CC Final Project

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 1/12

%21

%20

%1

SafeAssign Originality Report Cloud Computing - 202040 - CRN174 - Pollak • Final Project

%26Total Score: Medium risk Santhosh Muthyapu

Submission UUID: 43a98d6d-211b-6de9-9bf1-1de6250058fd

Total Number of Reports

3 Highest Match

43 % Bibliography.docx

Average Match

26 % Submitted on

06/05/20 11:46 AM EDT

Average Word Count

816 Highest: CLOUDMISCONFIGURATION.pptx

%43Attachment 1

Global database (3)

Student paper Student paper Student paper

Institutional database (1)

Student paper

Internet (1)

fiids

Top sources (3)

Excluded sources (0)

View Originality Report - Old Design

Word Count: 193 Bibliography.docx

1 5 3

2

4

2 Student paper 1 Student paper 5 Student paper

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 2/12

Source Matches (6)

Student paper 83%

Student paper 92%

Student paper 94%

Student paper 81%

Bibliography: Baset, S., Suneja, S., Bila, N., Tuncer, O., & Isci, C. (2017). Usable declarative configuration specification and validation for applications, systems, and cloud.

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware ’17. https://doi.org/10.1145/3154448.3154453

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A., Rao, J. R., Valdez, E., & Weinsberg, Y. (2016). Security intelligence for cloud management

infrastructures. IBM Journal of Research and Development, 60(4), 11:1–11:13. https://doi.org/10.1147/JRD.2016.2572462

Duncan, R. (2020). A multi-cloud world requires a multi-cloud security approach. Computer Fraud & Security, 2020(5), 11–12. https://doi.org/10.1016/S1361-3723(20)30052-X

January 15, S. P. on, & 2020. (2020, January 15). Cloud Misconfigurations: The Security Problem Coming From Inside IT. Security Boulevard.

https://securityboulevard.com/2020/01/cloud-misconfigurations-the-security-problem-coming-from-inside-it/ Torkura, K. A., Sukmana, M. I. H., Strauss, T., Graupner, H., Cheng, F., & Meinel, C. (2018, November 1). CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems. IEEE Xplore. https://doi.org/10.1109/NCA.2018.8548329

1

2 2

3

4 5

1

Student paper

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware ’17. https://doi.org/10.1145/3154448.3154453

Original source

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware '17 doi:10.1145/3154448.3154454

2

Student paper

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A., Rao, J.

Original source

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A.,

2

Student paper

Security intelligence for cloud management infrastructures. IBM Journal of Research and Development, 60(4), 11:1–11:13.

Original source

Security intelligence for cloud management infrastructures IBM Journal of Research and Development, 60(4), 11-1

3

Student paper

https://doi.org/10.1016/S1361-3723(20)30052-X

Original source

https://doi.org/10.1016/S1361-3723(18)30052-6

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 3/12

%5

%3

%2

%10Attachment 2

Global database (4)

Student paper Student paper Student paper

Student paper

Institutional database (1)

Student paper

Internet (1)

firemon

Top sources (3)

Excluded sources (0)

fiids 65%

Student paper 90%

4

Student paper

(2020, January 15).

Original source

15 FEBBRAIO 2020

5

Student paper

The Security Problem Coming From Inside IT.

Original source

The Security Problem Coming From Inside IT.Security

Word Count: 1,239 CLOUDMISCONFIGURATION.pptx

3 2 6

5

4

1

4 Student paper 3 Student paper 1 firemon

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 4/12

CLOUD MISCONFIGURATION

Name: Santhosh Muthyapu

Institution: New England College

Date: 06/05/2020

Introduction

Cloud misconfigurations are a major security risk for organizations

They rise when configurations are not done properly

Such misconfigurations expose the organization to security breaches

Cloud misconfigurations are now a major security risk for organizations adopting or moving to cloud. They involve security risks that arise when cloud configuration is not done properly hence exposing assets of the organization to possible security breaches. Currently cloud misconfiguration represents the biggest threat that is facing enterprise cloud security

2

Human factor in misconfigurations

Human error accounting for most misconfigurations

According to the 2018 IBM X-Force Report data breaches with regard to cloud misconfigurations increased by 424% due to human error (Duncan, 2020) 95% of security incidences are fault of customers

The human factor in such misconfigurations is a concern for many with human error accounting for most misconfigurations when it comes to cloud solutions. According to

the 2018 IBM X-Force Report data breaches with regard to cloud misconfigurations increased by 424% due to human error (Duncan, 2020). Further projections revealed that as of 2020 most of the cloud security incidences or at least 95% would be the fault of customers.

