It did not take long for the fears of many to come true. Since the launch of cloud services, people have been referring back to the issue of security and whether cloud computing can survive hackers' games. According to the article, one of the cloud based Amazon EC2 (elastic compute cloud) sites was compromised by hackers as the command and control (C&C) operation site. the hackers used the site to spread the Zeus banking Trojan (a password stealing email scam that aims not to only steal your password but also your financial data). In the following paragraphs, a clearer look at Amazon EC2 cloud based service's issues will take place.
The virus was first discovered when security researchers at CA were running a check up on spam; they then came across one with a URL for a malware called xmas2.exe. After examining the executed file, it became evident that the file contained Zeus Trojan which was hosted by Amazon web services housed by Amazon EC2. Once the virus was discovered, Amazon paused the activity o the files serving the botnet. Amazon representative mentioned that this kind of attacks hurt the reputation of cloud computing, however, it is always possible to have these attacks whether you have cloud computing or not.
Another issue occurred this passed Wednesday was the outage of one of Amazon's data centers. The outage lasted for several hours and made consumers unhappy. Furthermore, the whole backup component of a redundant supply had failed; this caused some of the facility's servers to fail to perform which ultimately means failure to retrieve information and instances needed by both the employees and their customers. In conclusion, I think that these issues are random and they could happen to any other type of infrastructure and not just cloud based services and data centers. Therefore, I think that people should not rush to conclude that cloud computing is totally insecure and is vital to attacks.
I remember all semester when the subject of cloud computing came up, most people voiced concerns about the security of all of it. This is definitely a very good example of why everyone should keep those concerns in mind when considering cloud computing.
ReplyDeleteYea Michelle, that is way I blogged about it. However, I think the virus issue could happen anywhere but I do agree about the outage problems their going through; these downtime could cause companies to lose amount of money.
ReplyDeleteAhmed,
ReplyDeleteEven that I do agree that this type of attack could happen to any infrastructure I still prefer managing my own files. I use a Linux based hardware firewall which, I feel, is a little more secure than windows. I drop ICMP echo requests (ping) so it is a little more difficult for someone to even know that I exist on the Internet. I also have a username and password that is so long it is impossible for someone to type it in. It forces me to cut and paste rather than type the username / password. This defeats keystroke capture programs. And, of course I use a virus and web link scanner. So, if there is a security breech I don’t have anyone to blame but myself.
I do think that cloud computing will eventually boost many businesses confidence in this new storage method. As with anything else that is new, there are always initial problems that eventually are corrected. In the article I posted previously on cloud computing these same two issues were brought up and that's why it is highly advisable for companies to review what they are storing to ensure it won't harm their business if anything like this occurs.
ReplyDeleteTerry, I agree with you on the fact that you can manage your own files and that it is much more secure than having someone initially manage it for you. On the other hand, I think that giving cloud computing a chance would pay off at the end just because it could enhance performance and cut costs. I also agree with Patty on ensuring whether their business should store sensitive information and whether it would benefit the business on general. It is however evident that cloud computing is going to overcome these security issues but again it is not going to be done over one night.
ReplyDeleteThis is a little off the topic of cloud computing, but in response to Terry's comment....How do you copy/paste your username and password? Does that mean you have it stored on your computer in order to copy it? What if someone accesses the file that you have it stored at then? Isn't that even more insecure having it right there on your system so all a hacker has to do is find that one file in order to gain access to your whole network?
ReplyDeleteThis incident should certainly be a concern to anyone using cloud computing services or considering it, but, as others have said the same attacks happen on locally-hosted servers.
ReplyDeleteAhmed suggests that "...you can manage your own files and that it is much more secure than having someone initially manage it for you."
I disagree with this. You (Terry) probably have lots of tasks to deal with and server security is only one of them. Cloud computing service providers employ teams of IT security folks whose entire job is protecting the security of their servers. That said, this was an attack on a specific site - not on Amazon's servers. That same site would have been just as vulnerable if it were hosted locally by the company that ran it.
This incident will certainly raise awareness and steps will be taken (either by the cloud service provider or the customer running the site) to make sure it is not repeated. However, it is not a vulnerability that is unique to cloud computing.
(I am contracting for M80, working with Microsoft to promote Windows Azure. See http://bit.ly/2b2sRd)
Matt,
ReplyDeleteI use something called Locknote which is a "portable data encryption" application and it requires one password to get into it.
"Pros: Self-contained and portable; very easy to use; 256-bit AES encryption"
"Cons: Storage limited to plain text without formatting; you need to create multiple copies to organize or use it for different purposes"
"http://www.snapfiles.com/downloads/dllocknote.html"