support Services like IT Support Derby.

IT Security Services managers are convinced that the provision of corporate data and servers to third-party data centers will inevitably lead to disruption of the normal functioning of the security system of their company, loss of control over it and access to registration and auditing information.

The main reason for the negative attitude of professionals towards cloud computing is described in one word: “deperimeterization”. After all, the security perimeter does not disappear in a virtualized environment where virtual machines with different levels of trust use the same hypervisor; it does not disappear in a cloud environment with a large number of owners. Of course, the term “perimeter” is still present, but such sacral meaning is no longer embedded in it, and its use should be reconsidered.

The fundamental difference in the approach to security of virtualized environments is best illustrated by the approach to configuring a firewall, the traditional means of ensuring the network security of the data center. Cloud providers are forced to follow the “lowest common denominator” principle when setting it up, i.e., to set the least stringent policy in order to avoid problems with a certain hypothetical client. It is obvious that for any real client such a setting will not be optimal in terms of security. In addition, cables, switches, bandwidth, virtualization platforms, and storage networks in the cloud infrastructure should be shared resources and therefore cannot be trusted. Some aspects of traditional infrastructure are combined in a hypervisor or at the level of virtualized storage area network abstraction; many security technologies in the new infrastructure become an obstacle and do not allow implementing the functionality necessary for business. IT Support Derby is working on this issue with their deep concern.

Of course, the situation described above cannot but undermine the confidence of potential customers in cloud technologies.

Infrastructure Security or Secure Infrastructure

The transition to the cloud entails not only changes in the technical architecture; it also requires significant changes in the work of corporate teams of IT specialists. Often, in large enterprises and even system integrators, different teams of engineers work on projects separately. In such conditions, one of the components of the informatization project is completed first, for example, installation of a physical network or the placement of servers, and only then security specialists are connected to the project to protect the constructed infrastructure.

The isolation of teams of specialists creates fundamental difficulties. Last May, even the tech giant HP raised the alarm about this. Speaking about the deployment of smart grid projects, Ian Mitton, director of HP’s industry division, explained: “Our observations have shown that security must be provided in advance, but in practice, it is somewhat delayed. This cannot but cause some concern. There is a situation when project developers as if recollecting themselves, exclaim: “Oh my God! But what about security? ".

Why is the lack of interaction between the teams so fundamentally? Server and workstation virtualization (VDI) in the data center, IaaS, PaaS and SaaS services have changed the architecture of corporate information systems more than any other innovation over the past 15 years. However, with the transition to new technologies, none of the basic security problems persisted. On the contrary, new threats have emerged that have no analogs among their physical predecessors, for example, at the level of virtual architecture. The key reason for these difficulties is repatriation, since in many aspects the traditional separation of IT Companies in Birmingham into the network, platform, applications, etc. has disappeared. It is not enough to be an expert in the field of infrastructure or information security. It is necessary to focus not on ensuring the security of the existing,

Specific cloud threats

Placement of virtual servers and data in the cloud, together with data servers and other users, competitors might even intruders (recall criminal activity in the cloud Amazon EC2), causes many new problems. The inability to install updates on a temporarily disabled virtual machine leads to the fact that for some time after downloading it is completely unprotected from the most popular attacks — on widely known vulnerabilities. On the other hand, even if the virtual server is constantly turned on and updates are regularly downloaded, installing them may require rebooting the server, and the cloud infrastructure does not help minimize this kind of downtime. The data flow from the machine to the machine of the same hypervisor does not affect the physical network, so traditional network security technologies are not able to recognize the threat. In a virtualized environment, a new target for attackers and viruses - the virtualization platform itself, but again no traditional remedy can prevent this threat. A difficult issue is the delimitation of access to data since they are undoubtedly available to the technical staff of the cloud service provider.

To ensure cloud security, security features must function, reconfigure and monitor at the level of the virtual machine itself. The key technologies here are software firewalls with in-depth packet analysis and application layer penetration prevention.