3

Challenges

Permission controls

Access restrictions

AWS misconfigurations (Torkura et al., 2018)

Some of the challenges associated with misconfigurations include permission controls, access restrictions and AWS security misconfigurations

4

AWS security misconfigurations Misconfiguration may occur on EC2 server

The server offers security between the port and protocol access level

Such a misconfiguration would allow an attacker to gain access to the servers

AWS security group involve misconfigurations with regard to EC2 server instances which offers security between the port and protocol access level. A misconfiguration related to this group would allow an attacker to gain access to the servers that are based in cloud and have unauthorized access to the data. 5

AWS security misconfigurations The server may be made accessible via the SSH port (22) This occurs during troubleshooting or debugging

Such an error allows attackers to gain access from any location worldwide

1

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 5/12

Such an error allows attackers to gain access from any location worldwide

Most common misconfiguration in this regard usually happens when the server is made accessible via the SSH port (22) that can occur during troubleshooting or debugging. Such a misconfiguration would make it easier for any attacker to gain unauthorized access to the servers from any location in the world.

6

Access restrictions

Misconfigurations Occur as a result of inadequate access restrictions

Access restrictions prevent unauthorized access

Example include unsecured AWS S3 storage buckets

Access restrictions misconfigurations happen when there are inadequate access restrictions that can prevent unauthorized access to the cloud infrastructure putting most organizations around the world at risk. The unrestricted issue in this category involves unsecured AWS S3 storage buckets. Such a misconfiguration could allow attackers to access and even download critical data or information regarding the organization. It can also enable attackers to write on the cloud accounts of the organization.

7

Permission controls misconfigurations

They occur when the organization fails to apply the least privilege principle

This creates many security risks

Permissions limit user activity or actions

Absence of permissions allows users to perform unrestricted actions. (Baset et al., 2017).

Permission controls misconfigurations come about when the organization fails to apply the least privilege principle hence creating many security risks. As of such permissions relating to accounts of individuals are not limited hence users or individuals can perform unrestricted actions which may not relate to the service they seeking on the platform hence ending up compromising the security of the organization as a result

8

WLAN security

WLAN security systems provide security measures for a network

Networks usually prone to unauthorized access

The security systems prevent attacker from interfering with the data in the network

Encryption

Authentication

Invisibility (Berger et al., 2016).

WLAN security systems offer the necessary protection or security measures for a given network. Such is necessary as networks are prone to unauthorized access by attackers hence making the data or assets of the organization vulnerable. In preventing such most organizations employ encryption solutions, authentication and invisibility among other security techniques with regard to WLANs. Good security measures enable detection, prevention or blocking intruders into the network

9

WLAN security Misconfigurations

Misconfigured Aps result to most cases of WLAN breaches

Use of intrusion sensors recommended rather than relying on sniffers

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 6/12

Use of intrusion sensors recommended rather than relying on sniffers

Weak security deployments

Weak passphrases

Default SSID usage

misconfigurations on such security systems such as misconfigured APs result to most cases of WLAN breaches.

As a result most organizations ought to make use of intrusion sensors that are independent from the vendor and not rely so much on sniffers. Other vulnerabilities may

include lack of security configuration at consumer access points, weak security deployments, weak passphrases and default SSID usage.

