云计算安全 Cloud Computing Security

  • View
    64

  • Download
    0

Embed Size (px)

DESCRIPTION

Cloud Computing Security. . . . . . 1 CSDN . 2011 CSDN . 2 . - PowerPoint PPT Presentation

Transcript

1

Cloud Computing Security: 35-47pt24-28pt Proprietary Confidential Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary Confidential: 30-32pt20-22pt Proprietary Confidential: 30-32pt20-22pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt1CSDN2011CSDN

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt2 201135

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt320112

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt4QQQQ5QQQQ20119QQQQ

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt5XSS20116288VXSSXSS

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt6 AndroidAndroidAndroid2011

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt2011

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptConfigentialityIntegrityNon-repudiationAvailability Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt7

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptClaimantVerifierAIAuthentication Information(Trusted Third Party)AIAIAIAIAI Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptWhat you know What you have What you are

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptCHAP(Challenge and Response Handshake protocol)

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptid Security label RoletypeSecurity label subjectobject Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt,, ,.

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Oj S0re S1rS2eSmrewSj O0orew O1rO2eOmrew Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptSymmetric CryptosystemOne-KeyPrivate KeyClassical CryptosystemAsymmetric CryptosystemTwo-KeyPublic Key

1234 Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt1 (stream cipher) RC4A5(GSM) 2 (block cipher)DESDESRC2AES

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt1RSA--2DSA--3ECC--

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptInternetIntranet

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

&NATVPNIDS Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt Proprietary Confidential: 30-32pt20-22pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt ---- ----

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptNIST53SaaS/PaaS/IaaS4Public/Private/Hybird/Community

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt160,000CPU 320,000500 Gbps

500,000CPU 1,000,0001500 Gbps

6,400,000CONFICKERCPU 18,000,00028 TB230 / Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

12009272011412Amazon22009317MicrosoftAzure2220109MicorsoftBPOP3200922420113GoogleGmail420096Rackspace520101Saleforce.com168620103VMwareTerremark7720106Intuit2 Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptIDC2009IDC2008

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptSLAIT Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

SaaSPaaSIaaS Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt12%

McAfeeEMCRSA Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

+Security inCloud ComputingSecurity as aCloud Sevice Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary Confidential: 30-32pt20-22pt199375Peter Steiner

On the Internet, nobody knows youre a dog Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

1 Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

1

2???? Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt49Inter-VM AttacksTraditional network security devices cannot detect or contain malicious inter-VM traffic.

49

Active

Dormant

Active,

3 Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt50Instant-on gapsGiven how quickly a new VM can be brought online, it is all but impossible to consistently provision security to these instant-on VMs, and keep it up-to-date.Dormant VMs can eventually deviate so far from the baseline that merely powering them on introduces a massive security hole on a network.

50

3:00am

4 Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt51Resource contention In virtualized environments, there are certain resource-intensive operations that can quickly result in an extreme load on the system:If several, or all, VMs start a full anti-malware scan at the same time, the underlying shared hardware will experience extreme load, causing a slowdown of all virtual systems on the server. Large pattern file updates require significant memory and can impact network and storage I/O resources.

51

5 Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt52Perimeter disappearsYour perimeter disappears, and now these security mechanisms are under the cloud service providers control, not yours.

52

6

1001001101101100

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt53Data access rightsWith public cloud computing, administrative access is conducted via the Internet, increasing exposure and risk. How can you restrict administrative access and monitor this access to maintain visibility of changes in system control?53

7

100110111000101

100110111000101

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt1Cloud Computing is just a New Business Model and is not a new set of technologies. It is broader combination of the existing technologies.2) Most of security threats which are currently recognized in the existing business are directly taking over in the Cloud environment. -----CSO

1Security control in cloud computing are, for the most Part, no different than security controls in any IT environment.However, because of the cloud service models employed, theOperational model, and the technologies used to enable cloud Services, cloud computing may present different risks to an Organization than traditional IT solutions. -----

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptIT

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt,CIA/FWIDS/DPI Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt20086Gartner20093CSA123456712API34567 Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt/ Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary Confidential: 30-32pt20-22pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt

Cloud security Standards are like parachutes. Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18ptCSA

20094 RSA100+23000+50+CSA20109

[Website]http://www.cloudsecurityalliance.org [LinkedIn Group]http://www.linkedin.com/groups?gid=1864210[Google Groups]http://groups.google.com/group/cloudsecurityalliance?hl=en

Proprietary ConfidentialTheme1Theme2Theme3Theme4: 30-32pt20-22pt(2-5)18pt--1CSA Research GuideCSACSA200912v2.12011Q3v3Governance and Enterprise Risk ManagementLegal and Electronic DiscoveryCompliance and AuditInformation Lifecycle ManagementPortability and InteroperabilitySecurity, Bus. Cont,, and Disaster RecoveryData Center OperationsIncident Response, Notification, RemediationApplication SecurityEncryption and Key ManagementIdentity and Access ManagementVirtualizationCloud ArchitectureOperating in the Clo