Cloud computing vulnerabilities
Session riding occurs when an online attacker steals an internet user’s cookie to use the application later as the real user. The attackers might also use the CSRF attacks for them to trick the user to send authentic requests to random websites to accomplish various missions.
Virtual Machine Escape
Within virtualized settings, the physical servers operate multiple virtual apparatuses on top of the hypervisors. An online attacker can remotely exploit a hypervisor by using a weakness present in that particular hypervisor. However, such vulnerabilities are pretty rare, but they are real. Also, a virtual machine can avoid the virtualized sandbox setting to gain access to the hypervisor. Consequently, all the virtual machines ultimately run on the virtual machine.
Cryptography algorithms normally use random number generators. They use unpredictable information sources to produce actual random numbers that are needed to get a large entropy pool. When the random number generators provide only a limited entropy pool, the numbers can be forced. In a client’s computer, the major source of randomization is user mouse operations and the key presses. Servers however normally operate without user interaction. That consequently means that there will be a lower number of sources for randomization. Hence, the virtual machines usually rely on the sources that are available to them. That could lead to easily guessable numbers that do not give much uncertainty in cryptographic algorithms.
You have to choose a provider that has guarantee cloud security will enable you to shift easily to another provider when necessary. You do not want to choose a CSP that will force you to use its services. That is because sometimes you would prefer to use a CSP in one thing and another CSP for something different.
Cloud computing threats
Before you decide to shift to the cloud computing, you have to put into consideration the platform’s security vulnerabilities. You also need to assess the possible threats to determine whether the cloud platform is worth the risk due to the numerous advantages it has to offer. The following are the major security threats experienced regarding cloud security.
Ease of Use
It is a reality that cloud computing services can easily be exploited by malicious attackers since its registration process is pretty simple. You are only required to have valid credit card to get started on this platform. In some cases, you can even pay for the cloud computing charges by through PayPal, Payza, Bitcoin, Western Union or Litecoin. By using the payment methods, you can stay completely anonymous. The cloud platform can be used maliciously for various ill purposes like malware distribution, botnet C&C servers, spamming, DDoS, hash cracking and password cracking.
Secure Data Transmission
When sending the data from clients to a cloud computing platform, the data can be transferred by using a secure, encrypted communication channel such as SSL/TLS. That prevents various attacks like the dreaded MITM. During these attacks, your online data could be stolen by an attacker intercepting your communication.
Most cloud services are exposed by their application programming interfaces. Since the APIs are easily accessible from any location on the Internet, malicious attackers can exploit them to compromise the integrity and confidentiality of the internet users. An attacker has access to a token used by a legit user to access the service through cloud computing. The API can apply the same token to interfere with the customer data. Hence, it is imperative that all cloud services provide a safe API to prevent such attacks.
It is possible for a staff member at a cloud service provider to have complete access to your confidential resources. Therefore, cloud service providers should set proper security measures to track their employee actions. Normally, cloud service providers never follow the best security procedures and fail to implement security policies. Hence, their employees can collect confidential information from customers without getting detected.