Cloud Penetration Testing
نویسندگان
چکیده
This paper presents the results of a series of penetration tests performed on the OpenStack Essex Cloud Management Software. Several different types of penetration tests were performed including network protocol and command line fuzzing, session hijacking and credential theft. Using these techniques exploitable vulnerabilities were discovered that could enable an attacker to gain access to restricted information contained on the OpenStack server, or to gain full administrative privileges on the server. Key recommendations to address these vulnerabilities are to use a secure protocol, such as HTTPS, for communications between a cloud user and the OpenStack Horizon Dashboard, to encrypt all files that store user or administrative login credentials, and to correct a software bug found in the OpenStack Cinder typedelete command.
منابع مشابه
Moving Beyond Penetration Testing: Divide and Conquer
The move to the cloud brings a number of new security challenges, but the application remains your last line of defense. Engineers are extremely well poised to perform tasks critical for securing the application—provided that certain key obstacles are overcome. Cloud Shifts the Burden of Security to Development
متن کاملDesign and Implementation of a Privacy Preserved off-Premises Cloud Storage
Despite several cost-effective and flexible characteristics of cloud computing, some clients are reluctant to adopt this paradigm due to emerging security and privacy concerns. Organization such as Healthcare and Payment Card Industry where confidentiality of information is a vital act, are not assertive to trust the security techniques and privacy policies offered by cloud service providers. M...
متن کاملTechnical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for providing a reliable distributed computing model.it is increasing attracting huge attention both in academic research and industrial initiatives. Cloud deployments are paramount for institution and organizations of all scales. The availability of a flexible, free open source cloud platform designed with no propriety s...
متن کاملبررسی تأثیرات رایانش ابری بر یادگیری الکترونیکی
In the world of training, online training is introduced as a modern model of training services. Cloud computing is a modern technology which is provided software, infrastructure and platform as internet. Also, online training is introduced as a modern model of training services on the web. In this research, the impact of cloud computing on e-learning on the case of Mehralborz online university ...
متن کاملThe greenhouse gas abatement potential of enterprise cloud computing
In this paper we present a dynamic, country level model and methodology to determine the energy related Green House Gas (GHG) abatement potential of cloud computing. The methodology presented includes variables for market penetration, organisation size and organisational adoption of on-premise and cloud computing. Using the current enterprise cloud service applications of email, customer relati...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1301.1912 شماره
صفحات -
تاریخ انتشار 2012