10

Solutions to misconfigurations

Adopting automated cloud security solutions

Use of embedded security

Mixture of human controlled and autonomous methods in validating policy settings and conducting real time network testing (Torkura et al., 2018)

In addressing issues regarding with misconfigurations organizations need to adopt automation solutions with regard to with regard to cybersecurity and policy automation in order for them to keep up with the daily increment in activities and adoption of cloud solutions. With more automated information technology security tasks an organization is better placed and prepared to see to it that hybrid cloud complexities are reduced and improved network visibility which will prevent any misconfigurations from happening. Additionally use of embedded security processes and a mixture of human controlled and fully autonomous methods in validating policy settings and conducting real time network testing should see to it that an organization has consistent security in its cloud platforms

11

Advantages and disadvantages

Advantages

Data security

Protection against DDoS attacks

Competitive advantage over rivals

Regulatory compliance

Disadvantages

Data theft

Lawsuits

Tarnished reputation for organization

Conclusion

Misconfigurations major security risks for organizations

Human error leading cause of misconfigurations Reducing misconfigurations can be achieved via automation of security solitons

I l i i fi ti j it i k f i ti th t d ti l d l ti h th d t th t h hi h i l di

2

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 7/12

Source Matches (7)

firemon 64%

Student paper 66%

Student paper 83%

Student paper 92%

In conclusion misconfigurations are now a major security risks for organizations that are adopting cloud solutions hence the need to ensure that human errors which is leading cause of such is reduced. This can be achieved by automation of security solutions in cloud to ensure consistency in cloud security and a reduction in misconfigurations.

13

References

Baset, S., Suneja, S., Bila, N., Tuncer, O., & Isci, C. (2017). Usable declarative configuration specification and validation for applications, systems, and cloud. Proceedings of the

18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware ’17. https://doi.org/10.1145/3154448.3154453

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A., Rao, J. R., Valdez, E., & Weinsberg, Y. (2016). Security intelligence for cloud management

infrastructures. IBM Journal of Research and Development, 60(4), 11:1–11:13. https://doi.org/10.1147/JRD.2016.2572462

Duncan, R. (2020). A multi-cloud world requires a multi-cloud security approach. Computer Fraud & Security, 2020(5), 11–12. https://doi.org/10.1016/S1361-3723(20)30052-X

January 15, S. P. on, & 2020. (2020, January 15). Cloud Misconfigurations: The Security Problem Coming From Inside IT. Security Boulevard.

https://securityboulevard.com/2020/01/cloud-misconfigurations-the-security-problem-coming-from-inside-it/ Torkura, K. A., Sukmana, M. I. H., Strauss, T., Graupner, H., Cheng, F., & Meinel, C. (2018, November 1). CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems. IEEE Xplore. https://doi.org/10.1109/NCA.2018.8548329

3

4 4

5

6

1

Student paper

According to the 2018 IBM X-Force Report data breaches with regard to cloud misconfigurations increased by 424% due to human error (Duncan, 2020).

Original source

In 2018, IBM revealed that there was a 424% increase in data breaches due to cloud misconfigurations that were caused by human error

2

Student paper

Other vulnerabilities may include lack of security configuration at consumer access points, weak security deployments, weak passphrases and default SSID usage.

Original source

Further threats include weak passphrases, weak security deployments, and default SSID usage

3

Student paper

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware ’17. https://doi.org/10.1145/3154448.3154453

Original source

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware '17 doi:10.1145/3154448.3154454

4

Student paper

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A., Rao, J.

Original source

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A.,

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 8/12

Student paper 94%

Student paper 81%

Student paper 90%4

Student paper

Security intelligence for cloud management infrastructures. IBM Journal of Research and Development, 60(4), 11:1–11:13.

Original source

Security intelligence for cloud management infrastructures IBM Journal of Research and Development, 60(4), 11-1

5

Student paper

https://doi.org/10.1016/S1361-3723(20)30052-X

Original source

https://doi.org/10.1016/S1361-3723(18)30052-6

6

Student paper

The Security Problem Coming From Inside IT.

