Storage Cloud Infrastructures

Transcription

1 Storage Cloud Infrastructures Detection and Mitigation of MITM Attacks Presenter: Jaqueline Carmilema CyberSecurity for the Next Generation South American Round, Quito 31 January 1 February, 2013 PAGE 1

2 Agenda INTRODUCTION CONCEPTS AND ISSUES EXPERIMENTAL MODEL PAGE 2

3 INTRODUCTION Risk Management and vulnerability analysis. MITM attacks, using ARP Spoofing in order to discuss the importance of protecting information stored in the Cloud PAGE 3

4 INTRODUCTION CONCEPTS AND ISSUES EXPERIMENTAL MODEL PAGE 4

5 Cloud Computing: Concepts and Issues Cloud Computing, gives the user many benefits with minimal management effort: Is not necessary to buy licensing contract Costs are reduced significantly Is not necessary the technical support Issues - Is not suitable to guarantee information s integrity, availability, and confidentiality of information - Even inside companies PAGE 5

6 Cloud Computing: Concepts and Issues Issues: - The information cannot be considered fully private - The lack of commitment of Cloud providers (SLA) - Cloud services are exposed to traditional threats PAGE 6

7 Providers cannot ensure Issues: - Cloud services are exposed to traditional threats ARP Spoofing - Either employees and customers can compromise IT security Man-In-The-Middle attacks PAGE 7

8 Agenda INTRODUCTION CONCEPTS AND ISSUES EXPERIMENTAL MODEL PAGE 8

9 Our research is focused on understanding the impact of ARP Spoofing, via a Man-I n-the-middle Attacks (MITM) as we propose that this vulnerability represents an important issue to consider within Cloud Infrastructures which can compromise information s integrity, availability, and confidentiality. PAGE 9

10 MITM Attack against a Experimental Storage Cloud PAGE 10

11 Performing MITM Attack against a Storage Cloud Service The intrusive machine (attacker) has installed Ettercap, DETECT Figure 2. Connection Request Reconnaissance with Ettercap Figure 3. Capturing FTP User Credentials with Ettercap and Embedded Wireshark PAGE 11 The MITM attack can start, and begin sniffing the connections in order to get the user credentials sent to the server. FTP storage cloud service is not protected and the connection requests can be intercepted through ARP Spoofing.

12 Mitigating MITM Attacks in Storage Cloud Infrastructures using arpon To mitigate this attack on the FTP Server 1, arpon runs as a service. Figure 4. Running arpon in the FTP Server 1 FTP Server 1 - arpon Installed FTP Server 2 - arpon not Installed Figure 5. Shielding the Storage Cloud form ARP Spoofing with arpon The connections made from the client to the server cannot be intercepted by Ettercap. However, on the FTP Server 2, there is no protection installed, was targeted again by Ettercap. PAGE 12

13 Conclusions and Recommendations This experimental Storage Cloud configuration allowed evaluating tools and simulating MITM attacks in order to propose a simple strategy for monitoring and mitigating ARP Spoofing in FTP Storage Cloud Services. This research made evident the importance of ensuring secure access, and a complete compliance with legal, governance and technical requirements that customers need to consider before moving to the Cloud. Cloud Computing involves risks and challenges around security which are not assessed until data breaches come out ->Cloud strategy: IT policies and establish response plans. In the cloud (public or private), implementation of intrusion detection and prevention solutions so that evasive vulnerabilities like ARP Spoofing can be detected. Also, implementing SSL through VPN channels PAGE 13

14 Thank You Presenter: Jaqueline Carmilema CyberSecurity for the Next Generation South American Round, Quito 31January 1 February, 2013 PAGE 14