Delivery in day(s): 4
Risk Management And Security Oz Assignments
Cloud security is stated as the proper security or protection of the confidential data that is stored online (Salah et al., 2013). There are some of the main threats for the cloud security that involve data loss, hijacking of service traffic, insecure APIs or application program interface, breaches to confidential data, shared technology and poorer choice of the providers of cloud storage and various other. Gigantic Corporation is one of the most popular and significant organization that has decided to execute a project of DDoS prevention system for the security of cloud (Krylov & Kravtsov, 2014). The following report outlines a brief description on the case study of Gigantic Corporation and their project management. A risk assessment is done for the identified risks and the consequences are also taken into consideration from the IT control framework. Furthermore, the various protection mechanisms will also be identified in this report.
Various Threats and Vulnerabilities for DDoS Prevention System in Cloud Security
The project of DDoS prevention system comprises of several important and significant risks, threats and vulnerabilities that could be extremely vulnerable for Gigantic Corporation (Van Trung et al., 2015). The most important and noteworthy threats for this particular project are as follows:
i) Reduced Control and Visibility of Data: The first and the foremost threat for the DDoS prevention system in cloud security is the reduced control as well as visibility of data. When the transitioning of the assets or operations is being done by the users, the respective organizations lose control or visibility on the data or assets (Mahajan & Sachdeva, 2013). When the external services are utilized, there is a major responsibility to move few policies and infrastructure in the target location. This is extremely vulnerable for the users since they would not be able prevent the attack of DDoS effectively.
ii) Unauthorized Uses of Data: The second important threat for the DDoS prevention system in cloud security is the unauthorized use of confidential data and information (Laskar & Mishra, 2016). The new services could be easily provisioned and hence the features of on demand self service provisioning help the personnel of Gigantic Corporation to enable the several services without taking the consent of information technology experts.
iii) Compromising Internet Accessible Management APIs: Another significant and important threat or vulnerability for the DDoS prevention system is the compromise of the Internet accessible management of APIs. A distinct set of APIs or application programming interfaces are utilized for managing as well as interacting with the cloud services (Lad & Baria, 2014). There are some of the major software related vulnerabilities in these APIs and hence these issues should be mitigated properly.
iv) Data Deletion: The next important and noteworthy vulnerability for the specific DDoS prevention system is the deletion of data. Often the confidential data gets deleted without any type of previous notification (Idziorek, Tannian & Jacobson, 2013). Hence, the authenticated users have no idea about their data getting deleted. This particular risk concerns about the spreading of data within a number of storage devices in the infrastructure of prevention system.
v) Stealing of Credentials: The credentials could also be stolen by the attackers and hence the organization of Gigantic Corporation could face some of the most significant issues related to this problem.
vi) Insiders’ Threat: The sixth important threat or vulnerability for DDoS prevention system is the insiders’ threat (Zargar, Joshi & Tipper, 2013). The staffs or the administrators for Gigantic Corporation could also take the access of data, networks and infrastructures eventually.
Risk Assessment on the Identified Risks for the Project
The risk assessment on all the identified risks for this project of DDoS prevention system is given below:
Level of Risk
Reduced Control and Visibility of Data
Unauthorized Uses of Data
Compromising Internet Accessible Management APIs
Stealing of Credentials
Table 1: Risk Assessment of Identified Risks in DDoS Prevention System
The above provided table has properly assessed all the identified risks for this particular project and thus they should be mitigated on time (Oo et al., 2016).
Consequences of the Identified Risks derived from IT Control Framework
The IT control framework is the respective data structure, which could organize as well as categorize the internal controls of the company for creating the business values ad then minimizing the risks (Somani et al., 2017). The consequences of all the identified risks that are derived from the IT control framework are as follows:
i) Reduced Control and Visibility of Data: The consequence of this particular threat is moderate according to the IT control framework since this risk could be avoided with proper measures.
ii) Unauthorized Uses of Data: The consequence of this particular threat is major as this type of threat could lead to data loss or data theft (Akbar, Basha & Sattar, 2015).
iii) Compromising Internet Accessible Management APIs: The consequence of this threat is major since it can compromise the Internet accessible APIs.
iv) Data Deletion: The consequence of this threat is moderate as the antivirus software can easily reduce this risk.
v) Stealing of Credentials: The consequence of this risk is major since they would not be able to maintain the authenticity and confidentiality of the credentials (Zhang & Green, 2015).
vi) Insiders’ Threat: The consequence of this risk is minor as by deploying some security measures, they would be able to stop this issue.