Original source

The Security Problem Coming From Inside IT.Security

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 9/12

%9

%8

%7

%24Attachment 3

Global database (4)

Student paper Student paper Student paper

Student paper

Institutional database (1)

Student paper

Internet (3)

firemon hpi 1reddrop

Top sources (3)

Excluded sources (0)

Word Count: 1,016 Santhosh Muthyapu Final Project- Cloudmisconfiguration.docx

5 4 7

6

2

3 8 1

2 Student paper 5 Student paper 3 firemon

Running Head: CLOUD MISCONFIGURATIONS 1

CLOUD MISCONFIGURATIONS 5

Cloud Misconfigurations

Santhosh Muthyapu

New England College Date: 06/05/202

Cloud security risks from misconfiguration

Cloud misconfigurations are now a major security risk for organizations adopting or moving to the cloud. They involve security risks that arise when cloud configuration is not done properly hence exposing assets of the organization to possible security breaches. Currently, cloud misconfiguration represents the biggest threat that is facing enterprise cloud security. The human factor in such misconfigurations is a concern for many with human error accounting for most misconfigurations when it comes to cloud solutions.

According to the 2018 IBM X-Force Report, data breaches concerning cloud misconfigurations increased by 424% due to human error (Duncan, 2020). Further projections revealed that as of 2020 most of the cloud security incidences or at least 95% would be the fault of customers. Some of the challenges associated with misconfigurations include permission controls, access restrictions, and AWS security misconfigurations (Torkura et al., 2018). AWS security group involves misconfigurations with regard to EC2 server instances which offers security between the port and protocol access level. A misconfiguration related to this group would allow an attacker to gain access to the servers that are based in the cloud and have unauthorized access to the data. The most common misconfiguration in this regard usually happens when the server is made accessible via the SSH port (22) that can occur during troubleshooting or debugging. Such a misconfiguration would make it easier for an attacker to gain unauthorized access to the servers from any location in the world Access restrictions misconfigurations happen when there are inadequate access restrictions that can prevent unauthorized access to the cloud infrastructure putting most

1

2

3

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 10/12

Source Matches (10)

world. Access restrictions misconfigurations happen when there are inadequate access restrictions that can prevent unauthorized access to the cloud infrastructure putting most organizations around the world at risk. The misreported issue in this category involves unsecured AWS S3 storage buckets. Such a misconfiguration could allow attackers to access and even download critical data or information regarding the organization. It can also enable attackers to write on the cloud accounts of the organization. Permission controls misconfigurations come about when the organization fails to apply the least privilege principle hence creating many security risks. As such permissions relating to accounts of individuals are not limited hence users or individuals can perform unrestricted actions that may not relate to the service they seeking on the platform hence ending up compromising the security of the organization as a result (Baset et al., 2017). WLAN security systems offer the necessary protection or security measures for a given network. Such is necessary as networks are prone to unauthorized access by attackers hence making the data or assets of the organization vulnerable. In preventing such most organizations employ encryption solutions, authentication, and invisibility among other security techniques with regard to WLANs. Good security measures enable detection, prevention, or blocking intruders into the network (Berger et al., 2016). However, misconfigurations on such security systems such as misconfigured APs result in most cases of WLAN breaches. As a result, most organizations ought to make use of intrusion sensors that are independent of the vendor and not rely so much on sniffers. Other vulnerabilities may include

lack of security configuration at consumer access points, weak security deployments, weak passphrases, and default SSID usage. In addressing issues regarding misconfigurations organizations need to adopt automation solutions with regard to with regard to cybersecurity and policy automation in order for them to keep up with the daily increment in activities and adoption of cloud solutions. With more automated information technology security tasks an organization is better placed and prepared to see to it that hybrid cloud complexities are reduced and improved network visibility which will prevent any misconfigurations from happening. Additionally use of embedded security processes and a mixture of human-controlled and fully autonomous methods in validating policy settings and conducting real-time network testing should see to it that an organization has consistent security in its cloud platforms (Torkura et al., 2018). Addressing such misconfigurations is advantageous as it enables the organization to protect its assets DDoS attacks, ensuring data security by preventing high profile breaches that may tarnish the reputation of the organization or cause the organization to face lawsuits. Additionally ensuring cloud security may provide a competitive advantage for a given organization over its competitors as customers or users will always prefer to have their data secured. Ensuring cloud security also ensure regulatory compliance with predetermined policies from governing bodies. The disadvantages of misconfigurations is that they pose tat security risks that may expose the assets of the organization to attacks leading to data breaches hence suffering the losses that come with it.

