Information Technology Reference
In-Depth Information
2.
Daemons/background services
: Anyone who has set up an externally
exposed server and then
hardened
the build will be aware of back-
ground services that can be exploited by those with malicious intent.
Each instance must be assessed to understand what operating sys-
tem services are required to complete the job and ensure that noth-
ing else is enabled.
3.
Penetration testing
: There are two parts to this activity. First, an audit
mechanism should identify if the existing security measures have
been properly implemented. The outcome of this might be a list of
items that need attention to ensure that the overall security strategy
is maintained. Secondly, a series of invasive tests simulate the effects
of the instances in response to external attack. These tests place the
system under load, which may expose hitherto undetected vulner-
abilities. In practice, such auditing and testing is at the fringe of the
relationship between an enterprise and a cloud provider, since the
provision of shared services to a number of enterprises potentially
puts all of them at risk if one particular enterprise starts doing pen-
etration tests. Cloud providers have responded in two ways. The
first is to have vulnerability testing as a cloud service (SaaS), which
can perform some of the work required. The second approach is
to develop in-house penetration capabilities at the cloud provider,
who will conduct tests and present a list of recommendations for the
enterprise to consider.
4.
Intrusion detection/prevention
: Intrusion Detection Systems (IDS)
monitor network traffic and report anomalies in relation to prede-
termined security policies. The logs generated can then be used to
identify areas that may need hardening, or they may be used as part
of a forensic investigation after a breach has occurred. An Intrusion
Prevention System (IPS) takes any anomalous behavior and pro-
actively alters a firewall to prevent a recurrence of the behavior by
stopping the traffic from accessing the instance. For cloud environ-
ments, host-based variants of IDS/IPS are required (HIDS/HIPS) for
each application instance that consumes external traffic. Again, the
extent to which this security measure is deployed will be dependent
upon the risk profile produced by the initial assessment.
5.
Application auditing
: There are still cases where unwanted intruders
can circumvent network security and gain access to applications.
Automated application auditing monitors the applications that are
installed and raises an alarm when files are changed. This is often
referred to as file change monitoring and can be applied to any appli-
cation or system files where changes would not normally be expected.
6.
Antivirus
: One approach to prevent viruses or malware being installed
is to robustly prevent users from installing applications themselves.
However, this does not stop e-mails being opened nor, in the case of
Search WWH ::
Custom Search