Recommendations for the Project
Although, this project would be one of the most vital and noteworthy projects in Gigantic Corporation, there are some of the basic issues that should be resolved by some recommendations. The major recommendations for this project of DDoS prevention system in cloud security are as follows:
i) Using VPN: The first recommendation for this particular project is the utilization of virtual private networks within the system. VPN is the private network that allows the users for sending or receiving the data in shared or public networks.
ii) Parallel Networking: The parallel networking is the second important recommendation for this project. This type of networking could easily detect the issue of DDoS attack and thus the problem is mitigated for Gigantic Corporation.
Mitigation of Risks and Impact on System
The mitigation techniques of each and every identified risk for this project are given below:
i) Implementing Antivirus Software and Proper Updates: The basic mitigation technique for reducing the risks of the DDoS prevention system is the implementation of the antivirus software and proper updates are required (Purwanto & Rahardjo, 2014). If these updates are not properly done, the respective system will not be able to prevent the DDoS attacks easily and promptly. The antivirus software is the computerized program that is used for the prevention, detection and finally removal of the malware. This antivirus software was previously developed for the detection and removal of computer virus. However, with proliferation of any other malware type, this antivirus software has provided protection from other threats like DDoS attacks as well (Sahay et al., 2015). The malicious browser helper objects, Trojan horse, rootkits and ransomware are also protected by this attack.
ii) Implementing Firewalls: The second mitigation technique for the reduction of risks within the DDoS prevention system is the significant implementation of firewalls (Ankita & Khatiwala, 2015). As the name suggests, the firewalls could easily detect the various viruses or threats. This is the specific network security system, which eventually monitors as well as controls the incoming and outgoing network traffic on the basis of the predetermined security rules. The firewall helps in establishing the barrier within trusted internal network and the untrusted external networks. Two types of firewalls are categorized here, which are network firewall and host based firewall (Mihai-Gabriel & Victor-Valeriu, 2014). The network firewalls are responsible for filtering the traffic within two or more networks. The host based firewalls could run on the host computers and then control in and out mechanisms of the network traffics within these machines.
Figure 1: Firewall Implementation
(Source: Krylov et al., 2014)
These above mentioned two techniques are extremely vital and important for mitigating all the issues related to the security in the project of DDoS prevention system for Gigantic Corporation.
Protection Mechanisms Required for Information Security in the Project
According to Deshmukh and Devadkar (2015), this type of protection is either from the theft, deletion or even leakage. Numerous methods are present for providing security in cloud such as implementation of firewalls, tokenization, and obfuscation, avoiding usage of the public relation Internet connectivity, implementing VPN or virtual private network and penetration testing. The cloud security is extremely vital for several users, who are eventually concerned regarding the data safety, which are being stored within the cloud (Sahi et al., 2017). It is believed the data is absolutely safe on the local servers and have explicit control on the data. However, the data stored within the cloud might be more safe and secured since all the cloud service providers consist of higher security measures and the staffs are the security experts. The other significant threats to the cloud security are malware as well as the social engineering attacks. As per Chauhan and Prasad (2015), the project of DDoS prevention system might be facing these above mentioned security issues eventually. However, some of the protection mechanisms are present that could be helpful to reduce these issues.
The two important and significant protection mechanisms that are needed for the information security within the project of DDoS prevention system are as follows:
i) Implementing Virtual Private Network: Akbar, Basha and Sattar (2015), state that the first protection mechanism for DDoS prevention system is the implementation of virtual private networks. The virtual private network is the extension of private network within the public network for enabling the users to either send or receive the confidential data within the public or shared networks since the computing devices are directly linked to their private network (Zhang & Green, 2015). This particular technology enables the remote users for securely accessing the corporate applications or any other resource.
Figure 2: Virtual Private Network
(Source: Purwanto & Rahardjo, 2014)
ii) Using Encryption Technique: According to Mihai-Gabriel and Victor-Valeriu (2014), this is the simplest procedure for encoding any specific message and information in such a manner so that only the authorized and authenticated users could have the access of that data. The encryption technique does not prevent the interference and denies the intelligent content for the interceptor. There are two algorithms for encryption and decryption procedures.
Figure 3: Encryption and Decryption Process
(Source: Deshmukh & Devadkar, 2015)
The impact of these two mitigation techniques on the DDoS prevention system is extremely high and hence these should be maintained properly for avoiding any type of risk or threat.