4

In conclusion, misconfigurations are now major security risks for organizations that are adopting cloud solutions hence the need to ensure that human errors which is the leading cause of such is reduced. This can be achieved by automation of security solutions in the cloud to ensure consistency in cloud security and a reduction in misconfigurations.

References

Baset, S., Suneja, S., Bila, N., Tuncer, O., & Isci, C. (2017). Usable declarative configuration specification and validation for applications, systems, and cloud. Proceedings of the

18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware ’17. https://doi.org/10.1145/3154448.3154453

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A., Rao, J. R., Valdez, E., & Weinsberg, Y. (2016). Security intelligence for cloud management

infrastructures. IBM Journal of Research and Development, 60(4), 11:1–11:13. https://doi.org/10.1147/JRD.2016.2572462

Duncan, R. (2020). A multi-cloud world requires a multi-cloud security approach. Computer Fraud & Security, 2020(5), 11–12. https://doi.org/10.1016/S1361-3723(20)30052-X

January 15, S. P. on, & 2020. (2020, January 15). Cloud Misconfigurations: The Security Problem Coming From Inside IT. Security Boulevard.

https://securityboulevard.com/2020/01/cloud-misconfigurations-the-security-problem-coming-from-inside-it/ Torkura, K. A., Sukmana, M. I. H., Strauss, T., Graupner, H., Cheng, F., & Meinel, C. (2018, November 1). CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems. IEEE Xplore. https://doi.org/10.1109/NCA.2018.8548329

5

2 2

6

7

8

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 11/12

1reddrop 66%

Student paper 100%

firemon 65%

Student paper 66%

Student paper 83%

Student paper 92%

Student paper 94%

Student paper 81%

1

Student paper

CLOUD MISCONFIGURATIONS 1 CLOUD MISCONFIGURATIONS 5

Original source

Cloud Security Misconfigurations Cloud Security Misconfigurations

2

Student paper

Cloud security risks from misconfiguration

Original source

Cloud security risks from misconfiguration

3

Student paper

According to the 2018 IBM X-Force Report, data breaches concerning cloud misconfigurations increased by 424% due to human error (Duncan, 2020).

Original source

In 2018, IBM revealed that there was a 424% increase in data breaches due to cloud misconfigurations that were caused by human error

4

Student paper

Other vulnerabilities may include lack of security configuration at consumer access points, weak security deployments, weak passphrases, and default SSID usage.

Original source

Further threats include weak passphrases, weak security deployments, and default SSID usage

5

Student paper

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware ’17. https://doi.org/10.1145/3154448.3154453

Original source

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware '17 doi:10.1145/3154448.3154454

2

Student paper

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A., Rao, J.

Original source

Berger, S., Garion, S., Moatti, Y., Naor, D., Pendarakis, D., Shulman-Peleg, A.,

2

Student paper

Security intelligence for cloud management infrastructures. IBM Journal of Research and Development, 60(4), 11:1–11:13.

Original source

Security intelligence for cloud management infrastructures IBM Journal of Research and Development, 60(4), 11-1

6

Student paper

https://doi.org/10.1016/S1361-3723(20)30052-X

Original source

https://doi.org/10.1016/S1361-3723(18)30052-6

6/5/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=2ab444ee-13c8-49eb-86f5-578168754de8&course_id=_47058_1&includeDeleted=true&print=true 12/12

Student paper 90%

hpi 73%

7

Student paper

The Security Problem Coming From Inside IT.

Original source

The Security Problem Coming From Inside IT.Security

8

Student paper

Proactive Security Risk Analysis for Cloud Storage Broker Systems.

Original source

23 Oct 2018 Kennedy Torkura CSBAuditor - Proactive Security Risk Analysis for Cloud Storage Broker Systems