summary

liz benson
ATTACKSINCLOUDCOMPUTING.docx
Home>Information Systems homework help>summary

1

Running Header: ATTACKS IN CLOUD COMPUTING

4

ATTACKS IN CLOUD COMPUTING

ATTACKS IN CLOUD COMPUTING

Student’s Name

Tutor’s Name

Course Title

Date

Types of attacks

In the shown diagram, the malicious intermediary type of attack is the attack that can potentially be carried out if the program of the cloud were found to be malicious. This is simply because the attack can easily be carried out when a message is altered which results in determining the integrity of the message. Anybody who receives and sends emails to have an idea that message can contain some harmful links, some might also have hidden objects capture keystrokes that aids in capturing passwords.

Denial of service is the second type of attack that can happen in the scenario. If an attacker manages to overload one of the cloud consumers by sending multiple messages or increasing network traffic thus taking a greater toll of the virtual servers (A&B) which at the end it can bring down the physical server itself. By doing this, the act of the denial of services can generally take down both cloud consumers by improvising an act of rendering them not to be able to communicate with the cloud providers. (Bali, 2015)

Thirdly, overlapping the trust boundaries is the last type of attack that can happen in the shown scenario. Like it has been shown in the denial of services, in the case whereby multiple consumers tend to share physical resources if the trust is compromised in any way by either cloud consumers the results can be negative and have a more serious impact on the other cloud consumers.

Threats

The malicious service agent is one of the most recognized threats under a malicious intermediary type of attack. This type of threat can forward and intercept the network traffic that is found to be flowing within the cloud. In most cases, it generally exists as a service agent with malicious or compromised logic. It might also exist as an external program that can be potentially corrupt and remotely intercept message contents.

The trusted attacker is also a threat agent that mitigates denial of service attacks. This is because the trusted attacker tends to share information technology resources in the same cloud environment as the cloud consumer and thereafter attempts to exploit the most legitimate credentials to target cloud providers and tenants with whom they share IT resources. (Chou, 2013)

The anonymous attacker is a major threat agent to overlapping the trust boundaries. An anonymous attacker is considered as non-trusted cloud services consumers who at any point have no permission to the cloud. In this case, it exists at an external software program that greatly helps in launching network-level attacks that are found through the public network.

Causes

i. Lack of having the best IT management practices - This is one of the major causes that can lead to attacks of the system. The highly respective cybersecurity defense is considered to be the result of managing the software application and IT infrastructure. Over the past years, many organizations and agencies could deploy and build IT systems with little regard for security issues. Based on that it was not necessarily a management failure because at that time there were limited cases of security issues to be concerned with before the existence and wider use of internet and rise to the ubiquitous networks of data. Without pure IT management practices, the malicious intermediary can be widely encouraged. (Grobauer, Walloschek & Stocker, 2010)

ii. Misguided IT security practices – The system should always be well guided so that its information to be kept safe from unwanted individuals. If an organization IT experts are misguided there will be a system insecurity issues. Therefore all IT security practices must be well guided to avoid attacks such as overlapping the trust boundaries which can easily be caused by such an issue by bypassing data.

iii. Cumbersome and slow acquisition process – The problem or issue is exacerbated when funds are readily available to invest in information technology security yet it is ponderously difficult and slow to buy commercial solutions to aids address vulnerabilities thus paving ways for an attack such as Denial of service. This type of attack can be easily caused when the workload is artificially increased; the network is overloaded with traffic and lastly when there is multiple service requests with excessive memory and processing resources are sent through the system.

References

Bali, P. (2015). Pillars of Cloud Computing: A Review. International Journal of Advanced Research in Computer Science and Software Engineering.

Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79.

Grobauer, B., Walloschek, T., & Stocker, E. (2010). Understanding cloud computing vulnerabilities. IEEE Security & privacy, 9(2), 50-57.