Therefore, from the above discussion, it can be concluded that distributed denial of service or DDoS attack is the most vulnerable and dangerous threat for the cloud security and this type of attack could easily shut down the service by overwhelming it with the help of data so that the users could not access their respective accounts like electronic mails and bank accounts. The entire data storage system becomes extremely vulnerable; apart from this, the onsite data might also be quite vulnerable for the users. The above report has clearly described the case study of Gigantic Corporation. The several risks related to their project of DDoS prevention system in cloud security are properly identified and assessed and the consequences are noted according to IT control framework.
1. Akbar, A., Basha, S. M., & Sattar, S. A. (2015, October). Leveraging the SIP load balancer to detect and mitigate DDos attacks. In 2015 International Conference on Green Computing and Internet of Things (ICGCIoT) (pp. 1204-1208). IEEE.
2. Ankita, P., & Khatiwala, F. (2015). Survey on DDoS attack detection and prevention in cloud. International Journal of Engineering Technology, Management and Applied Sciences, 3(2), 43-7.
3. Chauhan, K., & Prasad, V. (2015). Distributed denial of service (ddos) attack techniques and prevention on cloud environment. International Journal of Innovations & Advancement in Computer Science, 210-215.
4. Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding DDoS attack & its effect in cloud environment. Procedia Computer Science, 49, 202-210.
5. Idziorek, J., Tannian, M. F., & Jacobson, D. (2013). The insecurity of cloud utility models. IT Professional, 15(2), 22-27.
6. Krylov, V., & Kravtsov, K. (2014). DDoS attack and interception resistance IP fast hopping based protocol. arXiv preprint arXiv:1403.7371.
7. Krylov, V., Kravtsov, K., Sokolova, E., & Lyakhmanov, D. (2014, October). Sdi defense against ddos attacks based on ip fast hopping method. In Science and Technology Conference (Modern Networking Technologies)(MoNeTeC), 2014 First International (pp. 1-5). IEEE.
8. Lad, N., & Baria, J. (2014). DDoS prevention on REST based web services.
9. Laskar, S., & Mishra, D. (2016). Qualified vector match and merge algorithm (QVMMA) for DDoS prevention and mitigation. Procedia Computer Science, 79, 41-52.
10. Mahajan, D., & Sachdeva, M. (2013). DDoS Attack Prevention and Mitigation Techniques-A Review. International Journal of Computer Applications, 67(19).
11. Mihai-Gabriel, I., & Victor-Valeriu, P. (2014, November). Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory. In Computational Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp. 319-324). IEEE.
12. Oo, K. K., Ye, K. Z., Tun, H., Lin, K. Z., & Portnov, E. M. (2016). Enhancement of Preventing Application Layer Based on DDOS Attacks by Using Hidden Semi-Markov Model. In Genetic and Evolutionary Computing (pp. 125-135). Springer, Cham.
13. Purwanto, Y., & Rahardjo, B. (2014, October). Traffic anomaly detection in DDos flooding attack. In Telecommunication Systems Services and Applications (TSSA), 2014 8th International Conference on (pp. 1-6). IEEE.
14. Sahay, R., Blanc, G., Zhang, Z., & Debar, H. (2015, February). Towards autonomic DDoS mitigation using software defined networking. In SENT 2015: NDSS Workshop on Security of Emerging Networking Technologies. Internet society.
15. Sahi, A., Lai, D., Li, Y., & Diykh, M. (2017). An efficient DDoS TCP flood attack detection and prevention system in a cloud environment. IEEE Access, 5, 6036-6048.
16. Salah, K., Calero, J. M. A., Zeadally, S., Al-Mulla, S., & Alzaabi, M. (2013). Using cloud computing to implement a security overlay network. IEEE security & privacy, 11(1), 44-53.
17. Somani, G., Gaur, M. S., Sanghi, D., Conti, M., & Buyya, R. (2017). DDoS attacks in cloud computing: Issues, taxonomy, and future directions. Computer Communications, 107, 30-48.
18. Van Trung, P., Huong, T. T., Van Tuyen, D., Duc, D. M., Thanh, N. H., & Marshall, A. (2015, October). A multi-criteria-based DDoS-attack prevention solution using software engineering defined networking. In International Conference on Advanced Technologies for Communications (ATC) (pp. 308-313).
19. Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), 2046-2069.
20. Zhang, C., & Green, R. (2015, April). Communication security in internet of thing: preventive measure and avoid DDoS attack over IoT network. In Proceedings of the 18th Symposium on Communications & Networking (pp. 8-15). Society for Computer Simulation International.